Warning
Use at your own risk. I am updating this repository continuously, and much stuff will not work for you as I inject data (such as secrets, configs I want to protect, etc) only at runtime or during the build process. However, parts of the configuration can be useful to people (I hope), even if it is tailored to my (sometimes very specific) needs.
Supports quake terminals:
- Channel: NixOS unstable
- Package Manager:
nix - Window Manager:
hyprland - Bar:
waybar - Layered Keyboard Mapping:
kanata - Launcher:
rofi - GTK Theme:
Materia Material Dark - GTK Icon Theme:
Papirus Dark - Terminal:
ghostty - Multiplexer:
tmux - Shell:
fish - Editor:
neovim - Prompt:
starship - Audio:
pipewire,mpd,ncmpcpp
NOTE: the entire setup is optimized for shortcuts to be nice with a Colemak Mod-DH setup. Specifically I am running the following setup: https://github.com/f4z3r/zmk-config-piantor-bt
# update channels
sudo nix-channel --update
# update flake lock file
nix flake update
# rebuild system (impure needed due to external credentials for rclone)
sudo nixos-rebuild switch --impure --flake .#Themes cannot be implemented fully dynamically, as Nix's filesystems are read-only. Instead, you can
choose to switch between themes (dark or light) in ./flake.nix and rebuild. You will need to
reload the tmux configurations if a tmux instance is already running:
:source ~/.config/tmux/tmux.confThis also supports a fast switch of a theme that does not require rebuilding the configuration. For
this simply run light in any fish shell to swich the following applications to light theme:
- nvim
- ghostty
- fish
- tmux
Ghostty will not reload the configuration automatically. This can be triggered by pressing ctrl-..
The override can be cleared using clight.
See docs/bootstrap.md.
ClamAV should be instantiated and installed by default. In order to set up the folder for the quarantine, run the following:
sudo mkdir -p /root/quarantine
# needed to run once or the service will fail
sudo freshclamDownload the secrets.nix file from the encrypted storage. We do not use the standard way to add
secrets to the staging area without committing them, as it is a pain when pulling changes from other
machines. It is still documented here for completeness. A git hook will prevent committing the
secerts.nix file either way.
git add -N secrets.nix
git update-index --assume-unchanged secrets.nixNote
If encountering issues when pulling, it might make sense to run:
git update-index --really-refreshand continue from there.
Configure a rclone backend named gdrive. Store the rclone configuration under:
# can be found on proton drive
# ! do not use the same config as for sb sync actions, as that one is encrypted for additional
# protection !
/etc/nixos/rclone.confRclone is setup to sync the second brain between devices with an alias. In order to allow a simple
sync without having to trust google to not eavesdrop, all files within the second brain are passed
via the crypt encryption layer from Rclone before syncing. Both encryption and salt are protected
by 512bit passphrases. The encrypted configuration can be found in the proton drive.
# copy from the proton drive to local and change premissions
sudo chmod 600 ~/.config/rclone/rclone.conf
# check that there are at least the following backends configured:
# - gdrive (used by restic directly, restic does encryption as well)
# - gdrive-crypt (used by to sync the second brain between devices, with rclone encryption layer)
rclone configOnce this is done, you can perform an initial sync using:
# you can also run with --dry-run first to check if the output matches your expectations
rclone bisync gdrive-crypt:/ ~/notes --create-empty-src-dirs --compare size,modtime -MP --fix-case --resyncAfter which you can use ns to sync notes.
This repository also offers some static configurations for environments where a basic shell is
needed to work. These can be found under ./static-configs/.