Lix dotfiles

My declarative, reproducible system built using Lix.

Installation

If you set up a new machine you should probably generate a new SSH key pair. Put your keys in /home/thomas/.ssh/.

Put your age keys here:

vim /home/thomas/.config/sops/age/keys.txt

To rebuild the system:

nixos-rebuild switch --flake . --sudo

To rebuild a remote system locally, and deploy it:

nixos-rebuild switch --flake .#coprin --target-host thomas@192.168.1.30 --sudo

Apple Silicon machine

Copy the peripheral firmware files off the EFI system partition (e.g. on the installation ISO mkdir -p /mnt/etc/nixos/firmware && cp /mnt/boot/asahi/{all_firmware.tar.gz,kernelcache*} /mnt/etc/nixos/firmware). Then, once a NixOS is installed, copy these firmware files to the current configuration cp /mnt/etc/nixos/firmware* <current_config>/system/asahi-firmware.

Manual configuration

Some packages require manual configuration.

Atuin

If you imported age keys, just login to retrieve your shell history:

atuin login
atuin sync

Obsidian

Just open Obsidian, login and sync everything including community plugins and settings (Active community plugin list and Installed community plugins options). Wait for the end of the synchronization, and restart the app.

Tailscale

Connect your machine to your Tailscale network and authenticate in your browser:

sudo tailscale up

In Dolphin (or somewhere else), use smb://user@ip to connect to a remote SMB share.

Useful commands

Optimize the Nix store by hard linking duplicate binaries. This shouldn't be needed with my current dotfiles though, as optimizations are performed automatically at build time.

nix-store --optimise

The Nix store accumulates entries which are no longer useful. They can be deleted:

nix-store --gc

Delete all generations older than a specific period (e.g. 30 days):

nix-collect-garbage --delete-older-than 30d

Future work

Limitations:

• (cudaSupport) Setting cudaSupport = false causes Librewolf to be rebuilt every time, so we add an overlay preventing this (NixOS/nixpkgs#457218)
• (DNS4EU) I should find a way to enable DNSoverTLS with DNS4EU
• (librewolf) camera and screen share do not work on video calls
• (nixos) error during stage 1: can’t mount /mnt-root
• (vscodium) I am currently using the VSCode spyware instead of VSCodium because of an incompatibility with Copilot Chat. This should eventually be fixed.
• (zotero) Zotero is not available yet on aarch64 platforms.
• (librewolf) privacy.resistFingerprinting = true prevents media upload and Leboncoin login from working.
• (nixos) new generations are sometimes not pushed into the boot menu.

These are not fully integrated yet:

• SDDM doesn't offer a keyboard layout selection, which is very annoying for non-US keyboard users. SDDM should be incubated into Plasma at some point.
• Pinned favorites in kickoff menu is not supported by plasma-manager yet.

Some resources I found useful

• Introduction to Nix and NixOS by Wil T
• I got some inspiration from geraldwuhoo
• NixOS Secrets Management by EmergentMind
• Flakes + Home Manager Multiuser/Multihost Configuration by Chris McDonough
• NixOS on Apple Silicon by sef