Skip to content
This repository has been archived by the owner on Nov 5, 2022. It is now read-only.
/ nixos Public archive

A fully automated replicable nixos configuration set

License

Notifications You must be signed in to change notification settings

LEXUGE/nixos

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

NixOS

Build customized NixOS LiveCD ISO Nix Flake Check Release status

This repo is deprecated. See my new config at flake

A fully automated replicable nixos configuration flake that provides re-usable modules, and pre-configured system configuration.

CI Channel

Features

  • A customized LiveCD ISO that you can try environment out and speed up your installation!
  • Full-disk encryption including /boot. Support hibernate.
  • An almost automated one-liner installation script.
  • Transparent proxy and de-polluted DNS server using Clash and netkit.nix flake (support shadowsocks, Vmess, trojan). rules are written in order to maximize the performance.
  • CapsLock as Ctrl! No emacs pinky anymore! (Surely I am an emacs user).
  • zsh with oh-my-zsh builtin, in addition to a git plugin which makes your life easier.
  • GTK with builtin dark variant.

How do I install pre-configured system configuration?

Download and boot in customized LiveCD, and then:

sudo install-script

Follow the instructions and there you go. Above installation script will automatically install ThinkPad X1 Carbon 7th Gen specified configuration, but it should be fine for modern laptops.

Notes

If you are on a NVMe SSD, use sudo install-script -n instead.

If you are outside of Mainland China, please edit the configuration.nix to use official binary cache only instead of TUNA's. You may also need to adapt the binaryCaches setting in system/options.nix to your own network.

See wiki page for details.

Security details

As for me, I am on my best to ensure that the system is convenient to use and secure. But here are some concerns:

  • services.fstrim.enable is set to true which means that attacker may be able to perceive the data usage of the fully encrypted disk.
  • There is a keyfile added to / partition encryption in order to eliminate the twice keying in of the LUKS passphrase.

How do I re-use parts of it?

I have kept "stealing" in mind while I am writing the whole configuration. Use nix flake show 'github:LEXUGE/nixos' to see what are available. For example,

github:LEXUGE/nixos/dd59c772a9bd0503da3c775427bbfed64d6dfc61
│   ├───ash-profile: NixOS module
│   └───x-os: NixOS module
  • ash-profile is my user space configuration (stuff like zsh, git, emacs config, etc).
  • x-os my universal core system config. Also, you can check out related flake repos (netkit.nix, std) which I use a lot here as well.

CI

I use GitHub Actions here to build LiveCD actions third times a week (with all flake inputs up-to-date). This means by using the latest ISO image, you are likely to copy a trunk of stuff directly from CD (which is good because you don't need to download them!). After every successful build, my telegram bot would post newly-built release to the CI telegram channel. To save storage that others could otherwise use, only last three images are kept.

See also

  • netkit.nix flake: Verstile tools for advanced networking scenarios in NixOS, including Clash, wifi-to-wifi hotspot, on demand minecraft server, frpc modules.
  • std: Standard library used by my flakes.
  • iceberg: My personal package collection. Currently, it includes Wolfram Engine package and modules.

Acknowledgments

Thanks to following repositories: