Beware: this config is still under construction (it takes a while to port all my old dotfiles over).
From the NixOS live system, after mounting your partitions on /mnt,
start the installation process like this:
nix-shell -p git
git clone https://github.com/42LoCo42/.dotfiles -b nixos dotfiles
cd dotfiles
# edit/personalize hi/configuration.nix now...
./install.shReboot and log in, then clone this repo again like before.
Finally, run ./postinstall.sh to create local folders and files required for the overlay mount.
This repo will reside in your home directory, whilst being overlay-mounted to /etc/nixos.
Therefore, the .git folder is excluded from system rebuilds, which makes developing easier.
Additionally, two important shell aliases are provided:
switch: remounts /etc/nixos and runsnixos-rebuild switchupgrade: performs an upgrade of this configuration's flake.
The Lanzaboote bootloader is included, but not enabled by default. To use it, first create secure boot keys:
nix-shell -p sbctl
sudo sbctl create-keysThen adapt the file secboot.nix to your system and include it in your hardware configuration.
Perform a system rebuild and enroll your secure boot keys:
sudo sbctl enroll-keys # sbctl will be installed system-wide by secboot.nixThis configuration uses full-disk encryption and automatic unlocking with Clevis.
Your computer needs a Trusted Platform Module for this.
If you don't have one, remove boot.initrd.extraUtilsCommands and boot.initrd.luks.devices."root".preOpenCommands.
For more information, see the Lanzaboote Quickstart Guide and this PR for official clevis support, from which I have derived my configuration.
