Skip to content

sei40kr/dotfiles

BranchesTags

Repository files navigation

dotfiles

Made with Doom Emacs

Hosts

Host Platform Description
torrent NixOS (x86_64-linux) Desktop workstation
work nix-darwin (aarch64-darwin) MacBook Pro for work

Install

NixOS (torrent)

  1. Clone this repository into /etc/dotfiles:

    sudo git clone https://github.com/sei40kr/dotfiles.git /etc/dotfiles
sudo chown -R $USER /etc/dotfiles
ln -fs /etc/dotfiles ~/.dotfiles

  2. Move to /etc/dotfiles

    cd /etc/dotfiles

  3. Build and switch to the configuration:

    sudo nixos-rebuild switch --flake ".#${HOST}"

  4. Once you switch to the configuration, you can use nh to update the system (you may need to re-login before using nh):

    nh os switch

Secure Boot Setup (for hosts with Lanzaboote)

Some hosts (e.g., torrent) have Secure Boot enabled via Lanzaboote. For these hosts:

  1. Before installation, disable Secure Boot in your UEFI/BIOS settings.

  2. Complete the standard installation steps above.

  3. After the first boot, verify Secure Boot keys are generated:

    sudo sbctl status

  4. Reboot into UEFI/BIOS settings and enable Setup Mode (this clears existing Secure Boot keys).

    Note: Some BIOS menus may not have a "Setup Mode" option. In this case, delete all existing Secure Boot keys (PK, KEK, db, dbx) manually to enter Setup Mode.

  5. Reboot the system. Lanzaboote will automatically enroll the generated keys.

  6. Verify Secure Boot is working:

    sudo sbctl status

    You should see Secure Boot: ✓ Enabled.

Important

When Secure Boot is enabled, GRUB cannot be used. If you have a dual-boot environment, you need to select the OS from the boot menu (typically accessible via F8, F11, or F12 during boot).

macOS (work)

Prerequisites:

  • Nix package manager
  • Homebrew (nix-darwin manages Homebrew casks but does not install Homebrew itself)

  1. Clone this repository into /etc/dotfiles:

    sudo git clone https://github.com/sei40kr/dotfiles.git /etc/dotfiles
sudo chown -R $USER /etc/dotfiles

  2. Build and switch to the configuration:

    cd /etc/dotfiles
darwin-rebuild switch --flake ".#${HOST}"

  3. Once you switch to the configuration, you can use nh to update the system (you may need to re-login before using nh):

    nh darwin switch

GPG Key Restoration

GPG signing keys are stored in Bitwarden as secure notes named <hostname>: gpg-private.asc and <hostname>: gpg-revoke.asc.

  1. Copy the content of <hostname>: gpg-private.asc from Bitwarden
  2. Import the key: 
    gpg --import
# Paste the key content, then press Ctrl+D
  3. Trust the key: 
    gpg --edit-key <KEY_ID>
# Type: trust
# Select: 5 (ultimate)
# Type: quit

The revocation certificate (<hostname>: gpg-revoke.asc) should only be used if the key is compromised.

Acknowledgements

About

My dotfiles for NixOS & Darwin

Topics

dotfiles nixos nix-darwin nix-flake nixos-config nixos-dotfiles

Resources

Readme

License

MIT license
Activity

Stars

21 stars

Watchers

0 watching

Forks

3 forks
Report repository

Contributors

Languages