Readme updare

README.md

@@ -1,13 +1,13 @@
 # dotfiles
 
-- my personal nix dotfiles in the **flake**
+- best NixOS starter dotfiles in the **flake** setup
 
 ## Build and deploy
 
-- simple build command for system
+- simple build command for system using kogami profile
 
 ```bash
-git clone https://git.foglar.tech/foglar/dotfiles.git $HOME/.dotfiles 
+git clone https://git.foglar.tech/foglar/dotfiles.git $HOME/.dotfiles
 sudo nixos-rebuild switch --flake ~/.dotfiles#kogami
 ```
 
@@ -32,18 +32,124 @@ sudo nixos-generate-config --dir ~/.dotfiles/ginoza
 sudo nixos-rebuild switch --flake ~/.dotfiles#kogami
 ```
 
-## Features
+## Profiles
+
+- The system consists currently from 2 profiles:
+  - [Kogami](./kogami/configuration.nix) - My daily driver notebook
+  - [Ginoza](./ginoza/configuration.nix) - Old notebook, only essentials installed
+  - Nix-On-Droid - in future
+  - Nix on not nix-distro - in future
+  - Nix server - in future
+  - Nix in WSL - in future
+
+### Custom setup
+
+- You can simply modify profile by editing (for example kogami profile) [./kogami/configuration.nix](./kogami/configuration.nix), for system settings and [./kogami/home.nix](./kogami/home.nix), for user settings.
+- All possible options are automatically set:
+  - for system settings in [system.nix](./nixos/system/system.nix)
+  - for system packages in [packages.nix](./nixos/system/packages.nix)
+  - for home-manager or user configuration in [home.nix](./nixos/home/packages/packages.nix)
+- Many options are by default set to true, so you should disable them in your own configuration
+> [!IMPORTANT]
+> Don't forget to edit your username in [flake.nix](./flake.nix) and other settings like preffered shell and browser etc...
+
+## Default Features
+
+| System features |                           |
+| --------------- | ------------------------- |
+| OS              | NixOS                     |
+| Display Server  | Wayland                   |
+| Window Manager  | Hyprland                  |
+| Fonts           | Monaspace                 |
+| Colorscheme     | Stylix (Catppuccin Mocha) |
+| Icon theme      | Papirus                   |
+
+| User configuration |            |
+| ------------------ | ---------- |
+| Panel              | Waybar     |
+| Launcher           | Rofi       |
+| Terminal           | Kitty      |
+| Shell              | Zsh        |
+| Shell prompt       | Oh-My-Posh |
+
+> [!TIP]
+> Whole system is very configurable and customizable.
+> You can change default applications right in [flake.nix](./flake.nix) under userSettings
+
+- you can change your default system from Hyprland to GNOME or KDE, or maybe have all of them at the same time
 
 ### Secure Operations
 
-- file for sops is in **~/.config/sops/ags/keys.txt**
+- private key for sops is in **~/.config/sops/ags/keys.txt**
+
+- Generate your key using this command:
+
+```bash
+nix-shell nixpkgs#age -c age-keygen -o ~/.config/sops/age/keys.txt
+```
+
+- secrets are managed in yaml file [secrets.yaml](./nixos/system/packages/sops/secrets/secrets.yaml)
+- things that are actually managed in sops configuration:
+  - SSH keys
+  - Passwords
+  - Yubikey ID
+
+> [!NOTE]
+> This configuration will work fine even without SOPS configuration, if you don't need it justs ignore it.
+
+- for more information about SOPS and NixOS look at [Vimjoyer's](https://www.youtube.com/@vimjoyer/featured) [video on youtube](https://www.youtube.com/watch?v=G5f6GC7SnhU) or in [sops-nix repository](https://github.com/Mic92/sops-nix)
 
 ### Yubikey
 
-- setup your yubikey to work with current user
+- setup your Yubikey to work with current user
+- change your Yubikey ID in [yubikey.nix](./nixos/system/packages/yubikey.nix) or in [sops.nix](./nixos/system/packages/sops/sops.nix), you can add multiple IDs.
+- If you have multiple Yubikeys, run this for each of them.
 
 ```bash
 nix-shell -p yubico-pam -p yubikey-manager
 ykman otp chalresp --touch --generate 2
 ykpamcfg -2 -v
 ```
+
+- test your Yubikey with commands
+
+```bash
+nix-shell -p pamtester
+pamtester login <username> authenticate
+pamtester sudo <username> authenticate
+```
+
+- for more information about Yubikeys and NixOS look at the [nixos wiki](https://nixos.wiki/wiki/Yubikey) or [EmergentMind's](https://github.com/EmergentMind) [video on youtube](https://www.youtube.com/watch?v=3CeXbONjIgE)
+
+### SSH configuration
+
+- declarative ssh keys configuration
+- will be simplified in near future
+
+```bash
+nix-shell -p sops neovim
+
+# This is for Yubikey key generation.
+ssh-keygen -t ed25519-sk -N "" 
+# To generate normal key use same command:
+ssh-keygen -t ed25519 -N "" # without -sk
+
+sops edit ./nixos/system/packages/sops/secrets/secrets.yaml
+
+# if using NixOS on your server then:
+  #! Nothing to see here for now!!!
+# else:
+ssh-copy-id -i ~/.ssh/[key_name] [server_name]@[ip]
+
+# optional - add your host to ssh configuration
+nvim /nixos/system/packages/ssh-client.nix 
+```
+
+## Sources of inspiration
+
+- [EmergentMind's Nix-Config](https://github.com/EmergentMind/nix-config) - explanation of yubikey setup and declarative configuration of SSH keys
+  - [YT video](https://www.youtube.com/watch?v=3CeXbONjIgE)
+- [LibrePhoenix's Nix-Config](https://github.com/librephoenix/nixos-config) - if else options and modular control center
+  - [YT video about modular control center](https://www.youtube.com/watch?v=H_Qct7TVB6o)
+  - [YT video about if else options](https://www.youtube.com/watch?v=Qull6TMQm4Q)
+- [Vimjoyer's videos](https://www.youtube.com/@vimjoyer) - all videos

TODO.md

@@ -15,9 +15,10 @@
 - [x] options for YUBIKEY to make more sense and control
 - [x] power profiles solution in waybar
 - [x] auto-cpufreq
+- [x] ssh config module
 - [ ] modularity connected via configuration.nix file with home manager (disable gnome, gnome configuration will be disabled too)
 - [ ] neovim
-- [ ] librewolf and firefox fix
+- [ ] librewolf and firefox fix, extensions and bookmarks in librewolf
 - [ ] graph of my system structure
 - [ ] cleanup hyprland subtools (rofi, hyprlock, waybar)
 - [ ] modularize hyprland config into multiple files
@@ -25,7 +26,7 @@
 - [ ] make static background folder and figure out how to simply manage backgrounds across my devices
 - [ ] NVIDIA options
 - [ ] fix plasma manager and extend gnome configuration
-- [ ] merge shell aliases
+- [ ] nix-on-droid
 
 - [ ] update my home page and create new web
 - [ ] fix kde theme in stylix

flake.nix

@@ -62,14 +62,18 @@
       username = "shinya"; # konsta or shinya (else defaulting to shinya or none)
       hostname = "kogami"; # kogami or ginoza
 
-      shell = "zsh"; # bash, zsh, none
+      shell = "zsh"; # bash, zsh
       terminal = "kitty"; # kitty, alacritty, gnome-terminal
       browser = "librewolf"; # firefox, librewolf, qutebrowser
       editor = "neovim"; # neovim, vscode
 
       # List all themes: $ nix build nixpkgs#base16-schemes && ls result/share/themes
-      theme = "catppuccin-mocha"; #tokyo-night-dark, one-dark
+      theme = "catppuccin-mocha"; # tokyo-night-dark, one-dark
       background = "aurora_borealis.png";
+
+      plasma = false;
+      gnome = false;
+      hyprland = true;
     };
 
     system = "x86_64-linux";

ginoza/configuration.nix

@@ -67,6 +67,7 @@
       lock-on-remove = false;
       notify = false;
     };
+    ssh.client.enable = false;
   };
 
   # Basic programs to enable

kogami/configuration.nix

@@ -36,9 +36,6 @@
   sys = {
     audio.enable = true;
     desktop = {
-      plasma.enable = false;
-      gnome.enable = false;
-      hyprland.enable = true;
       steamdeck.enable = true;
     };
     fonts.packages = true;
@@ -71,6 +68,7 @@
       lock-on-remove = false;
       notify = true;
     };
+    ssh.client.enable = true;
   };
 
   # Basic programs to enable
@@ -78,13 +76,6 @@
   programs.wireshark.enable = true;
   programs.auto-cpufreq.enable = true;
 
-  programs.ssh.extraConfig = ''
-    Host masaoka
-      HostName 192.168.8.140
-      User foglar
-      IdentityFile ~/.ssh/id_masaoka
-  '';
-
   #services.twingate.enable = true;
 
   # Allow unfree packages

nixos/home/desktop/desktops.nix

@@ -1,5 +1,8 @@
-{lib, ...}:
 {
+  lib,
+  userSettings,
+  ...
+}: {
   imports = [
     ./hyprland/hyprland.nix
     ./kde/kde.nix
@@ -7,8 +10,17 @@
   ];
 
   desktop = {
-    gnome.enable = lib.mkDefault false;
+    gnome.enable =
-    kde.enable = lib.mkDefault false;
+      if userSettings.gnome
-    hyprland.enable = lib.mkDefault true;
+      then lib.mkDefault true
+      else lib.mkDefault false;
+    kde.enable =
+      if userSettings.plasma
+      then lib.mkDefault true
+      else lib.mkDefault false;
+    hyprland.enable =
+      if userSettings.hyprland
+      then lib.mkDefault true
+      else lib.mkDefault false;
   };
-}
+}

nixos/system/packages.nix

@@ -7,6 +7,7 @@
     ./packages/virtual-machines.nix
     ./packages/yubikey.nix
     ./packages/sops/sops.nix
+    ./packages/ssh-client.nix
   ];
 
   program = {
@@ -22,6 +23,7 @@
       lock-on-remove = lib.mkDefault false;
       notify = lib.mkDefault false;
     };
+    ssh.client.enable = lib.mkDefault true;
   };
   sys.desktop.steamdeck.enable = lib.mkDefault false;
   sys.security.sops.enable = lib.mkDefault true;

nixos/system/packages/ssh-client.nix

@@ -0,0 +1,19 @@
+{
+  lib,
+  config,
+  ...
+}: {
+  options = {
+    program.ssh.client.enable = lib.mkEnableOption "enable SSH client configuration";
+  };
+  config = lib.mkIf config.program.ssh.client.enable {
+    programs.ssh = {
+      extraConfig = ''
+        Host masaoka
+          HostName 192.168.8.140
+          User foglar
+          IdentityFile ~/.ssh/id_masaoka
+      '';
+    };
+  };
+}

nixos/system/system.nix

@@ -1,6 +1,7 @@
 {
   lib,
   config,
+  userSettings,
   ...
 }: {
   imports = [
@@ -21,9 +22,18 @@
   sys = {
     audio.enable = lib.mkDefault true;
     desktop = {
-      plasma.enable = lib.mkDefault true;
+      plasma.enable =
-      gnome.enable = lib.mkDefault false;
+        if userSettings.plasma == true
-      hyprland.enable = lib.mkDefault true;
+        then lib.mkDefault true
+        else lib.mkDefault false;
+      gnome.enable =
+        if userSettings.gnome == true
+        then lib.mkDefault true
+        else lib.mkDefault false;
+      hyprland.enable =
+        if userSettings.hyprland == true
+        then lib.mkDefault true
+        else lib.mkDefault false;
     };
     fonts.packages = lib.mkDefault true;
     locales.enable = lib.mkDefault true;