mirror of
https://github.com/ItsDrike/nixdots
synced 2024-12-25 18:24:34 +00:00
Update installation guide
This commit is contained in:
parent
c869557f1f
commit
d7792681cf
127
INSTALLATION.md
127
INSTALLATION.md
|
@ -607,6 +607,10 @@ The resulting file should then look something like this:
|
|||
boot.supportedFilesystems = [ "btrfs" ];
|
||||
hardware.enableAllFirmware = true;
|
||||
|
||||
# My flake disables password-based SSH authentication.
|
||||
# either set up a key based auth, or uncomment this
|
||||
#services.openssh.settings.PasswordAuthentication = lib.mmkForce true;
|
||||
|
||||
nix.settings = {
|
||||
max-jobs = 6;
|
||||
cores = 6;
|
||||
|
@ -642,6 +646,13 @@ The resulting file should then look something like this:
|
|||
}
|
||||
```
|
||||
|
||||
> [!WARNING]
|
||||
> I'm currently working on making impermanence config in my flake directly. This will mean you will eventually be
|
||||
> expected to just enable impermanence through myOptions. Right now, the config above includes `impermanence.nix`
|
||||
> that we have enabled earlier. This will work, however note that flakes are a bit stricter with fetchTarball, and
|
||||
> require a sha256 hash to be specified. You can specify it, or use the `--impure` flag for now. Once impermanence
|
||||
> will be integrated into my flake, it will be handled as an input, and you won't have to worry about anything.
|
||||
|
||||
### Commit and switch
|
||||
|
||||
Once you've declared everything, make a commit and run `nix flake check` to make sure you everything checks out,
|
||||
|
@ -659,6 +670,122 @@ Finally, you should now be ready to switch:
|
|||
sudo nixos-rebuild switch --flake .
|
||||
```
|
||||
|
||||
If everything went well, you should now be left with a system configured to my specification.
|
||||
|
||||
### Last steps
|
||||
|
||||
Now that you've managed set up my flake, there are a few last steps to take.
|
||||
|
||||
First, you will probably now still be in a bash shell, I however use zsh, so you will want to re-login.
|
||||
|
||||
### Neovim
|
||||
|
||||
> [!WARNING]
|
||||
> If you're logged in through SSH, you will need to set up a key based authentication,
|
||||
> since password auth for SSH is disabled in my flake.
|
||||
|
||||
Once in zsh, another important step to set up neovim. Since I use a custom configuration, which relies on a lot of
|
||||
plugins and other utilities, you will want to run neovim in headless mode for the first time, and leave it to install
|
||||
all of these automatically:
|
||||
|
||||
```shell
|
||||
nvim --headless +q
|
||||
```
|
||||
|
||||
Once this completes, run neovim. Note that you will still see Mason installing a bunch of tools now, which will cause a
|
||||
lot of notifications. Don't be alarmed by that, it is normal. Once the notifications stop, the installation process will
|
||||
be truly complete. You can then close neovim.
|
||||
|
||||
### XDG base dirs
|
||||
|
||||
My flake exports various environment variables and does a bunch of other things to force applications into following XDG
|
||||
base directory specification and not cluttering `$HOME`.
|
||||
|
||||
However, since we used a bunch of applications already, before moving to my flake. There will be a bunch of files or
|
||||
directories that already got made. We will need to move these to their appropriate XDG locations, or even delete them
|
||||
entirely, if we're not using these applications anymore, or if these applications are capable of automatically
|
||||
recreating these directories trivially:
|
||||
|
||||
```shell
|
||||
rm "$HOME/.nix-defexpr"
|
||||
rm "$HOME/.bash_history"
|
||||
```
|
||||
|
||||
### GPG keys and commit signing
|
||||
|
||||
Another important thing is to finish up setting your git commit signing. As you've probably noticed from the myOptions
|
||||
config, I have already defined my signing key there, however you will need to import this gpg key manually.
|
||||
|
||||
Export your public and private keys with GPG and make them available on this machine. To do so, you can run these
|
||||
commands from another machine:
|
||||
|
||||
```shell
|
||||
gpg --output ./my-key.pub.gpg --armor --export [key-id]
|
||||
gpg --output ./my-key.priv.gpg --armor --export-secret-keys [key-id]
|
||||
# Now get these files to the new machine
|
||||
# you can use sftp, or just a flash drive or whatever other method you prefer
|
||||
```
|
||||
|
||||
Once the keys are available, run these commands from the new machine:
|
||||
|
||||
```shell
|
||||
gpg --import ./my-key.pub.gpg
|
||||
gpg --import ./my-key.priv.gpg
|
||||
```
|
||||
|
||||
You might also want to change the trust level for this key, which you can do with:
|
||||
|
||||
```shell
|
||||
gpg --edit-key [key-id]
|
||||
# In the interactive session, run `trust`, select your trust level and finally run `save`
|
||||
```
|
||||
|
||||
My flake already configured your git to enable commit signing using the key you specified earlier (even though it wasn't
|
||||
yet available at that point). Any new commits that you make from now on will be signed
|
||||
|
||||
### Git credentials
|
||||
|
||||
> [!WARNING]
|
||||
> I don't yet have a proper set up for git credentials handled, for now, you can
|
||||
> just use the HTTPS based authentication with store credential helper. Like what's
|
||||
> described below. This category will however be completely rewritten and moved to
|
||||
> SSH keys once I have support for them ready in the flake.
|
||||
|
||||
```shell
|
||||
git config --local credential.helper "store --file ~/.config/git/git-credentials"
|
||||
```
|
||||
|
||||
Now, once you run `git push`, you will be asked for a password, which will get stored
|
||||
to `~/.config/git/git-credentials` (in plain-text, though the file is protected by file-system permissions, and only the
|
||||
owner can read it).
|
||||
|
||||
### Push to git
|
||||
|
||||
First, let's remove our temporary hack with git local configuration we used to allow us to make commits:
|
||||
|
||||
```shell
|
||||
git config --local --unset user.name
|
||||
git config --local --unset user.email
|
||||
```
|
||||
|
||||
Now that you have git set up, let's ammend our previous commits, which will recreate it, and this time, git will use our
|
||||
global configuration with the gpg keys configured to sign the commits.
|
||||
|
||||
The following command will rebase all commits until we reach the `main` branch, from which we branched off, which means
|
||||
it will sign all commits in our `temp` branch:
|
||||
|
||||
```shell
|
||||
git rebase --exec 'git commit --amend --no-edit -n -S' -i main
|
||||
```
|
||||
|
||||
Now that our commits are signed, we're ready to merge and push:
|
||||
|
||||
```shell
|
||||
git checkout main
|
||||
git rebase temp
|
||||
git push
|
||||
```
|
||||
|
||||
## Sources / Attribution
|
||||
|
||||
- <https://nixos.wiki/wiki/Btrfs>
|
||||
|
|
Loading…
Reference in a new issue