NOTE Shameless copy of hlissner's is slowly being warped into my own
Hey, you. You're finally awake. You were trying to configure your OS declaratively, right? Walked right into that NixOS ambush, same as us, and those dotfiles over there.
Disclaimer: This is not a community framework or distribution. It's a private configuration and an ongoing experiment to feel out NixOS. I make no guarantees that it will work out of the box for anyone but myself. It may also change drastically and without warning.
Until I can bend spoons with my nix-fu, please don't treat me like an authority or expert in the NixOS space. Seek help on the NixOS discourse instead.
Shell: | zsh + zgenom |
DM: | lightdm + lightdm-mini-greeter |
WM: | bspwm + polybar |
Editor: | Doom Emacs |
Terminal: | st |
Launcher: | rofi |
Browser: | firefox |
GTK Theme: | Ant Dracula |
-
Acquire NixOS 21.11 or newer:
# Yoink nixos-unstable wget -O nixos.iso https://channels.nixos.org/nixos-unstable/latest-nixos-minimal-x86_64-linux.iso # Write it to a flash drive cp nixos.iso /dev/sdX
-
Boot into the installer.
-
Switch to root user:
sudo su -
-
Do your partitions and mount your root to
/mnt
(for example). -
Install these dotfiles:
nix-shell -p git nixFlakes # Set HOST to the desired hostname of this system HOST=... # Set USER to your desired username (defaults to hlissner) USER=... git clone https://github.com/JordanFaust/dotfiles /etc/dotfiles git checkout main cd /etc/dotfiles # Create a host config in `hosts/` and add it to the repo: mkdir -p hosts/$HOST nixos-generate-config --root /mnt --dir /etc/dotfiles/hosts/$HOST rm -f hosts/$HOST/configuration.nix vim hosts/$HOST/default.nix # configure this for your system; don't use it verbatim! git add hosts/$HOST # Install nixOS USER=$USER nixos-install --root /mnt --impure --flake .#$HOST # If you get 'unrecognized option: --impure', replace '--impure' with # `--option pure-eval no`. # Then move the dotfiles to the mounted drive! mv /etc/dotfiles /mnt/etc/dotfiles
-
Then reboot and you're good to go!
⚠️ Don't forget to change yourroot
and$USER
passwords! They are set tonixos
by default.
- Setting Up Firefox
Not everything was setup for my firefox theme via the install. I use the following extensions:
- Tree Style Tab
- Facebook container
- Firefox Multi-Account Containers
- nightTab
- Hacker News Enhancement Suite
- Okta Browser Plugin
- Privacy Badger
Additionally Tree Style Tab must be updated with my specific configuration.
- Go to preferences and go to Advanced > Extra Styles
- Copy the content of ./firefox/treestyletab/custom.css and save it
- Go to Appearance and check "No Decoration"
- Go to Drag and Drop and set Drag to "Don nothing"
And I say, bin/hey
, what's going on?
Usage: hey [global-options] [command] [sub-options]
Available Commands:
check Run 'nix flake check' on your dotfiles
gc Garbage collect & optimize nix store
generations Explore, manage, diff across generations
help [SUBCOMMAND] Show usage information for this script or a subcommand
rebuild Rebuild the current system's flake
repl Open a nix-repl with nixpkgs and dotfiles preloaded
rollback Roll back to last generation
search Search nixpkgs for a package
show [ARGS...]
ssh HOST [COMMAND] Run a bin/hey command on a remote NixOS system
swap PATH [PATH...] Recursively swap nix-store symlinks with copies (and back).
test Quickly rebuild, for quick iteration
theme THEME_NAME Quickly swap to another theme module
update [INPUT...] Update specific flakes or all of them
upgrade Update all flakes and rebuild system
Options:
-d, --dryrun Don't change anything; perform dry run
-D, --debug Show trace on nix errors
-f, --flake URI Change target flake to URI
-h, --help Display this help, or help for a specific command
-i, -A, -q, -e, -p Forward to nix-env
The following steps can generate an SBOM and analyze the generate a list of packages that currently have unpached CVEs
Generate meta information used during SBOM generation:
nix-env -qa --meta --json '.*' > reports/meta.json
Generate SBOM:
sbomnix /run/current-system/sw/ --csv ./reports/sbom.csv --cdx ./reports/sbox.cdx.json --spdx ./reports/sbom.spdx.json --meta ./reports/meta.json
Scan for vulnerabilities from the generated SBOM:
grype sbom:./reports/sbom.spdx.json --add-cpes-if-none