You learn to run by running.
This project contains config files so that they're backuped and can be shared across multiple devices. It's made shareable by heavily relying on nix. Per machine I maintain a seperate branch. Feel free to contact me on discord or twitter if you have issues/questions when using any of these configs for your own.
clone into /linux-config
Doing it into root is intentional, we want absoulte paths to make everything easier. Make sure your user owns that directory:
chown jappie:users -R /linux-configNow run the script to install all dotfiles.
cd /linux-config/scripts
./nixos-setup.shYes on installing configuration.nix. it'll make a backup of the existing one, but the default one can be generated anyway
run nixos-rebuild switch
-
Setup syncthing. Syncthing contains my main password manager file from keepassxc. Since syncthing is decentralized and encrypted in transport, I consider this the safest way of moving this accross systems.
-
Setup a password for main user
passwd $MAIN_USER
- generate a new gpg key, this should be password protected with the same password from previous step.
gpg --full-generate-key
- Then find the keygrip of the newly generated key and write it into .pam-gnupg
gpg -K --with-keygrip
https://github.com/NixOS/nixpkgs/blob/nixos-22.11/nixos/modules/security/pam.nix#L413
I'm aware of home manager.
Seems a bit overkill to me. I run this on two to three machines, I understand what happens by simply making symlinks to config files of which the source is tracked in git, no need to also nixify that.
we need to generate a new gpg key:
gpg --full-generate-key
use 4096 rsa&rsa expiry one year, expiry doesn't matter, just some gpg flag.
now go https://platform.openai.com/account/api-keys for example, generate a new secret, and save it as openapi.gpg in ~/keys