Compare commits
2 Commits
f6c357c6cb
...
b0159584c5
Author | SHA1 | Date |
---|---|---|
Benjamin Yule Bädorf | b0159584c5 | |
Benjamin Yule Bädorf | 9f655984a0 |
46
README.md
46
README.md
|
@ -1,46 +1,4 @@
|
|||
# PubSolarOS
|
||||
# b12f's nix config
|
||||
|
||||
Welcome to PubSolarOS, a very opiniated Linux (NixOS) distribution for the nerdy.
|
||||
This is my nix configuration. Questions? Ask me :)
|
||||
|
||||
We're creating this distribution for our own personal use and fun, but
|
||||
take pride in our craft. As of 14.08.22 it's running on 14 physical devices,
|
||||
both `x86_64` and `aarch64`.
|
||||
|
||||
At its core, it's a NixOS installation running our configuration. The UX
|
||||
decisions and the way the project is structured are what make it
|
||||
_PubSolarOS_:
|
||||
|
||||
- Reproducibility is king, and the future is with declarative and functional
|
||||
programming. Even if Nix does not turn out to be the end-all-be-all of
|
||||
reproducible package management (Guix looks good), it has a plethora
|
||||
of packages, a very active and helpful community, and very solid
|
||||
software engineering practices.
|
||||
- Because reproducibility is king, we're using nix flakes for locking flake
|
||||
dependencies. [Digga](https://github.com/divnix/digga) is our flake
|
||||
utility library, made by the wonderful people of the Divnix community.
|
||||
- Physical devices are not shared anymore nowadays. Only seldomly will you
|
||||
find shared devices that need more than one user account. For this
|
||||
reason, only one user (excluding `root`) is assumed.
|
||||
- Keyboard navigation wins where it matters; ergonomics, programmability,
|
||||
efficiency, and speed. We use a tiling window manager (`sway`) and
|
||||
prioritize cli-based solutions where sensible. The editor is `neovim`
|
||||
configured to be just as opiniated as the operating system it is a part
|
||||
of. For mailing, `neomutt` is the default, but we're more divided on
|
||||
that part.
|
||||
- We like new and shiny things, so we've moved to Wayland and pipewire.
|
||||
- SICHERHEIT is written in capital letters at pub.solar, so we have first-
|
||||
class disk-encryption support. Currently in the works is a paranoid
|
||||
mode where the device can only hibernate (no more sleep or lockscreen)
|
||||
so your data is locked any time you leave the device.
|
||||
- Free software is better. If we can avoid it, nonfree software is avoided.
|
||||
By default, `allowUnfree` is `false` so we don't ship non-free software
|
||||
in a basic PubSolarOS ISO. However, nothing prevents you from using
|
||||
as much non-free software as you like.
|
||||
- Automation is better. The reproducibility of nix feels so much more
|
||||
powerful once you're deploying your new configuration from your laptop
|
||||
to all your other devices with one command. [We have an automated CI using drone](https://ci.pub.solar/pub-solar/os).
|
||||
- Community is important. We just like working on this together, and it
|
||||
feels really good to see our progress at the end of a
|
||||
[hakken.irl](https://pub.solar/hakken) session.
|
||||
|
||||
To get started, take a look at the quick start guide in our docs.
|
||||
|
|
|
@ -9,21 +9,21 @@ with lib; let
|
|||
in {
|
||||
services.dbus.packages = [pkgs.gcr];
|
||||
services.pcscd.enable = true;
|
||||
|
||||
services.udev.packages = [pkgs.yubikey-personalization];
|
||||
services.yubikey-agent.enable = true;
|
||||
hardware.gpgSmartcards.enable = true; # for yubikey
|
||||
|
||||
services.gnome.gnome-keyring.enable = true;
|
||||
|
||||
hardware.gpgSmartcards.enable = true; # for yubikey
|
||||
|
||||
users.users."${psCfg.user.name}".packages = with pkgs; [
|
||||
libsecret
|
||||
gnupg
|
||||
];
|
||||
|
||||
programs.ssh.startAgent = false;
|
||||
programs.gnupg.agent = {
|
||||
enable = true;
|
||||
enableSSHSupport = false;
|
||||
enableSSHSupport = true;
|
||||
enableExtraSocket = true;
|
||||
pinentryFlavor = "gnome3";
|
||||
};
|
||||
|
||||
|
|
Loading…
Reference in New Issue