NixOS daily driver
Find a file
teutat3s b21b98dadd
ci: fix Host key verification failed
- Fix missing SSH known_hosts in deploy pipeline
- SSH tries to use Trust-On-First-Use (TOFU) interactively to add a new
  host key
- Verbose SSH logs show:
debug1: Server host key: ssh-ed25519 SHA256:1bbksDNYBWSh/rIFP7MMfs557kWn1dM64bpXdnfBE5E
debug1: read_passphrase: can't open /dev/tty: No such device or address
- deploy-rs uses nix, which uses SSH which doesn't use the environment variable
HOME, but rather /etc/passwd to find a user's HOME
- To solve this, we override SSH options using UserKnownHostsFile and
  the -i flag
2023-03-08 14:10:19 +01:00
.drone Drone: follow new upstream default branch main, cron fixes (#30) 2021-10-05 19:32:54 +00:00
.github workflows: switch to new default branch main 2021-10-21 18:28:12 -05:00
doc Run treefmt command 2022-11-20 23:28:23 +01:00
hosts/host_001_momo_koeln Remove unused bootstrap host 2023-03-07 01:19:46 +01:00
lib Run treefmt command 2022-11-20 23:28:23 +01:00
modules Make resumeDevice optional 2023-02-26 21:51:25 +01:00
overlays waybar: use nvfetcher to get most recent version 2023-02-28 14:07:01 +01:00
pkgs waybar: use nvfetcher to get most recent version 2023-02-28 14:07:01 +01:00
profiles add 001_momo_koeln 2023-03-07 00:48:42 +01:00
secrets Run treefmt command 2022-11-20 23:28:23 +01:00
shell devshell: remove unnecessary input 2023-01-29 02:39:19 +01:00
tests Run treefmt command 2022-11-20 23:28:23 +01:00
users ci: deploy host_001_momo_koeln on every push to 2023-03-07 17:33:01 +01:00
.drone.yml ci: fix Host key verification failed 2023-03-08 14:10:19 +01:00
.editorconfig editorconfig: fixup 2020-12-30 01:00:12 -07:00
.envrc direnv: update envrc 2022-04-30 15:58:00 +02:00
.git-blame-ignore-revs Ignore treefmt commit 2022-11-20 23:30:58 +01:00
.gitignore modules: remove redundant server module, SSH is enabled in core profile, too 2021-10-23 23:28:42 +02:00
bors.toml bors.toml: don't delete merged branches 2021-05-14 22:49:39 -07:00
CHANGELOG.md Run treefmt command 2022-11-20 23:28:23 +01:00
COPYING init 2019-12-02 22:18:30 -07:00
default.nix Run treefmt command 2022-11-20 23:28:23 +01:00
flake.lock flake: make digga, deploy, agenix follow existing 2023-02-01 11:29:34 +01:00
flake.nix add 001_momo_koeln 2023-03-07 00:48:42 +01:00
LICENSE.md Run treefmt command 2022-11-20 23:28:23 +01:00
README.md Run treefmt command 2022-11-20 23:28:23 +01:00
shell.nix lib: move compat to lib 2021-04-18 20:51:47 -06:00
treefmt.toml Switch to alejandra for formatting 2022-11-20 23:23:28 +01:00

PubSolarOS

Welcome to PubSolarOS, a very opiniated Linux (NixOS) distribution for the nerdy.

We're creating this distribution for our own personal use and fun, but take pride in our craft. As of 14.08.22 it's running on 14 physical devices, both x86_64 and aarch64.

At its core, it's a NixOS installation running our configuration. The UX decisions and the way the project is structured are what make it PubSolarOS:

  • Reproducibility is king, and the future is with declarative and functional programming. Even if Nix does not turn out to be the end-all-be-all of reproducible package management (Guix looks good), it has a plethora of packages, a very active and helpful community, and very solid software engineering practices.
  • Because reproducibility is king, we're using nix flakes for locking flake dependencies. Digga is our flake utility library, made by the wonderful people of the Divnix community.
  • Physical devices are not shared anymore nowadays. Only seldomly will you find shared devices that need more than one user account. For this reason, only one user (excluding root) is assumed.
  • Keyboard navigation wins where it matters; ergonomics, programmability, efficiency, and speed. We use a tiling window manager (sway) and prioritize cli-based solutions where sensible. The editor is neovim configured to be just as opiniated as the operating system it is a part of. For mailing, neomutt is the default, but we're more divided on that part.
  • We like new and shiny things, so we've moved to Wayland and pipewire.
  • SICHERHEIT is written in capital letters at pub.solar, so we have first- class disk-encryption support. Currently in the works is a paranoid mode where the device can only hibernate (no more sleep or lockscreen) so your data is locked any time you leave the device.
  • Free software is better. If we can avoid it, nonfree software is avoided. By default, allowUnfree is false so we don't ship non-free software in a basic PubSolarOS ISO. However, nothing prevents you from using as much non-free software as you like.
  • Automation is better. The reproducibility of nix feels so much more powerful once you're deploying your new configuration from your laptop to all your other devices with one command. We have an automated CI using drone.
  • Community is important. We just like working on this together, and it feels really good to see our progress at the end of a hakken.irl session.

To get started, take a look at the quick start guide in our docs.