Dotfield
The map is open and connectable in all of its dimensions; it is detachable, reversible, susceptible to constant modification. … The map has to do with performance, whereas the tracing always involves an alleged “competence”.
My worlds and systems, a nutrient-rich collection of typos feeding the hungry heads of a talking planet, "oriented toward an experimentation in contact with the real".
all records of prior decision motivation regularly wiped
upon stepping into the sun, birdsongs irradiating
scattered dream fragments dragged down hallways,
the central motif of some one of many ghosts' nightly roams
mindlessly down to hell.
a declarative and functional tape loop magnetically
engraved in lead paint by an adamantine lathe,
melting off the walls,
maddening speed of river tides creeping ever closer to
this house i dare to call my own,
a crucial delusion suppressed for safe passage.
do not resist the birds, they know you all too well.
time to call the sound sweep again;
they say i'm ready for my fifteen-minute closeup
Disclaimerisms
These are my personal configurations and are not intended for use as a template, but you are welcome to do so if you like! I hope visitors manage to find something helpful/inspiring/interesting, but please keep in mind that I have no idea what I'm doing.
Dotfield does not embody "best practices" or "the right way to Nix". The project exists as an evolving and unstable result of one amateur's take on identifying and implementing flexible and understandishable patterns or novelties across other sources this amateur has encountered.
If you have questions or feedback, feel free to reach out in the issues or discussions!
Bootstrapping
This section is incomplete, fragmented, and I don't remember writing it. However, it seems to contain important reference notes for stuff I always forget.
NixOS
Setup
nix-env -f '<nixpkgs>' -iA nixos-install-tools git bat fd ripgrep tealdeer vim
alias nix="nix --extra-experimental-features 'nix-command flakes'"
export NEW_HOSTNAME=<your-hostname>
export GIT_BRANCH="add-${NEW_HOSTNAME}"
Partitioning and formatting
Option 1: Disko
curl "https://raw.githubusercontent.com/montchr/dotfield/${GIT_BRANCH}/machines/${NEW_HOSTNAME}/disk-config.nix" -o /tmp/disk-config.nix
nix run github:nix-community/disko -- --mode disko /tmp/disk-config.nix
# to verify:
mount | grep /mnt
Option 2: Manually
TODO: copy rough commands from moraine provisioning script
Configurate
git clone https://github.com/montchr/dotfield.git -b "${GIT_BRANCH}" /mnt/etc/nixos
# absolute paths from `/mnt` would break once booted into the system
cd /mnt/etc && ln -s nixos dotfield && cd nixos
nixos-generate-config --no-filesystems --root /mnt
Integrate any missing configuration from the generator locally, push to remote, and pull on the host.
Install
nixos-install --flake ".#${NEW_HOSTNAME}"
After rebooting, edit ~/.ssh/known_hosts
on your local machine to remove the initial entries since the host keys have been reset after installation.
Record Public Keys
export KEYS_DIR="$PRJ_ROOT/cells/ops/data/keys"
export NEW_HOSTNAME=<...>
export NEW_HOSTIP=<...>
ssh root@$NEW_HOSTIP -t 'cat /etc/ssh/ssh_host_ed25519_key.pub' \
> "$KEYS_DIR/ssh/$NEW_HOSTNAME.pub"
ssh root@$NEW_HOSTIP -t 'cat /etc/ssh/ssh_host_rsa_key.pub' \
> "$KEYS_DIR/ssh/$NEW_HOSTNAME-rsa.pub"
nix run nixpkgs#ssh-to-age -- -i "$KEYS_DIR/ssh/$NEW_HOSTNAME.pub" \
| tr --delete '\n' \
> "$KEYS_DIR/age/$NEW_HOSTNAME.txt"
git add $KEYS_DIR
Update Secret Recipients
Add the host to //cells/secrets/cfg/sops.nix
, then:
direnv reload
grep "$NEW_HOSTNAME" $PRJ_ROOT/.sops.yaml --before-context=10
sops updatekeys secrets/global.secrets.yaml
Generic Linux
TODO
macOS/Darwin
Something along these lines:
sudo xcode-select --install
- Install Homebrew
brew install git bash zsh ripgrep fd tealdeer bat coreutils
- Add Homebrew
PATH
entries to~/.zprofile
as directed - Install Nix
- Generate SSH keys for your user and add them to GitHub/Sourcehut.
mkdir -p ~/.config
git clone git@github.com:montchr/dotfield.git ~/.config/dotfield
- Create a basic config for the new host in
./darwin/machines/<hostname>/default.nix
- Add the new host to
flake.darwinConfigurations.<hostname>
in./darwin/configurations.nix
nix build .#darwinConfigurations.<hostname>.system --verbose
./result/sw/bin/darwin-rebuild switch --flake .#<hostname>
(assuming that the desired hostname has not yet been set -- otherwise,... --flake .
should suffice)
Secrets
After the initial generation with secrets disabled (due to a catch-22/bootstrapping problem), you should then be able to do the following with a smartcard attached.
export KEYID="0x135EEDD0F71934F3"
gpg --recv $KEYID
gpg --list-secret-keys
gpg-agent-restart
mkdir -p $XDG_CONFIG_HOME/sops/age
# Required for editing sops files
pass show age--secret-key >> $XDG_CONFIG_HOME/sops/age/keys
Structure
I still don't know what I'm doing. Maybe one day I will have enough of an idea that I can write it down with any amount of coherence. Or maybe I'm doing it all backwards…?
Grafts
Generally in order of frecency, along with an optional description of reasons for inclusion.
More recently, I've aimed to reference sources with comments and SPDX headings in relevant files.
NixOS/nix-darwin/home-manager
- https://github.com/lovesegfault/nix-config :: nixos
- https://github.com/oddlama/nix-config :: nixos, sso, good docs, microvms
- https://git.sr.ht/~misterio/nix-config/ :: nixos, desktops, similar goals, simplicity and clarity, aesthetics
- https://github.com/Mic92/dotfiles :: nixos, flake-parts, extensive, fleets, networking, structure, secrets management
- https://github.com/srid/nixos-config :: nixos, nix-darwin, vms, simple, nixos-shell
- https://github.com/viperML/dotfiles :: nixos, flake-parts, structure
- https://github.com/TLATER/dotfiles :: home-manager, structure
- https://github.com/d12frosted/environment :: nixos, nix-darwin, world-building, emacs, docs
- https://github.com/colemickens/nixcfg :: nixos, extensive, fun
- https://github.com/cole-h/nixos-config/ :: nixos, media server
- https://github.com/kclejeune/system :: nixos, home-manager
- https://github.com/Xe/nixos-configs :: networking, extensive
- https://github.com/sei40kr/dotfiles
- https://github.com/hlissner/dotfiles :: nixos, libs, original, structure, homes w/o home-manager
- https://github.com/malob/nixpkgs :: nix-darwin, docs
- https://github.com/ahmedelgabri/dotfiles
- https://github.com/cmacrae/config :: nix-darwin, nixos, emacs
Systems
tuvix
[MacBook Air M2]
Work computer running macOS. It's fresh. It's sleek. But it's still a Mac...
ryosuke
[Teenage Engineering Computer-1]
Ryosuke is a "ghost of the circuit", a denizen of Kairo, LoBE.
The Ryzen 9 5900X processor and mini-ITX Teenage Engineering Computer-1 case are the stars here.
This is my primary computer. I carry it up and down three flights of stairs every day. I've also used it in the office as a "laptop".
moraine
Hetzner AX52 (+ ECC) (+ 2x16TB HDD)
Media server. Work in progress.
Name Origin
Moraine - Official Outer Wilds Wiki
Moraine is a Hearthian who enjoys using the Signalscope, especially to listen to the travelers music from across the Solar system. They are found on a platform atop the tallest tree in The Village, so they will have a better view of the planets.
boschic
A towering beast lurking in the shadows of my living room.
Originally built in 2015, recently revamped.
HodgePodge
aka the "Sacred Chao"
An early-2014 15-inch MacBook Pro who has seen quite the life. Mostly unused for
the past several years due to the availability of more portable work laptops. It
is now living out its life in a declarative retirement home. nixos-rebuild
is
impossibly slow, even with the binary cache and ryosuke
as build host.
Incubation
sommoch
Dead but dreaming.
Laid to indefinite rest when one of the cats, seeking human attention, chewed through the LCD screen. We did not speak for a week.
Still works, but unusable without external display. Suffers from congenital Butterfly Keyboard Syndrome. Runs macOS.
Notes
macOS GUI Applications via Nix
UPDATE: emacs29-macport
works amazingly!
Thanks to @tnytown
for their hard work in
NixOS/nixpkgs#127902
and NixOS/nixpkgs#252244.
Emacs
The package emacs29-macport
works well.
It's based on Mitsuharu Yamamoto’s excellent macOS port of GNU Emacs.
The Nix package used to have issues with GUI crashes,
but AFAIK those are no longer an issue.
- Install
emacs29-macport
viaenvironment.systemPackages
(from nix-darwin) - Open it from a terminal shell session via
/usr/bin/open -a '/Applications/Nix Apps/Emacs.app'
Still, nix-darwin launchd
service never seems to work, breaking emacsclient
functionality.
I have not yet confirmed whether this is still an issue with emacs29-macport
.
The following quote from the manual seems to indicate that such
functionality remains a mystery:
The Mac port doesn't support multi-tty with GUI. The developer has no idea how to detach Emacs as a GUI application from Window Server or Dock without separating a GUI process (not thread) from the main Emacs (Lisp evaluator) process. TTY-only multi-tty is supposed to work.
mituharu / emacs-mac / README-mac — Bitbucket
yabai
Just use the official package released via brew
, unless you prefer pain.