• About
• Showcase
• Components
• Features
• Installation
• Keybindings
• Useful aliases in Fish Shell
• Useful info for Rustaceans
• Yubikey on NixOS
• License

This repository houses my NixOS Linux ❄️ flake configuration, featuring the Hyprland window manager and adorned with the stylish Catppuccin Macchiato theme. I rely on this setup as my daily driver for work and programming, primarily in Rust 🦀. Feel free to utilize it in its entirety or borrow specific components for your own configuration.

🚨 It's essential to note that this configuration is not minimalistic or lightweight and may require some disk space and knowledge to understand. If you're looking for something simpler, this configuration may not be suitable for you.

This system leverages cutting-edge channels and versions of software to provide you with the latest updates and features. Notably, it utilizes:

• flake (An experimental feature of the Nix package manager)
• nur (The Nix User Repository)
• nixpkgs: unstable
• rust: nightly version

This approach ensures that you stay on the forefront of technology, receiving the most recent software advancements promptly. 🚨 However, it's important to note that this emphasis on bleeding-edge software may impact the stability of the system.

🚨 Please note that the system utilizes Podman instead of Docker for containerization due to various reasons, primarily related to security (rootless and daemonless containers), easier migration to Kubernetes, availability of pods, compatibility with systemd, and better security for distrobox. If you prefer to use Docker instead of Podman, you can make the switch by commenting out the Podman section in the nixos/virtualisation.nix file and uncommenting the Docker section. More details on Docker configuration in NixOS can be found here.

The system also enables SELinux patches, as well as AppArmor and Tomoyo Linux Security Modules. It includes security daemons such as Fail2Ban and USBGuard, with Firejail preinstalled to meet your security requirements.

You have the flexibility to customize these configurations according to your needs by modifying the respective configuration files.

The showcased images do not reflect the latest version of the system's appearance. The final setup may vary slightly.

Showcase Video

And many other useful utilities. The full list can be found in the system configuration files at nixos directory.

• 🔄 Reproducible: Built on NixOS, this configuration can be effortlessly reproduced on other machines, ensuring a consistent setup.

• 🖌️ Consistent: Nearly every component has been meticulously styled to adhere to the Catppuccin Macchiato theme, providing a visually cohesive experience.

• ✅ Complete: This system is equipped with a wide range of components and utilities, akin to the completeness of operating systems like MacOS or Windows.

• 🎨 Customizable: Leveraging the power of Linux and Hyprland, this configuration offers extensive customization options, allowing you to tailor your setup to your preferences.

1. Download and Install NixOS from the official site.

2. Temporarily install ripgrep and fish using the command: nix-shell -p ripgrep fish --run fish. You can also use classic bash and grep for the next step without installing fish and ripgrep.

3. Run the command rg --hidden FIXME and change/add lines to match your device, swaps, partitions, peripherals, file systems, etc. in the configuration files.

   🚨 Ensure that you configure USBGuard in the nixos/usb.nix file to avoid potential issues. By default, USBGuard blocks all USB devices, which can lead to the disabling of crucial hardware components such as the integrated camera, bluetooth, wifi, etc. To configure USBGuard properly, add your trusted USB devices to the configuration. You can obtain a list of all connected devices by using the lsusb command from the usbutils package.

   Failure to configure USBGuard appropriately may result in the inability to connect any USB devices to your machine. If needed, you can also disable USBGuard altogether by setting services.usbguard.enable to false in the configuration:services.usbguard.enable = false;. This step ensures that USBGuard is not actively blocking any USB devices.

   🚨 Also important: If you use disk encryption with LUKS and want to use encrypted swap, you need to enable swap on LUKS. This is usually auto-generated in /etc/nixos/configuration.nix under commented sections titled # Setup keyfile and # Enable swap on luks if you set it up during the NixOS installation process. You can simply copy this snippet to either nixos/swap.nix, nixos/hardware-configuration.nix, or nixos/configuration.nix (Personally, I prefer to copy it to hardware-configuration.nix).

   Alternatively, you can set it up manually or use swap encryption with a random key.

4. To change the default username and/or hostname, run the command rg --hidden 'xnm' to find and fix all instances of the username, and rg --hidden 'isitreal-laptop' for the hostname. Make sure to change the username to match yours to avoid login issues. 🚨 Also, don't forget to change the git settings to yours in home/.gitconfig file.

5. Enable flake support (more here) on your current system. Don't forget to run sudo nixos-rebuild switch after enabling flake in your /etc/configuration.nix.

6. Copy all files (with replacements) from the home directory to your $HOME directory in Linux.

7. Copy all files (with replacements) EXCEPT hardware-configuration.nix from the nixos directory to /etc/nixos/. 🚨 It's recommended NOT to copy and replace hardware-configuration.nix; use default generated one, or only copy my hardware-configuration.nix if you have already change it for your hardware. 🚨 Ensure that system.stateVersion = "your_version"; is correctly set to the release version of the initial installation of your system in the configuration.nix file.

8. Run the command sudo nixos-rebuild switch --flake /etc/nixos#your-hostname. Replace your-hostname with your hostname before running the command; by default, it is set to isitreal-laptop. After this, you will have a complete system.

9. For an even more consistent experience across your apps, you can import Catppuccin theme config files into certain programs through their graphical user interfaces. This includes:

• Websites in your browser (Brave, Firefox, Chromium):

  • Install the Stylus Extension from its official website.
  • Open the extension's settings page and navigate to the Backup section.
  • Click "Import" and select the file home/.config/stylus-catppuccin.json.

• Cool-Retro-Term:

  • Launch Cool-Retro-Term.
  • Right-click on the window and select "Settings".
  • In the General panel, click "Import" and select the file home/.config/cool-retro-term-style.json.
  • Select the imported profile named "new-catppuccin-theme".
  • Click "Load" and exit from "Settings"

You can find all other keybindings in /home/.config/hypr/hyprland.conf in the bind section. All system fish scripts are located at /home/.config/fish/functions directory.

This system includes a fish shell configuration file (/home/.config/fish/config.fish) that provides various aliases to enhance your experience working with it.

Common commands:

• cl: clear the terminal screen (shorthand for clear)
• lgit: launch the lazygit command-line Git client
• ldocker: launch the lazydocker command-line Docker client
• conf: navigate to the ~/.config directory

NixOS-specific commands:

• nswitch: rebuild your system using the current flake
• nswitchu: rebuild and update your system using the current flake
• nau: add the unstable channel to the package manager
• nsgc: optimize the nix store and remove unreferenced and obsolete store paths (equivalent to sudo nix-store --gc)
• ngc: delete old generations of user profiles (equivalent to sudo nix-collect-garbage -d)
• nixos: navigate to the /etc/nixos directory
• store: navigate to the /nix/store directory

You can customize this configuration by adding more aliases to the file and editing existing ones. This makes your experience more personalized and smoother.

Here are some tips to enhance your Rust experience on this system:

1. Installation Customization: This system utilizes rust-overlay for Rust installation using the Nix approach. To customize the installation, including modifications to compilation targets, components, channels, or profiles, follow these steps:

   • Locate the nixos/rust-toolchain.toml file and make the necessary adjustments based on your requirements.

   • If you are working on multiple projects with distinct rust-toolchain.toml files or need to switch between stable and nightly Rust versions, consider the following options:

     • Set up a Nix environment using flake.nix and rust-overlay for each project separately. Utilize nix develop or direnv to manage project-specific Rust environments.

     • Alternatively, you can install rustup through environment.systemPackages and nixpkgs for a system-wide Rust setup. This allows you to manage Rust versions globally through rustup.

2. Troubleshooting Compilation Issues: If you encounter issues during Rust compilation, particularly those related to OpenSSL, SQLite, Wayland, or any other program utilized by pkg-config in the compilation process (see here), you can employ the nix-shell -p pkg-config {your_dependency} [other_dependencies] --run fish command. This command opens a Nix shell with the necessary dependencies, facilitating seamless code compilation. Alternatively, you can employ the approach outlined in the initial section (Installation Customization) by utilizing flake.nix with dev shell instead of nix-shell. Moreover, when using the Nix Dev shell, be aware that the compilation takes place in the runtime directory, which might be insufficient for certain projects. To address this, you can adjust the runtime directory size in the nixos/users.nix file under services.logind.extraConfig="RuntimeDirectorySize=8G".

3. Cross-Compilation: For cross-compilation, consider using tools like zigbuild or cross. Personally, I find zigbuild preferable, but both are valuable options for your cross-compilation needs.

4. Cargo and Rust Tools: This system comes equipped with a variety of cargo and rust tools to ensure a smooth Rust development experience. Some of these tools include:

   • rust-analyzer
   • cargo-watch
   • cargo-deny
   • cargo-audit
   • cargo-update
   • cargo-edit
   • cargo-outdated
   • cargo-license
   • cargo-tarpaulin
   • cargo-cross
   • cargo-zigbuild
   • cargo-nextest
   • cargo-spellcheck
   • cargo-modules
   • cargo-bloat
   • cargo-unused-features
   • bacon

5. Environment Setup: You can set up your Rust project environment on this system using nix develop or nix-shell with default.nix, shell.nix, or flake.nix to create a tailored environment for your Rust project (Also, I personally recommend using it alongside with direnv).

This repo contains a NixOS configuration file (nixos/yubikey.nix) enabling:

• Yubikey authentication with pam_u2f
• Passwordless login in greetd, sudo, ssh, and swaylock

🚨 Personal Recommendation: While convenient, using a Yubikey for display managers (like greetd) and screen lockers (like swaylock) without additional two-factor or multi-factor authentication (2FA/MFA) has risks. If your Yubikey is lost or stolen, someone could gain full system access before you reset keys. Yubikeys excel at protecting against online attacks but are less secure against offline attacks.

🛡️ For enhanced security and a passwordless experience: You can consider a YubiKey Bio Series device. These keys support FIDO2/WebAuthn and FIDO U2F and has built in fingerprint scanner for strong authentication. Please note, they do not offer Smart card, OpenPGP, or OTP functionality.

⚠️ Important Note: From personal experience, YubiKey integration on NixOS can sometimes be buggy or unstable. Experiment with caution, especially when combining different configurations and Linux programs.

This project is licensed under the MIT License - see the LICENSE file for details.