dotfiles

Personal dotfiles managed with Nix Home Manager.

Setup on a new machine

1. Install Nix

   sh <(curl -L https://nixos.org/nix/install) --daemon

   Restart your shell or run:

   . /etc/profile.d/nix.sh

2. Enable flakes

   mkdir -p ~/.config/nix
   echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf

3. Add yourself to trusted users

   echo "trusted-users = root $(whoami)" | sudo tee -a /etc/nix/nix.conf
   sudo systemctl restart nix-daemon

4. Clone this repository

   git clone https://github.com/vjrasane/dotfiles.git ~/dotfiles

5. Generate SSH key and add to GitHub

   ssh-keygen -t ed25519
   cat ~/.ssh/id_ed25519.pub

   Add the public key to GitHub at https://github.com/settings/keys

6. Set up age key for secrets decryption

   Create the age key directory and add your private key:

   mkdir -p ~/.config/age

   Add your age private key to ~/.config/age/keys.txt. The file should contain:

   # created: <date>
   # public key: age1...
   AGE-SECRET-KEY-...
   

7. Rekey secrets for the new machine

   Add the new machine's SSH public key to keys.nix:

   cat ~/.ssh/id_ed25519.pub
   # Add this to encryptionKeys in keys.nix

   Then rekey all secrets:

   cd ~/dotfiles
   agenix -r -i ~/.config/age/keys.txt

8. Apply Home Manager configuration

   nix run home-manager/master -- switch --impure --flake ~/dotfiles

   This installs all packages, creates symlinks, and decrypts secrets.

9. Set zsh as default shell

   echo "$(which zsh)" | sudo tee -a /etc/shells
   chsh -s $(which zsh)

Updating

# After editing home.nix (or use the alias)
hms
# or: home-manager switch --impure --flake ~/dotfiles

# Update flake inputs
nix flake update ~/dotfiles
hms

Home Manager also auto-switches on login via a systemd user service.

Optional: Work configuration

Create work.nix (gitignored) for work-specific git settings:

{
  user = "Your Name";
  email = "you@company.com";
  remotes = [
    "git@github.com:company"
    "https://github.com/company"
  ];
}

This adds conditional git includes for work repositories.

Secrets management

Secrets are encrypted with age and managed by agenix.

To add/edit secrets:

# Encrypt a new secret
age -r "$(cat ~/.config/age/keys.txt | grep 'public key' | cut -d: -f2 | tr -d ' ')" \
  -o secrets/mysecret.age /path/to/plaintext

# Decrypt a secret
age -d -i ~/.config/age/keys.txt secrets/mysecret.age

# Rekey all secrets (after adding new keys to keys.nix)
agenix -r -i ~/.config/age/keys.txt

Then add the secret to home.nix:

age.secrets.mysecret = {
  file = ./secrets/mysecret.age;
  path = "${homeDirectory}/.config/mysecret";
  mode = "0600";
};

USB display driver (Silicon Motion)

wget https://www.siliconmotion.com/downloads/SMI-USB-Display-for-Linux-v2.24.7.0.zip
unzip SMI-USB-Display-for-Linux-v2.24.7.0.zip
sudo apt update
sudo apt install dkms libdrm-dev
cd SMI-USB-Display-for-Linux-v2.24.7.0
chmod +x *.run
sudo ./SMIUSBDisplay-driver.*.run

# Uninstall
sudo ./SMIUSBDisplay-driver.*.run uninstall