This is paranoid build with root on tmpfs
,
as described in my Privacy Basic Guide.
This means that everything outside of some directories of /etc
and some directories of /home
will be wiped out.
Read more about this in the NixOs Paranoid Guide
(this is also a good source NixOS tmpfs
as /home
).
-
Hyprland
Wayland window manager:-
Waybar
status bar. -
Nemo
file manager. -
Rofi-wayland
application launcher. -
Mako
notification daemon. -
Swaylock-effects
screen locker. -
NetworkManager
network management tool. -
Nerdfonts
.
-
-
foot
CLI-ready workflow withfish
,tmux
,git
,fish
,gpg
,ssh
,curl
,rsync
, and power tools likebat
,zoxide
,eza
,bottom
,broot
,fzf
,yazi
,ripgrep
,fd
,sd
,jq
,just
,lazygit
,lazydocker
,gh
, and more... -
Easy to develop environments with
nix-shell
direnv
, anddevshell
. You can put your soydev TypeScript/JavaScript/NodeJS stuff here. -
Text editor with Helix enabled with the following LSPs:
-
nil
: Nix -
bash-language-server
: Bash, Fish, Zsh, shell scripts, etc. -
rust-analyzer
: Rust -
gopls
: Go -
taplo
: TOML -
yaml-language-server
: YAML -
ruff-lsp
: Python -
marksman
: Markdown -
vscode-langservers-extracted
: HTML, CSS, and JSON -
texlab
:$\LaTeX$ -
ltex-ls
: LanguageTool for Markdown, HTML, and$\LaTeX$ . -
typst-lsp
: Typst
-
-
Catppuccin Mocha theme everywhere.
-
VPN support with
wireguard
-
Keyboard customizations with
keyd
: Caps Lock as Escape (if tapped) and Control (if held). -
Publishing and content CLI tools:
qpdf
,pandoc
,glow
,graphicsmagick
,tectonic
, andtypst
. -
OS-level ad-blocking with
StevenBlack/hosts
in the/etc/hosts
. -
Apps:
- Bitcoin tools such as Sparrow wallet and Bisq
- Encrypted backup tool with Cryptomator
- Signal messenger
- Firefox with Tor Browser also available
- Torrenting with Transmission
- Docker and Linux VMs with Podman and QEMU
- Offline password manager with KeePassXC
- Screen Recorder with OBS Studio
-
Prepare a 64-bit NixOS 23.11 minimal iso image and burn it, then enter the live system. Suppose I have divided two partitions:
/dev/nvme0n1p1
and/dev/nvme0n1p2
-
Format the partitions:
mkfs.fat -F 32 /dev/nvme0n1p1 mkfs.ext4 /dev/nvme0n1p2 # or use LUKS with cryptsetup luksFormat /dev/nvme0n1p2 encryptedroot
-
Mount:
mount -t tmpfs none /mnt mkdir -p /mnt/{boot,nix,etc/nixos} mount /dev/nvme0n1p2 /mnt/nix # or LUKS with mount /dev/mapper/encryptedroot /mnt/nix mount /dev/nvme0n1p1 /mnt/boot mkdir -p /mnt/nix/persist/etc/nixos mount -o bind /mnt/nix/persist/etc/nixos /mnt/etc/nixos
-
Generate a basic configuration:
nixos-generate-config --root /mnt
-
Clone the repository locally:
nix-shell -p git # recursive for git submodules git clone --recursive https://github.com/realeinherjar/flakes.git /mnt/etc/nixos/flakes cd /mnt/etc/nixos/flakes/ nix develop --extra-experimental-features "nix-command flakes" --extra-experimental-features flakes
-
Copy
hardware-configuration.nix
from/mnt/etc/nixos
to/mnt/etc/nixos/flakes/hosts/laptop/hardware-configuration.nix
:cp /mnt/etc/nixos/hardware-configuration.nix /mnt/etc/nixos/flakes/hosts/laptop/hardware-configuration.nix
-
Modify the overwritten
hardware-configuration.nix
:hx /mnt/etc/nixos/flakes/hosts/laptop/hardware-configuration.nix
... # This is just an example # Please refer to `https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/#step-4-1-configure-disks` fileSystems."/" = { device = "none"; fsType = "tmpfs"; options = [ "defaults" "size=12G" "mode=755" ]; }; fileSystems."/nix" = { device = "/dev/disk/by-uuid/49e24551-c0e0-48ed-833d-da8289d79cdd"; fsType = "ext4"; }; fileSystems."/boot" = { device = "/dev/disk/by-uuid/3C0D-7D32"; fsType = "vfat"; }; fileSystems."/etc/nixos" = { device = "/nix/persist/etc/nixos"; fsType = "none"; options = [ "bind" ]; }; ...
-
remove
/mnt/etc/nixos/flakes/.git
:rm -rf .git
-
Username modification: edit
/mnt/etc/nixos/flakes/flake.nix
to modify user variable, hostname modification: edit/mnt/etc/nixos/flakes/hosts/system.nix
to modify the hostName value in the networking property group -
Use the hash password generated by the
mkpasswd {PASSWORD} -m sha-512
command to replace the value ofusers.users.<name>.hashedPassword
in/mnt/etc/nixos/flakes/hosts/laptop/wayland/default.nix
(there are two places to be edited) -
Perform install:
nixos-install --no-root-passwd --flake .#laptop
-
Reboot
reboot
-
Enjoy it!
-
First, update the input in
flake
:# update the specified input nix flake lock --update-input <foo> <foo> # or update all inputs nix flake update # also you can reclaim storage with nix-collect-garbage -d
-
Then, rebuild and switch to the system after rebuild:
doas nixos-rebuild boot --flake .#<hostname>