NixOS

This is paranoid build with root on tmpfs, as described in my Privacy Basic Guide. This means that everything outside of some directories of /etc and some directories of /home will be wiped out. Read more about this in the NixOs Paranoid Guide (this is also a good source NixOS tmpfs as /home).

Features

• XanMod Kernel

• Hyprland Wayland window manager:

  • Waybar status bar.
  • Nemo file manager.
  • Rofi-wayland application launcher.
  • Mako notification daemon.
  • Swaylock-effects screen locker.
  • NetworkManager network management tool.
  • Nerdfonts.

• foot CLI-ready workflow with fish, tmux, git, fish, gpg, ssh, curl, rsync, and power tools like bat, zoxide, eza, bottom, broot, fzf, yazi, ripgrep, fd, sd, jq, just, lazygit, lazydocker, gh, and more...

• Developer-ready languages: Nix, Rust, Go, Python, and LLVM.

• Easy to develop environments with nix-shell direnv, and devshell. You can put your soydev TypeScript/JavaScript/NodeJS stuff here.

• Text editor with Helix enabled with the following LSPs:

  • nil: Nix
  • bash-language-server: Bash, Fish, Zsh, shell scripts, etc.
  • rust-analyzer: Rust
  • gopls: Go
  • taplo: TOML
  • yaml-language-server: YAML
  • ruff-lsp: Python
  • marksman: Markdown
  • vscode-langservers-extracted: HTML, CSS, and JSON
  • texlab: $\LaTeX$
  • ltex-ls: LanguageTool for Markdown, HTML, and $\LaTeX$.
  • typst-lsp: Typst

• Catppuccin Mocha theme everywhere.

• Archival tools: gzip, xz, zip, lz4, p7zip, and zstd.

• CLI entertainment tools: mpv, yt-dlp, cmus, and ffmpeg.

• VPN support with wireguard

• Keyboard customizations with keyd: Caps Lock as Escape (if tapped) and Control (if held).

• Publishing and content CLI tools: qpdf, pandoc, glow, graphicsmagick, tectonic, and typst.

• OS-level ad-blocking with StevenBlack/hosts in the /etc/hosts.

• Apps:

  • Bitcoin tools such as Sparrow wallet and Bisq
  • Encrypted backup tool with Cryptomator
  • Signal messenger
  • Firefox with Tor Browser also available
  • Torrenting with Transmission
  • Docker and Linux VMs with Podman and QEMU
  • Offline password manager with KeePassXC
  • Screen Recorder with OBS Studio

How to Install

1. Prepare a 64-bit NixOS 23.11 minimal iso image and burn it, then enter the live system. Suppose I have divided two partitions: /dev/nvme0n1p1 and /dev/nvme0n1p2

2. Format the partitions:

   mkfs.fat -F 32 /dev/nvme0n1p1
   mkfs.ext4 /dev/nvme0n1p2 # or use LUKS with cryptsetup luksFormat /dev/nvme0n1p2 encryptedroot

3. Mount:

   mount -t tmpfs none /mnt
   mkdir -p /mnt/{boot,nix,etc/nixos}
   mount /dev/nvme0n1p2 /mnt/nix # or LUKS with mount /dev/mapper/encryptedroot /mnt/nix
   mount /dev/nvme0n1p1 /mnt/boot
   mkdir -p /mnt/nix/persist/etc/nixos
   mount -o bind /mnt/nix/persist/etc/nixos /mnt/etc/nixos

4. Generate a basic configuration:

   nixos-generate-config --root /mnt

5. Clone the repository locally:

   nix-shell -p git
   # recursive for git submodules
   git clone --recursive https://github.com/realeinherjar/flakes.git /mnt/etc/nixos/flakes
   cd /mnt/etc/nixos/flakes/
   nix develop --extra-experimental-features "nix-command flakes" --extra-experimental-features flakes

6. Copy hardware-configuration.nix from /mnt/etc/nixos to /mnt/etc/nixos/flakes/hosts/laptop/hardware-configuration.nix:

   cp /mnt/etc/nixos/hardware-configuration.nix /mnt/etc/nixos/flakes/hosts/laptop/hardware-configuration.nix

7. Modify the overwritten hardware-configuration.nix:

   hx /mnt/etc/nixos/flakes/hosts/laptop/hardware-configuration.nix

   ...
   # This is just an example
   # Please refer to `https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/#step-4-1-configure-disks`
   
     fileSystems."/" =
       { device = "none";
         fsType = "tmpfs";
         options = [ "defaults" "size=12G" "mode=755"  ];
       };
   
     fileSystems."/nix" =
       { device = "/dev/disk/by-uuid/49e24551-c0e0-48ed-833d-da8289d79cdd";
         fsType = "ext4";
       };
   
     fileSystems."/boot" =
       { device = "/dev/disk/by-uuid/3C0D-7D32";
         fsType = "vfat";
       };
   
     fileSystems."/etc/nixos" =
       { device = "/nix/persist/etc/nixos";
         fsType = "none";
         options = [ "bind" ];
       };
   ...

8. remove /mnt/etc/nixos/flakes/.git:

   rm -rf .git

9. Username modification: edit /mnt/etc/nixos/flakes/flake.nix to modify user variable, hostname modification: edit /mnt/etc/nixos/flakes/hosts/system.nix to modify the hostName value in the networking property group

10. Use the hash password generated by the mkpasswd {PASSWORD} -m sha-512 command to replace the value of users.users.<name>.hashedPassword in /mnt/etc/nixos/flakes/hosts/laptop/wayland/default.nix (there are two places to be edited)

11. Perform install:

    nixos-install --no-root-passwd --flake .#laptop

12. Reboot

    reboot

13. Enjoy it!

How to Update

1. First, update the input in flake:

   # update the specified input
   nix flake lock --update-input <foo> <foo>
   # or update all inputs
   nix flake update
   # also you can reclaim storage with
   nix-collect-garbage -d

2. Then, rebuild and switch to the system after rebuild:

   doas nixos-rebuild boot --flake .#<hostname>