Dotfiles

My dotfiles, as managed by Nix, now with 100% more flakes.

Setup

1. clone this repo somewhere on the machine
2. sudo nixos-rebuild switch --flake path/to/this/repo#machinename

Note that you must have one of my PGP private keys to decrypt secrets, so this setup isn't directly usable for people who aren't me. You should be able to use this repo as a reference to build your own configuration though if you're interested in using flakes to manage all configuration.

Repo structure

• flake.nix - the main configuration entrypoint for NixOS machines
  • the flake manifest imports configuration from all other nix expressions
    in the repo, such as home.nix
• flake.lock - lockfile for all flake dependencies, so that builds are
  reproducible across machines
• users/michael.nix - the home-manager
  configuration for my user on NixOS machines
  • this is where most of the configuration ends up, especially for user-space
    tools like sway, editors and browsers, etc.
  • documentation on all available options in home-manager can be found
    here
  • users/root.nix is much thinner, it's just git config for root
• .git-crypt and .gitattributes control which directories get encrypted
  by git-crypt, allowing me to host secrets in a public repo
• defaults/ contains configuration on a per-program basis
  • these configurations are typically imported by home.nix
• modules/common.nix is common NixOS configuration shared between machines
• machines/ contains directories for each NixOS machine I have with an overall
  machine-specific configuration.nix module and a hardware-specific
  hardware-configuration.nix module
  • mango and mango2 are custom-built desktop machines
• colorschemes/ has program-specific color schemes setup as nix attribute
  sets
• darwin/ darwin (MacOS) home-manager configuration

Some specifics

• I have my root device setup to use tmpfs
  • see this great guide
  • also see the impermanence project
  • this forces me to explicitly control what data I want stored in
    non-volatile memory, which helps give confidence that my configuration
    is fully described by nix and is reproducible across machines
  • this also reveals some annoyances like browsers asking to be defaults,
    and forces you to go find the configuration switch to turn off annoying
    behavior
  • I also use the home-manager integration so I have to be specific about
    what persists across reboots for my user. See users/michael.nix for the
    commented list.
• Non-volatile memory are luks-encrypted (including swaps but not /boot)
  • I recommend this gist
    as a guide
  • also see the NixOS full disk encryption
    wiki page
• Window manager: sway
  • Wayland support is actually not bad these days
  • I find Wayland more consistent and less buggy than X
• Nix flakes
  • they're experimental and it's not clear when/if they will become stable
  • they're good for projects you work on actively or update often
  • pretty much everything in @nix-community
    supports flakes
  • see the Flakes wiki page for more info
    about flakes

Exceptions

Using the nix profile command to install flakes is imperative and not reproducible across machines. I use it for anything I hack on, like helix where I'll make a fork, add a flake.nix if it's missing, and install it into the profile, making sure to push any branches of consequence.