montchr / dotfield

All I see is little dots – some are smeared, and some are spots.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Dotfield

built with nix

The map is open and connectable in all of its dimensions; it is detachable, reversible, susceptible to constant modification. … The map has to do with performance, whereas the tracing always involves an alleged “competence”.

My worlds and systems, a nutrient-rich collection of typos feeding the hungry heads of a talking planet, "oriented toward an experimentation in contact with the real".

all records of prior decision motivation regularly wiped
upon stepping into the sun, birdsongs irradiating
scattered dream fragments dragged down hallways,
the central motif of some one of many ghosts' nightly roams
mindlessly down to hell.

a declarative and functional tape loop magnetically
engraved in lead paint by an adamantine lathe,
melting off the walls,
maddening speed of river tides creeping ever closer to
this house i dare to call my own,
a crucial delusion suppressed for safe passage.

do not resist the birds, they know you all too well.
time to call the sound sweep again;
they say i'm ready for my fifteen-minute closeup

Disclaimerisms

These are my personal configurations and are not intended for use as a template, but you are welcome to do so if you like! I hope visitors manage to find something helpful/inspiring/interesting, but please keep in mind that I have no idea what I'm doing.

Dotfield does not embody "best practices" or "the right way to Nix". The project exists as an evolving and unstable result of one amateur's take on identifying and implementing flexible and understandishable patterns or novelties across other sources this amateur has encountered.

If you have questions or feedback, feel free to reach out in the issues or discussions!

Bootstrapping

This section is incomplete, fragmented, and I don't remember writing it. However, it seems to contain important reference notes for stuff I always forget.

NixOS

Setup

nix-env -f '<nixpkgs>' -iA nixos-install-tools git bat fd ripgrep tealdeer vim
alias nix="nix --extra-experimental-features 'nix-command flakes'"
export NEW_HOSTNAME=<your-hostname>
export GIT_BRANCH="add-${NEW_HOSTNAME}"

Partitioning and formatting

Option 1: Disko
curl "https://raw.githubusercontent.com/montchr/dotfield/${GIT_BRANCH}/machines/${NEW_HOSTNAME}/disk-config.nix" -o /tmp/disk-config.nix
nix run github:nix-community/disko -- --mode disko /tmp/disk-config.nix
# to verify:
mount | grep /mnt
Option 2: Manually

TODO: copy rough commands from moraine provisioning script

Configurate

git clone https://github.com/montchr/dotfield.git -b "${GIT_BRANCH}" /mnt/etc/nixos
# absolute paths from `/mnt` would break once booted into the system
cd /mnt/etc && ln -s nixos dotfield && cd nixos
nixos-generate-config --no-filesystems --root /mnt

Integrate any missing configuration from the generator locally, push to remote, and pull on the host.

Install

nixos-install --flake ".#${NEW_HOSTNAME}"

After rebooting, edit ~/.ssh/known_hosts on your local machine to remove the initial entries since the host keys have been reset after installation.

Record Public Keys

export KEYS_DIR="$PRJ_ROOT/cells/ops/data/keys"
export NEW_HOSTNAME=<...>
export NEW_HOSTIP=<...>

ssh root@$NEW_HOSTIP -t 'cat /etc/ssh/ssh_host_ed25519_key.pub' \
> "$KEYS_DIR/ssh/$NEW_HOSTNAME.pub"

ssh root@$NEW_HOSTIP -t 'cat /etc/ssh/ssh_host_rsa_key.pub' \
> "$KEYS_DIR/ssh/$NEW_HOSTNAME-rsa.pub"

nix run nixpkgs#ssh-to-age -- -i "$KEYS_DIR/ssh/$NEW_HOSTNAME.pub" \
| tr --delete '\n' \
> "$KEYS_DIR/age/$NEW_HOSTNAME.txt"

git add $KEYS_DIR

Update Secret Recipients

Add the host to //cells/secrets/cfg/sops.nix, then:

direnv reload
grep "$NEW_HOSTNAME" $PRJ_ROOT/.sops.yaml --before-context=10
sops updatekeys secrets/global.secrets.yaml

Generic Linux

TODO

macOS/Darwin

Something along these lines:

  • sudo xcode-select --install
  • Install Homebrew
  • brew install git bash zsh ripgrep fd tealdeer bat coreutils
  • Add Homebrew PATH entries to ~/.zprofile as directed
  • Install Nix
  • Generate SSH keys for your user and add them to GitHub/Sourcehut.
  • mkdir -p ~/.config
  • git clone git@github.com:montchr/dotfield.git ~/.config/dotfield
  • Create a basic config for the new host in ./darwin/machines/<hostname>/default.nix
  • Add the new host to flake.darwinConfigurations.<hostname> in ./darwin/configurations.nix
  • nix build .#darwinConfigurations.<hostname>.system --verbose
  • ./result/sw/bin/darwin-rebuild switch --flake .#<hostname> (assuming that the desired hostname has not yet been set -- otherwise, ... --flake . should suffice)

Secrets

After the initial generation with secrets disabled (due to a catch-22/bootstrapping problem), you should then be able to do the following with a smartcard attached.

export KEYID="0x135EEDD0F71934F3"
gpg --recv $KEYID
gpg --list-secret-keys
gpg-agent-restart

mkdir -p $XDG_CONFIG_HOME/sops/age
# Required for editing sops files
pass show age--secret-key >> $XDG_CONFIG_HOME/sops/age/keys

Structure

I still don't know what I'm doing. Maybe one day I will have enough of an idea that I can write it down with any amount of coherence. Or maybe I'm doing it all backwards…?

Grafts

Generally in order of frecency, along with an optional description of reasons for inclusion.

More recently, I've aimed to reference sources with comments and SPDX headings in relevant files.

NixOS/nix-darwin/home-manager

Systems

tuvix [MacBook Air M2]

Work computer running macOS. It's fresh. It's sleek. But it's still a Mac...

ryosuke [Teenage Engineering Computer-1]

Ryosuke is a "ghost of the circuit", a denizen of Kairo, LoBE.

PCPartPicker Part List

Type Item
CPU AMD Ryzen 9 5900X 3.7 GHz 12-Core Processor
CPU Cooler Noctua NH-L9a-AM4 33.84 CFM CPU Cooler
Motherboard Gigabyte X570SI AORUS PRO AX Mini ITX AM4 Motherboard
Memory Corsair Vengeance LPX 32 GB (2 x 16 GB) DDR4-3600 CL18 Memory
Storage Samsung 970 Evo Plus 1 TB M.2-2280 NVME Solid State Drive
Video Card PowerColor Radeon RX 6500 XT 4 GB ITX Video Card
Case teenage engineering Computer-1 Mini ITX Desktop Case
Power Supply Corsair SF 600 W 80+ Platinum Certified Fully Modular SFX Power Supply
Case Fan Noctua A8 PWM chromax.black.swap 32.67 CFM 80 mm Fan

The Ryzen 9 5900X processor and mini-ITX Teenage Engineering Computer-1 case are the stars here.

This is my primary computer. I carry it up and down three flights of stairs every day. I've also used it in the office as a "laptop".

moraine

Hetzner AX52 (+ ECC) (+ 2x16TB HDD)

Media server. Work in progress.

Name Origin

Moraine - Official Outer Wilds Wiki

Moraine is a Hearthian who enjoys using the Signalscope, especially to listen to the travelers music from across the Solar system. They are found on a platform atop the tallest tree in The Village, so they will have a better view of the planets.

boschic

A towering beast lurking in the shadows of my living room.

Originally built in 2015, recently revamped.

PCPartPicker Part List

Type Item
CPU AMD Ryzen 5 5600X 3.7 GHz 6-Core Processor
CPU Cooler Noctua NH-D15 82.5 CFM CPU Cooler
Motherboard Asus ROG STRIX B450-F GAMING II ATX AM4 Motherboard
Memory Corsair Vengeance LPX 32 GB (2 x 16 GB) DDR4-3600 CL18 Memory
Storage Crucial MX100 256 GB 2.5" Solid State Drive
Storage Samsung 970 Evo Plus 2 TB M.2-2280 NVME Solid State Drive
Storage Seagate BarraCuda 1 TB 3.5" 7200RPM Internal Hard Drive
Video Card NVIDIA GeForce RTX 3080 Ti 12 GB Founders Edition Video Card
Case Phanteks Enthoo Pro ATX Full Tower Case
Power Supply Corsair AX 760 W 80+ Platinum Certified Fully Modular ATX Power Supply
Wireless Network Adapter TP-Link Archer T5E 802.11a/b/g/n/ac PCIe x1 Wi-Fi Adapter

HodgePodge aka the "Sacred Chao"

An early-2014 15-inch MacBook Pro who has seen quite the life. Mostly unused for the past several years due to the availability of more portable work laptops. It is now living out its life in a declarative retirement home. nixos-rebuild is impossibly slow, even with the binary cache and ryosuke as build host.

Incubation

sommoch

Dead but dreaming.

Laid to indefinite rest when one of the cats, seeking human attention, chewed through the LCD screen. We did not speak for a week.

Still works, but unusable without external display. Suffers from congenital Butterfly Keyboard Syndrome. Runs macOS.

Notes

macOS GUI Applications via Nix

UPDATE: emacs29-macport works amazingly! Thanks to @tnytown for their hard work in NixOS/nixpkgs#127902 and NixOS/nixpkgs#252244.

Emacs

The package emacs29-macport works well. It's based on Mitsuharu Yamamoto’s excellent macOS port of GNU Emacs. The Nix package used to have issues with GUI crashes, but AFAIK those are no longer an issue.

  • Install emacs29-macport via environment.systemPackages (from nix-darwin)
  • Open it from a terminal shell session via /usr/bin/open -a '/Applications/Nix Apps/Emacs.app'

Still, nix-darwin launchd service never seems to work, breaking emacsclient functionality. I have not yet confirmed whether this is still an issue with emacs29-macport. The following quote from the manual seems to indicate that such functionality remains a mystery:

The Mac port doesn't support multi-tty with GUI. The developer has no idea how to detach Emacs as a GUI application from Window Server or Dock without separating a GUI process (not thread) from the main Emacs (Lisp evaluator) process. TTY-only multi-tty is supposed to work.

mituharu / emacs-mac / README-mac — Bitbucket

yabai

Just use the official package released via brew, unless you prefer pain.

About

All I see is little dots – some are smeared, and some are spots.

License:GNU General Public License v3.0


Languages

Language:Nix 63.1%Language:Shell 29.8%Language:Nushell 4.6%Language:Just 1.1%Language:CSS 0.8%Language:Lua 0.6%