From 7a24e7507a366c6068edea0e416683c9a4f646a1 Mon Sep 17 00:00:00 2001 From: Emmet Date: Sun, 25 Feb 2024 11:43:35 -0600 Subject: [PATCH 01/15] Added hardening script for security --- harden.sh | 29 +++++++++++++++++++++++++++++ install.org | 6 ++++++ 2 files changed, 35 insertions(+) create mode 100755 harden.sh diff --git a/harden.sh b/harden.sh new file mode 100755 index 0000000..ccd80b3 --- /dev/null +++ b/harden.sh @@ -0,0 +1,29 @@ +#!/bin/sh + +# This will harden the security of these dotfiles, preventing +# unpriveleged users from editing system-level (root configuration) +# files maliciously + +# Run this inside of ~/.dotfiles (or whatever directory you installed +# the dotfiles to) + +# Run this as root! + +# BTW, this assumes your user account has a PID/GID of 1000 + +# After running this, the command `nix flake update` will require root + +if [ "$#" = 1 ]; then + dotfilesDir=$1; +else + dotfilesDir=$(pwd); +fi +pushd $dotfilesDir &> /dev/null; +chown -R root:root system; +chown -R root:root patches; +chown root:root flake.lock; +chown root:root flake.nix +chown root:root profiles/*/configuration.nix; +chown 1000:users **/README.org; +chown root:root harden.sh; +popd &> /dev/null; diff --git a/install.org b/install.org index f9c98ec..8b0e711 100644 --- a/install.org +++ b/install.org @@ -72,3 +72,9 @@ If it fails with something to the effect of "could not download {some image file I have included a script in the [[./themes][themes directory]] named [[./themes/background-test.sh][background-test.sh]] which performs a rough test on every theme background url, reporting which are broken. If you're having this error, navigate to the [[./flake.nix][flake.nix]] and select any theme with a good background wallpaper link. As long as it is able to download the new wallpaper, it should be able to build. + +*** Do I have to put the configuration files in =~/.dotfiles=? +No. You can put them in literally any directory you want. I just prefer to use =~/.dotfiles= as a convention. If you change the directory, do keep in mind that the above scripts must be modified, replacing =~/.dotfiles= with whatever directory you want to install them to. + +*** So I cloned these dotfiles into ~/.dotfiles, and now there are system-level files owned by my user account.. HOW IS THIS SECURE?! +If you're worried about someone modifying your system-level (root configuration) files as your unpriveleged user, see [[./harden.sh][harden.sh]]. From b2e631f41577416b6b2fe6e431879b2495c9ebd8 Mon Sep 17 00:00:00 2001 From: Emmet Date: Sun, 25 Feb 2024 12:01:59 -0600 Subject: [PATCH 02/15] Testing updated install steps and automated install script --- flake.nix | 25 ++++++++++++++++++++++ install.org | 61 ++++++++++++++++++++++++----------------------------- install.sh | 13 ++++++++++++ 3 files changed, 66 insertions(+), 33 deletions(-) create mode 100644 install.sh diff --git a/flake.nix b/flake.nix index 520814a..5c42feb 100644 --- a/flake.nix +++ b/flake.nix @@ -67,6 +67,20 @@ # configure lib lib = nixpkgs.lib; + # Systems that can run tests: + supportedSystems = [ + "aarch64-linux" + "i686-linux" + "x86_64-linux" + ]; + + # Function to generate a set based on supported systems: + forAllSystems = inputs.nixpkgs.lib.genAttrs supportedSystems; + + # Attribute set of nixpkgs for each system: + nixpkgsFor = forAllSystems (system: + import inputs.nixpkgs { inherit system; }); + in { homeConfigurations = { user = home-manager.lib.homeManagerConfiguration { @@ -107,6 +121,17 @@ }; }; }; + + packages = forAllSystems (system: + let pkgs = nixpkgsFor.${system}; in + { + default = self.packages.${system}.install; + + install = pkgs.writeShellApplication { + name = "install"; + text = builtins.readFile ./install.sh; + }; + }); }; inputs = { diff --git a/install.org b/install.org index 8b0e711..93b40ad 100644 --- a/install.org +++ b/install.org @@ -3,7 +3,30 @@ These are just some simple install notes for myself (in-case I have to reinstall unexpectedly). -** Install Notes for Myself +** Automated Install Script (Experimental) +I wrote a quick automated install script at [[./install.sh][install.sh]]. It essentially just runs the following manual install steps and hardens the security of the system-level (root configuration) files using [[./harden.sh][harden.sh]]. + +I'll eventually™ add the ability to supply arguments to this script as well. + +It can either be run after cloning the dotfiles to =~/.dotfiles= with: +#+BEGIN_SRC sh :noeval +git clone https://gitlab.com/librephoenix/nixos-config.git ~/.dotfiles +~/.dotfiles/install.sh +#+END_SRC + +or it can be run directly from git using nix-run: +#+BEGIN_SRC sh :noeval +nix-run gitlab:librephoenix/nixos-config +#+END_SRC + +At this time, this only works on an existing NixOS install. + +Future plans: +- [ ] Be able to install directly from NixOS iso +- [ ] Be able to install just home-manager config to a non-NixOS Linux distro +- [ ] ??? (open up an issue if you think there is anything else I should try to figure out) + +** Manual Install Notes To get this running on a NixOS system, start by cloning the repo: #+BEGIN_SRC sh :noeval git clone https://gitlab.com/librephoenix/nixos-config.git ~/.dotfiles @@ -11,8 +34,7 @@ git clone https://gitlab.com/librephoenix/nixos-config.git ~/.dotfiles To get the hardware configuration on a new system, either copy from =/etc/nixos/hardware-configuration.nix= or run: #+BEGIN_SRC sh :noeval -cd ~/.dotfiles -sudo nixos-generate-config --show-hardware-config > system/hardware-configuration.nix +sudo nixos-generate-config --show-hardware-config > ~/.dotfiles/system/hardware-configuration.nix #+END_SRC Also, if you have a differently named user account than my default (=emmet=), you /must/ update the following lines in the let binding near the top of the [[./flake.nix][flake.nix]]: @@ -30,41 +52,14 @@ There are many more config options there that you may also want to change as wel Once the variables are set, then switch into the system configuration by running: #+BEGIN_SRC sh :noeval -cd ~/.dotfiles -sudo nixos-rebuild switch --flake .#system +sudo nixos-rebuild switch --flake ~/.dotfiles#system #+END_SRC -Home manager can be installed with: +Home manager can be installed and the configuration activated with: #+BEGIN_SRC sh :noeval -nix-channel --add https://github.com/nix-community/home-manager/archive/master.tar.gz home-manager -nix-channel --update -nix-shell '' -A install +nix run home-manager/master -- switch --flake ~/.dotfiles#user #+END_SRC -If home-manager starts to not cooperate, it may be because the unstable branch of nixpkgs is in the Nix channel list. This can be fixed via: -#+BEGIN_SRC sh :noeval -nix-channel --add https://nixos.org/channels/nixpkgs-unstable -nix-channel --update -#+END_SRC - -Home-manager may also not work without re-logging back in after it has been installed. - -Once home-manager is running, my home-manager configuration can be installed with: -#+BEGIN_SRC sh :noeval -cd ~/.dotfiles -home-manager switch --flake .#user -#+END_SRC - -This loads in my convenience script =phoenix= (still a WIP), which replaces frequently used nix and nixos commands with more user friendly ones, namely: -- =phoenix sync= to build and switch system and home configuration - - =phoenix sync system= to build and switch only system configuration - - =phoenix sync user= to build and switch only home configuration -- =phoenix update= to update flake inputs -- =phoenix gc= to garbage collect - - If no argument is given, it cleans anything older than 30 days - - If a time argument is supplied (i.e. 10d), it cleans stuff older than that (10 days in this example) - - If the argument =full= is given, it deletes /all/ previous generations - ** FAQ *** =home-manager switch --flake .#user= Command Fails If it fails with something to the effect of "could not download {some image file}" then that just means that one of my themes is having trouble downloading the background image. To conserve on space in the repo, my themes download the relevant wallpapers directly from their source, but that also means that if the link is broken, =home-manager switch= fails. diff --git a/install.sh b/install.sh new file mode 100644 index 0000000..1c38197 --- /dev/null +++ b/install.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +# Automated script to install my dotfiles + +nix-shell -p git --command "git clone https://gitlab.com/librephoenix/nixos-config ~/.dotfiles" +sudo nixos-generate-config --show-hardware-config > ~/.dotfiles/system/hardware-configuration.nix +if [ -z "$EDITOR" ]; then + EDITOR=nano; +fi +$EDITOR ~/.dotfiles/flake.nix; +sudo nixos-rebuild switch --flake ~/.dotfiles#system; +nix run home-manager/master -- switch --flake ~/.dotfiles#user; +sudo ~/.dotfiles/harden.sh; From 182645e1eaf91d08c6c46f000f286ab3c4431d78 Mon Sep 17 00:00:00 2001 From: Emmet Date: Sun, 25 Feb 2024 12:14:05 -0600 Subject: [PATCH 03/15] Testing fixes for automated install --- flake.nix | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index 5c42feb..b602c25 100644 --- a/flake.nix +++ b/flake.nix @@ -1,10 +1,10 @@ { description = "Flake of LibrePhoenix"; - outputs = { self, nixpkgs, nixpkgs-stable, home-manager, nix-doom-emacs, nix-straight, + outputs = inputs@{ self, nixpkgs, nixpkgs-stable, home-manager, nix-doom-emacs, nix-straight, stylix, blocklist-hosts, rust-overlay, hyprland-plugins, eaf, eaf-browser, org-nursery, org-yaap, - org-side-tree, org-timeblock, phscroll, ... }@inputs: + org-side-tree, org-timeblock, phscroll, ... }: let # ---- SYSTEM SETTINGS ---- # systemSettings = { @@ -132,6 +132,20 @@ text = builtins.readFile ./install.sh; }; }); + + apps = forAllSystems (system: { + default = self.apps.${system}.install; + + demo = { + type = "app"; + program = "${self.packages.${system}.demo}/bin/run-plasma-demo-vm"; + }; + + install = { + type = "app"; + program = "${self.packages.${system}.install}/bin/install"; + }; + }); }; inputs = { From 3315322eacff78911c6450eeee8ec67b6415981a Mon Sep 17 00:00:00 2001 From: Emmet Date: Sun, 25 Feb 2024 12:30:39 -0600 Subject: [PATCH 04/15] Testing update to auto install --- flake.nix | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/flake.nix b/flake.nix index b602c25..afed8b7 100644 --- a/flake.nix +++ b/flake.nix @@ -127,20 +127,12 @@ { default = self.packages.${system}.install; - install = pkgs.writeShellApplication { - name = "install"; - text = builtins.readFile ./install.sh; - }; + install = pkgs.writeScriptBin "install" ./install.sh; }); apps = forAllSystems (system: { default = self.apps.${system}.install; - demo = { - type = "app"; - program = "${self.packages.${system}.demo}/bin/run-plasma-demo-vm"; - }; - install = { type = "app"; program = "${self.packages.${system}.install}/bin/install"; From 83a12f648611609e6a8f4d69d2e5187798e578a0 Mon Sep 17 00:00:00 2001 From: Emmet Date: Sun, 25 Feb 2024 12:31:46 -0600 Subject: [PATCH 05/15] Another test via git --- install.sh | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/install.sh b/install.sh index 1c38197..9e0efb1 100644 --- a/install.sh +++ b/install.sh @@ -2,12 +2,14 @@ # Automated script to install my dotfiles -nix-shell -p git --command "git clone https://gitlab.com/librephoenix/nixos-config ~/.dotfiles" -sudo nixos-generate-config --show-hardware-config > ~/.dotfiles/system/hardware-configuration.nix -if [ -z "$EDITOR" ]; then - EDITOR=nano; -fi -$EDITOR ~/.dotfiles/flake.nix; -sudo nixos-rebuild switch --flake ~/.dotfiles#system; -nix run home-manager/master -- switch --flake ~/.dotfiles#user; -sudo ~/.dotfiles/harden.sh; +echo "echo works" + +# nix-shell -p git --command "git clone https://gitlab.com/librephoenix/nixos-config ~/.dotfiles" +# sudo nixos-generate-config --show-hardware-config > ~/.dotfiles/system/hardware-configuration.nix +# if [ -z "$EDITOR" ]; then +# EDITOR=nano; +# fi +# $EDITOR ~/.dotfiles/flake.nix; +# sudo nixos-rebuild switch --flake ~/.dotfiles#system; +# nix run home-manager/master -- switch --flake ~/.dotfiles#user; +# sudo ~/.dotfiles/harden.sh; From 46e087888770c7fa9d548972416f46cb4a5c31f4 Mon Sep 17 00:00:00 2001 From: Emmet Date: Sun, 25 Feb 2024 12:43:55 -0600 Subject: [PATCH 06/15] Forgot to make install script +x --- install.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 install.sh diff --git a/install.sh b/install.sh old mode 100644 new mode 100755 From 2414b7ff8f6ff14a95acf20116755da0b0d7b690 Mon Sep 17 00:00:00 2001 From: Emmet Date: Sun, 25 Feb 2024 12:46:14 -0600 Subject: [PATCH 07/15] Another test? --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index afed8b7..39e18a1 100644 --- a/flake.nix +++ b/flake.nix @@ -127,7 +127,7 @@ { default = self.packages.${system}.install; - install = pkgs.writeScriptBin "install" ./install.sh; + install = pkgs.writeScriptBin "install" (bultins.readFile ./install.sh); }); apps = forAllSystems (system: { From 87ac5733312d2866d0b93d53fb013263a14fb0bd Mon Sep 17 00:00:00 2001 From: Emmet Date: Sun, 25 Feb 2024 12:51:46 -0600 Subject: [PATCH 08/15] Running another test? --- flake.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 39e18a1..99037f7 100644 --- a/flake.nix +++ b/flake.nix @@ -127,7 +127,9 @@ { default = self.packages.${system}.install; - install = pkgs.writeScriptBin "install" (bultins.readFile ./install.sh); + install = pkgs.writeScriptBin "install" '' + echo "echo works" + ''; }); apps = forAllSystems (system: { From e757a950bfc57af9534994577fd2c9b3bd936faf Mon Sep 17 00:00:00 2001 From: Emmet Date: Sun, 25 Feb 2024 13:04:02 -0600 Subject: [PATCH 09/15] Retesting install.sh as script bin --- flake.nix | 4 +--- install.sh | 20 +++++++++----------- 2 files changed, 10 insertions(+), 14 deletions(-) diff --git a/flake.nix b/flake.nix index 99037f7..afed8b7 100644 --- a/flake.nix +++ b/flake.nix @@ -127,9 +127,7 @@ { default = self.packages.${system}.install; - install = pkgs.writeScriptBin "install" '' - echo "echo works" - ''; + install = pkgs.writeScriptBin "install" ./install.sh; }); apps = forAllSystems (system: { diff --git a/install.sh b/install.sh index 9e0efb1..1c38197 100755 --- a/install.sh +++ b/install.sh @@ -2,14 +2,12 @@ # Automated script to install my dotfiles -echo "echo works" - -# nix-shell -p git --command "git clone https://gitlab.com/librephoenix/nixos-config ~/.dotfiles" -# sudo nixos-generate-config --show-hardware-config > ~/.dotfiles/system/hardware-configuration.nix -# if [ -z "$EDITOR" ]; then -# EDITOR=nano; -# fi -# $EDITOR ~/.dotfiles/flake.nix; -# sudo nixos-rebuild switch --flake ~/.dotfiles#system; -# nix run home-manager/master -- switch --flake ~/.dotfiles#user; -# sudo ~/.dotfiles/harden.sh; +nix-shell -p git --command "git clone https://gitlab.com/librephoenix/nixos-config ~/.dotfiles" +sudo nixos-generate-config --show-hardware-config > ~/.dotfiles/system/hardware-configuration.nix +if [ -z "$EDITOR" ]; then + EDITOR=nano; +fi +$EDITOR ~/.dotfiles/flake.nix; +sudo nixos-rebuild switch --flake ~/.dotfiles#system; +nix run home-manager/master -- switch --flake ~/.dotfiles#user; +sudo ~/.dotfiles/harden.sh; From 4d966ad749c641031501d46f0ef9c425215c8621 Mon Sep 17 00:00:00 2001 From: Emmet Date: Sun, 25 Feb 2024 13:50:11 -0600 Subject: [PATCH 10/15] Extra failsafes and explanation for autoinstall --- install.org | 50 +++++++++++++++++++++++++++++++++++++++++--------- install.sh | 4 +++- 2 files changed, 44 insertions(+), 10 deletions(-) diff --git a/install.org b/install.org index 93b40ad..8e0d341 100644 --- a/install.org +++ b/install.org @@ -4,30 +4,62 @@ These are just some simple install notes for myself (in-case I have to reinstall unexpectedly). ** Automated Install Script (Experimental) +*** Install Directly From Git I wrote a quick automated install script at [[./install.sh][install.sh]]. It essentially just runs the following manual install steps and hardens the security of the system-level (root configuration) files using [[./harden.sh][harden.sh]]. I'll eventually™ add the ability to supply arguments to this script as well. -It can either be run after cloning the dotfiles to =~/.dotfiles= with: +The quickest way to install is running the install script directly from the remote git repo using =nix-run=, which is essentially just one of the following: +#+BEGIN_SRC sh :noeval +# Install from gitlab +nix-run gitlab:librephoenix/nixos-config + +# Or install from github +nix-run github:librephoenix/nixos-config + +# Or install from codeberg +nix-run git+https://codeberg.org/librephoenix/nixos-config +#+END_SRC + +The script will ask for sudo permissions at certain points, /but you should not run the script as root/. + +If the above =nix-run= command gives you an error, odds are you either don't have =git= installed, or you haven't enabled the experimental features in your Nix config (=nix-command= and =flakes=). To get the command to install properly, you can first enter a shell with =git= available using: +#+begin_src sh :noeval +nix-shell -p git +#+end_src +and then running: +#+BEGIN_SRC sh :noeval +nix-run gitlab:librephoenix/nixos-config --extra-experimental-features nix-command --extra-experimental-features flakes +#+END_SRC + +And if you want a single copy-paste solution: +#+begin_src sh :noeval +nix-shell -p git --command "nix-run gitlab:librephoenix/nixos-config --extra-experimental-features nix-command --extra-experimental-features flakes" +#+end_src + +At a certain point in the install script it will open =nano= (or whatever your $EDITOR is set to) and ask you to edit the =flake.nix=. You can edit as much or as little of the config variables as you like, and it will continue the install after you exit the editor. + +*** Install From Local Git Clone +The dotfiles can be installed after cloning the repo into =~/.dotfiles= using: #+BEGIN_SRC sh :noeval git clone https://gitlab.com/librephoenix/nixos-config.git ~/.dotfiles ~/.dotfiles/install.sh #+END_SRC -or it can be run directly from git using nix-run: -#+BEGIN_SRC sh :noeval -nix-run gitlab:librephoenix/nixos-config -#+END_SRC +At a certain point in the install script it will open =nano= (or whatever your $EDITOR is set to) and ask you to edit the =flake.nix=. You can edit as much or as little of the config variables as you like, and it will continue the install after you exit the editor. -At this time, this only works on an existing NixOS install. +*** Automatic Install Script Limitations +At this time, this only works on an existing NixOS install. It also only works if the dotfiles are cloned into =~/.dotfiles=. -Future plans: +Future upgrade plans: - [ ] Be able to install directly from NixOS iso - [ ] Be able to install just home-manager config to a non-NixOS Linux distro - [ ] ??? (open up an issue if you think there is anything else I should try to figure out) -** Manual Install Notes -To get this running on a NixOS system, start by cloning the repo: +** Manual Install Procedure +If you instead want to install this manually to see all the steps (kind of like an Arch install before the archinstall script existed), you can follow this following procedure: + +Start by cloning the repo: #+BEGIN_SRC sh :noeval git clone https://gitlab.com/librephoenix/nixos-config.git ~/.dotfiles #+END_SRC diff --git a/install.sh b/install.sh index 1c38197..7e359e5 100755 --- a/install.sh +++ b/install.sh @@ -4,10 +4,12 @@ nix-shell -p git --command "git clone https://gitlab.com/librephoenix/nixos-config ~/.dotfiles" sudo nixos-generate-config --show-hardware-config > ~/.dotfiles/system/hardware-configuration.nix +sed -i "0,/emmet/s//$(whoami)/" flake.nix +sed -i "0,/Emmet/s//$(getent passwd $(whoami) | cut -d ':' -f 5 | cut -d ',' -f 1)/" flake.nix if [ -z "$EDITOR" ]; then EDITOR=nano; fi $EDITOR ~/.dotfiles/flake.nix; sudo nixos-rebuild switch --flake ~/.dotfiles#system; -nix run home-manager/master -- switch --flake ~/.dotfiles#user; +nix run home-manager/master --extra-experimental-features nix-command --extra-experimental-features flakes -- switch --flake ~/.dotfiles#user; sudo ~/.dotfiles/harden.sh; From 4e55cc591986fcedbff605832a5ee323ea7c50c4 Mon Sep 17 00:00:00 2001 From: Emmet Date: Sun, 25 Feb 2024 15:38:51 -0600 Subject: [PATCH 11/15] Fixed my boot partition location to be more "standard" --- profiles/homelab/configuration.nix | 2 +- profiles/work/configuration.nix | 2 +- system/hardware-configuration.nix | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/profiles/homelab/configuration.nix b/profiles/homelab/configuration.nix index ae284a3..8a9b382 100644 --- a/profiles/homelab/configuration.nix +++ b/profiles/homelab/configuration.nix @@ -31,7 +31,7 @@ # Bootloader boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - boot.loader.efi.efiSysMountPoint = "/boot/efi"; + boot.loader.efi.efiSysMountPoint = "/boot"; # Networking networking.hostName = systemSettings.hostname; # Define your hostname. diff --git a/profiles/work/configuration.nix b/profiles/work/configuration.nix index 0119f81..9ddf2cd 100644 --- a/profiles/work/configuration.nix +++ b/profiles/work/configuration.nix @@ -48,7 +48,7 @@ # Bootloader boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - boot.loader.efi.efiSysMountPoint = "/boot/efi"; + boot.loader.efi.efiSysMountPoint = "/boot"; # Networking networking.hostName = systemSettings.hostname; # Define your hostname. diff --git a/system/hardware-configuration.nix b/system/hardware-configuration.nix index 8b7fd7c..fa864e7 100644 --- a/system/hardware-configuration.nix +++ b/system/hardware-configuration.nix @@ -26,7 +26,7 @@ boot.initrd.luks.devices."luks-385106b5-71f7-460e-9a2b-2416f3b54cb6".device = "/dev/disk/by-uuid/385106b5-71f7-460e-9a2b-2416f3b54cb6"; - fileSystems."/boot/efi" = + fileSystems."/boot" = { device = "/dev/disk/by-uuid/F09D-73C9"; fsType = "vfat"; }; From d12af77645ca37620da70a8f9fbc492dfc988b17 Mon Sep 17 00:00:00 2001 From: Emmet Date: Sun, 25 Feb 2024 15:42:31 -0600 Subject: [PATCH 12/15] Updated install about bios vs uefi problems --- install.org | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/install.org b/install.org index 8e0d341..ed80ccb 100644 --- a/install.org +++ b/install.org @@ -49,16 +49,18 @@ git clone https://gitlab.com/librephoenix/nixos-config.git ~/.dotfiles At a certain point in the install script it will open =nano= (or whatever your $EDITOR is set to) and ask you to edit the =flake.nix=. You can edit as much or as little of the config variables as you like, and it will continue the install after you exit the editor. *** Automatic Install Script Limitations -At this time, this only works on an existing NixOS install. It also only works if the dotfiles are cloned into =~/.dotfiles=. +At this time, this only works on an existing NixOS install. It also only works if the dotfiles are cloned into =~/.dotfiles=. It also only works on UEFI, not on BIOS :( Future upgrade plans: - [ ] Be able to install directly from NixOS iso - [ ] Be able to install just home-manager config to a non-NixOS Linux distro +- [ ] Be able to detect UEFI or BIOS and switch config as needed - [ ] ??? (open up an issue if you think there is anything else I should try to figure out) ** Manual Install Procedure If you instead want to install this manually to see all the steps (kind of like an Arch install before the archinstall script existed), you can follow this following procedure: +*** Clone Repo and Modify Configuration Start by cloning the repo: #+BEGIN_SRC sh :noeval git clone https://gitlab.com/librephoenix/nixos-config.git ~/.dotfiles @@ -82,11 +84,16 @@ let There are many more config options there that you may also want to change as well. +*** Rebuild and Switch System Config Once the variables are set, then switch into the system configuration by running: #+BEGIN_SRC sh :noeval sudo nixos-rebuild switch --flake ~/.dotfiles#system #+END_SRC +The build will fail if you are booting from BIOS instead of UEFI. +# TODO write instructions on how to fix that + +*** Intall and Switch Home Manager Config Home manager can be installed and the configuration activated with: #+BEGIN_SRC sh :noeval nix run home-manager/master -- switch --flake ~/.dotfiles#user From f97b25e547c3dd2ba6f32428d5cb5dacb484ce63 Mon Sep 17 00:00:00 2001 From: Emmet Date: Sun, 25 Feb 2024 15:44:34 -0600 Subject: [PATCH 13/15] More precise todo comment --- install.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install.org b/install.org index ed80ccb..daba5aa 100644 --- a/install.org +++ b/install.org @@ -91,7 +91,7 @@ sudo nixos-rebuild switch --flake ~/.dotfiles#system #+END_SRC The build will fail if you are booting from BIOS instead of UEFI. -# TODO write instructions on how to fix that +# TODO write instructions on how to fix install on bios instead of uefi *** Intall and Switch Home Manager Config Home manager can be installed and the configuration activated with: From b22e6e1f636e93bfdb4b2dca3471dbea47377a7e Mon Sep 17 00:00:00 2001 From: Emmet Date: Sun, 25 Feb 2024 15:50:21 -0600 Subject: [PATCH 14/15] Added install tldr to main readme --- README.org | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.org b/README.org index 27890bd..9217edf 100644 --- a/README.org +++ b/README.org @@ -21,6 +21,11 @@ Using this I have [[./themes][55+ themes]] (I add more sometimes) I can switch b ** Install I wrote some reinstall notes for myself [[./install.org][here (install.org)]]. +TLDR: You should™ be able to install my dotfiles to an existing UEFI NixOS system with the following script: +#+begin_src sh :noeval +nix-shell -p git --command "nix-run gitlab:librephoenix/nixos-config --extra-experimental-features nix-command --extra-experimental-features flakes" +#+end_src + ** Modules Separate Nix files can be imported as modules using an import block: #+BEGIN_SRC nix From dfd04d8b1176c09f60119829870ef1cc3e06e957 Mon Sep 17 00:00:00 2001 From: Emmet Date: Sun, 25 Feb 2024 15:54:56 -0600 Subject: [PATCH 15/15] Fixed some phrasing of readme's --- README.org | 2 +- install.org | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.org b/README.org index 9217edf..273bfdc 100644 --- a/README.org +++ b/README.org @@ -13,7 +13,7 @@ These are my dotfiles (configuration files) for my NixOS setup(s). Here is my main setup: [[desktop.png]] -** My 55+ Themes +** My Themes [[https://github.com/danth/stylix#readme][Stylix]] (and [[https://github.com/SenchoPens/base16.nix#readme][base16.nix]], of course) is amazing, allowing you to theme your entire system with base16-themes. Using this I have [[./themes][55+ themes]] (I add more sometimes) I can switch between on-the-fly. Visit the [[./themes][themes directory]] for more info and screenshots! diff --git a/install.org b/install.org index daba5aa..670c173 100644 --- a/install.org +++ b/install.org @@ -5,7 +5,7 @@ These are just some simple install notes for myself (in-case I have to reinstall ** Automated Install Script (Experimental) *** Install Directly From Git -I wrote a quick automated install script at [[./install.sh][install.sh]]. It essentially just runs the following manual install steps and hardens the security of the system-level (root configuration) files using [[./harden.sh][harden.sh]]. +I wrote a quick automated install script at [[./install.sh][install.sh]]. It essentially just runs [[Manual Install Procedure][the manual install steps]] and additionally hardens the security of the system-level (root configuration) files using [[./harden.sh][harden.sh]]. I'll eventually™ add the ability to supply arguments to this script as well.