项目作者: shiryel

项目描述 :
My NixOs config
高级语言: Nix
项目地址: git://github.com/shiryel/nixos-dotfiles.git
创建时间: 2019-07-23T23:02:53Z
项目社区:https://github.com/shiryel/nixos-dotfiles

开源协议:MIT License

下载


My NixOS Configuration

Nix logo

built with nix

This is my personal NixOS configuration, being lapdated since 2019, by using flakes and home-manager. You will also find a bit of security and privacy configurations in my attempt of improving Linux’s desktop. You are welcome to take inspiration :)

You will find configurations for:

  • Sway (Wayland / xWayland)
  • AMD CPU / GPU
  • Pipewire
  • ZSH
  • Dnscrypt
  • Systemd Hardened
  • Opensnitch
  • Bwrap (browsers, telegram, discord, steam)
  • Neovim
  • XDG
  • Themes

Design

  1. flake.nix -- entry point, merges everything bellow
  2. |
  3. |--> profiles/* -- high-level configuration, the "user profile"
  4. |--> hardwares/* -- configs specific by hardware
  5. |
  6. |--> modules/* -- modules to compose the "profiles/*" and "hardwares/*",
  7. | -- defines the custom "myNix" options
  8. |
  9. |--> overlays/* -- define new or override packages
  10. |--> lib/* -- custom functions and abstractions for everything above (eg: bwrapIt)

Install

If you want a full disk reset:

  1. # download script from _scripts/setup_disk.sh
  2. curl -L setup-disk.shiryel.com > setup.sh
  3. chmod +x setup.sh
  4. # run it
  5. ./_scripts/setup_disk.sh /dev/YOUR_DEVICE_HERE

If you already have a system formated, add your hardware_config.nix to system/hardware/hardware-configuration.nix and run:

  1. sudo nixos-rebuild switch --flake .#generic

Inspiration

You can get started with flakes here: https://nixos.wiki/wiki/Flakes
Also, you may want to take a look on the flakes that I took inspiration:

Testing

Workspaces

  • xrandr - check if primary on a output with 16:9 aspect ratio
  • record - check if screen recording is working on every workspace

Network

  • dig +short txt qnamemintest.internet.nl - check if QNAME minimisation is enabled
  • sudo cat /var/log/dnscrypt-proxy/dnscrypt-proxy.log - check if dnscrypt is choosing a good DNS server with low latency
  • ssh -T git@github.com - check if ssh, gpg and pinentry are working
  • https://www.cloudflare.com/ssl/encrypted-sni/ - check DNSSEC (SNI will be unsuported)

Systemd

  • systemctl --user --type=target - check available user targets
  • systemctl --user --failed - check failed user services
  • systemctl --failed - check failed system services
  • systemd-analyze security - check system security
  • systemd-analyze security --user - check user security

Debuging Tools

  • ldd - check dynamic executables (notice that ldd is wrapped in a hard-coded loader that always reports its own path no matter what loader path the program has expected, eg: /lib/ld-linux.so.2 != /lib/ld-lsb.so.3)
  • LD_DEBUG=all $COMMAND
  • objdump -j .interp -s $COMMAND
  • strace
  • ftrace
  • perf

Debug Envs

  • NIX_DEBUG=true
  • WAYLAND_DEBUG=1
  • XDG_UTILS_DEBUG_LEVEL=10
  • QT_DEBUG_PLUGINS=1
  • GTK_DEBUG=interactive

Security Tools (not installed)

  • chkrootkit
  • lynis

#


Nix Shiryel, drawing by Lucky Blackat

by Lucky Blackat