NixOS installation on a Dell XPS 15 9570
Use the Dell Update utility to get latest EFI/BIOS firmware and latest OS Recovery Tool versions.
- Free as much disk space as possible by removing/uninstalling unused files and softwares
- Unencrypt the disk by disabling BitLocker in order to unlock next defrag/resize actions. Un-encryption can be done through the settings manager. Beware that un-encryption takes several minutes.
- Defragment the windows partition with Macrorit.
- Resize the windows partition, still with Macrorit.
If you plan to use another tool to defrag (e.g. UltraDefrag or PerfectDisk), perform a boot time defragmentation to get rid of otherwise unmovable system files. Nevertheless, sometimes, due to stuck metadata in the middle of the NTFS part you might not be able to reduce the size of the windows partition above 50%.
- Download the latest NixOS iso
- Using Rufus, create the live USB. Check that it is labeled NIXOS_ISO otherwise you may get a "squashfs error... unable to read id index table."). A MBR partition table worked.
lsblkto get the device with the usb stick (e.g./dev/sdX)sudo cfdisk /dev/sdXand remove all partitions, then enterWriteand validate by typingyes- Copy all binary data from the iso to the bare usb stick device
sudo dd if=nixos-graphical-XXX-linux.iso of=/dev/sda status=progress
On hardware config menu (F2 while booting):
- Deactivate RAID and activate AHCI instead. Otherwise the live NIXOS won't see the RAID device before installation.
- For recent BIOS version (e.g. 1.8.1) Enable Legacy Option ROMs in Settings > General > Advanced Boot Options.
- Switch off secure boot
In some cases, legacy mode might be useful to boot on the live USB.
You may need to boot twice to see the USB in the list of bootloaders, first boot seems to detect the USB bootloader but do not show it.
On bootloader menu (F12 while booting), select the USB stick.
The root partition for / (root), will contain /home and the swap file. The root partition can be
- unencrypted :
mkfs.ext4 -L NIXOS /dev/xxx, or - encrypted :
cryptsetup luksFormat /dev/xxx # encrypt
luksOpen /dev/xxx enc-dev # open encryption; enc-dev is arbitrary and means encrypted-device
mkfs.ext4 -L NIXOS /dev/mapper/enc-devIn addition to the root partition, you need an ESP. If it does not already exist, target a 512 MiB, fat32 partition labeled ESP.
mount /device/disk/by-label/NIXOS /mnt
mkdir -p /mnt/boot
mount /device/disk/by-label/ESP /mnt/bootGenerate initial hardware-configuration.nix and configuration.nix in /mnt/etc/nixos/
nixos-generate-config --root /mnt
You can check that /mnt/etc/nixos/hardware-configuration.nix handles the encryption and the file-system.
Install using configuration.nix and hardware-configuration.nix
nixos-installOn newly installed NixOS you can only login with "root".
NB: the X server was not working for me until I updated the kernel (pkgs.linuxPackages_latest). nomodeset kernelParam might also help.
Download and install a custom configuration.nix from github
mv /etc/nixos/configuration{,.bak}.nix
mv /etc/nixos/hardware-configuration{,.bak}.nix
mkdir -p /root/Dev && cd /root/Dev
nix-env -i git
git clone https://github.com/JosephLucas/nixos
nix-env -e git
install -o root -g root -m 644 configuration.nix /etc/nixos/You might want to edit by hand the /etc/nixos/hardware-configuration.nix using info in /root/Dev/nixos/hardware-configuration.nix. Then
dir="etc/nixos/overlays" && mkdir -p /"$dir" && chmod -R 644 /"$dir" && install -o root -g root -m 644 "$dir"/* /"$dir"/
dir="root/nixos/secrets" && mkdir -p /"$dir" && chmod -R 644 /"$dir" && install -o root -g root -m 644 "$dir"/ddclient.conf /"$dir"/Fill by hand /root/nixos/secrets/ddclient.conf missing fields. Then
install -o root -g root -m 644 root/nixos/lightdm_backgroung.png /root/nixos/
nix-channel --add https://nixos.org/channels/nixos-unstable nixos
Check current channels with nix-channel --list.
Rebuild NixOS
nixox-rebuild switch --upgrade
rm -r /root/Dev
su <user> # change user
passwd # replace old passwd 1234 (default) with a new passwd
Add a user icon using accountsservice package. Following the arch linux documentation:
cd ~ && mkdir ~/Dev
git clone https://github.com/JosephLucas/nixos
Next commands must be executed as sudo since the image is seen by all through lightdm login GUI
su root
user="<user>"
configFile="/var/lib/AccountsService/users/$user"
iconFile="/var/lib/AccountsService/icons/$user.png"
install -o $user -g users -m 655 /home/$user/Dev/nixos/home/user/.face "$iconFile"
# Edit the 'Icon' variable if it exists or insert a new 'Icon' variable
grep -qF '[User]' "$configFile" || echo '[User]' >> "$configFile"
grep -qF 'Icon' "$configFile" && sed -i "s%Icon=.*$%Icon=$iconFile%g" "$configFile" || echo "Icon=$iconFile" >> "$configFile"
chmod 644 "$configFile"
Another solution would be to use the ~/.face path. But this requires giving read+exec permissions on ~user to the lightdm user.
Install home-manager:
su <user> # next cmds should not be executed as root but as <user>
cd ~ && mkdir -p .config/nixpkgs
ln -s $HOME/Dev/nixos/home/user/.config/nixpkgs/home.nix $HOME/.config/nixpkgs/home.nix
nix-channel --add https://github.com/rycee/home-manager/archive/master.tar.gz home-manager
nix-channel --updateLog out and log in (duno why but seemed necessary). Then do install home-manager and create the first user-generation
nix-shell '<home-manager>' -A installBefore switching, it is necessary to : (i) activate RAID (ii) activate "secure boot"; for booting on Windows (i) activate AHCI (ii) deactivate "secure boot"; for booting on systemd-boot/NIXOS
In xfce4-settings-manager > Appearance:
- "Tango" icon theme
- "Adwaita dark" style, a gtk2 and gtk3 theme
For applications using the Qt GUI library, use qt5ct application to adjust the theme.
Enable writing french with a QWERTY:
- go to settings-manager > keyboard > layout
- in layout option", set a shortcut to switch keyboard.
- add "English (US, intl. with dead keys)"
(a "dead key" is a key doing nothing when pressed once, e.g. ` is a dead key for this layout)
Then, add an item in the xfce panel to see the current keyboard.
When using this last keyboard:
| typing | gives result |
|---|---|
| ` + a | Ă |
| ´ + e | é |
| Alt + ´ | ' |
| Alt + Shift + ¨ | " |
| Alt + , | ç |
In xfce4-terminal: Edit > Preferences > Colors and edit the specific color
xfce settings-manager > Session and startup > Application autostart, and add
i3, the window manager andudiskie --tray, the panel item of udiskie for managing removable media
Good read about security/privacy on the web.
Sites to test security/privacy:
- browserprint.info
- amiunique.org/
- panopticlick.eff.org/
- privacy.net/analyzer/
Add a "master password" to secure the access to passwords registered in firefox.
Install uBlock, CanvasBlocker, Decentraleyes firefox extensions.
Create a new firefox profile directory with the "Profile Manager", executed with
firefox --no-remote -PThen load the user config
mkdir -p ~/Dev && cd ~/Dev
git clone -b relaxed https://github.com/pyllyukko/user.js
ln -s $HOME/Dev/user.js/user.js $HOME/.mozilla/firefox/mermiu44.<user>/
Install "Search Google Scholar" extension.
Go to Preferences > Search > One click search engines
Add a keyword to preferred search engines.
To use a specific search engine:
- select the bar
- tap the keyb plus a space
- continue with request
Install French Spelling Dictionnary. In text field it is now possible to use this spellchecker with the right button.
Make sure the shadowfox nixos package is installed, then
shadowfox-updaterWith tab/enter:
- select your .mozilla/firefox/
- Install/Update
- exit and start firefox
Install the "Dark reader" extension and "Dark" theme within Firefox.
(seems not needed anymore): solve the white flash when firefox loads a new page :
echo '.browserContainer { background-color: #000000 !important; }' >> .mozilla/firefox/ir3ucze0.default/chrome/userChrome.cssThunderbird'support of Gmail and Gmail's support of Thunderbird. Comprehensive webpage support.
Install a french dictionary for spellchecking.
Preferences > Display > Colors ...
Select a gray background, an almost white text and set the Override colors ... multi-choice list to Always
If you cannot see pidgin plugins:
- Close and restart pidgin
- If last step did not work: delete previous pidgin configuration
rm -r ~/.purpleand restart pidgin
If after pairing, you cannot connect due to blueman.bluez.errors.DBusFailedError: Protocol not available...:
killall pulseaudioIf needed
connect_boseQC35Beware plug'in jack headset with hotplug, your ears may suffer !
If, when you plug a headset via a jack plug, the hotplug activation yields a loud crackling sound, it might be a larsen. I solved a larsen by just lowering (or muting) the headset microphone. Do it via alsamixer if it's not feasible via pavucontrol.
If pavucontrol is not showing all output sources, you may want to reset pulseaudio user settings.
rm -rf ~/.config/pulseaudioThere is no NixOS package for OnlyOffice yet. OnlyOffice AppImage or tarball both use binary dependencies compliant with the FHS. These packages do not play well with nixos thus the docker image seems the best way to install OnlyOffice.
wget http://download.onlyoffice.com/install/opensource-install.sh
bash opensource-install.sh -md yourdomain.comIn my case, the domain is localhost, thus replace yourdomain.com by localhost.
Once installed and launched, open a browser and go to the url localhost. It will open a javascript page and setup OnlyOffice.
EDIT :
With previous installation NGINX workers where allocating too much RAM (around 8Go) and it was not easy to configure that, even with NGINX_* env variables in onlyoffice docker containers.
Tried unsuccesfuly to use docker-compose. After that a new problem was to configure nginx to "listen localhost" (allow requests from localhost).
Copy this repository .config/fish folder, then/or
fish_config NB: the preview of the shell prompt depends on the current folder when you exec fish_config.
If you want to preview the git hints, be sure to be in a git versioned folder.
(in Help | Edit custom properties...) Adding suppress.focus.stealing=false in custom properties fixes.
With the associated i3 config, all windows of pycharm open in ws1. Set ws1 in tabulated (mod+w) for an optimised workflow.
Associated .gitconfig allows to use pycharm diff and merge tools.
Use OpenDNS
OpenDNS provides phishing protection and custom content filtering. Create an account on https://www.opendns.com/ and configure the remote dns server. Add your IP network (the public ip) so that openDNS can recognise you.
To handle a changing public IP, enable ddclient. It will communicate the new IP to OpenDNS whenever the IP changes.
Good reads https://github.com/NixOS/nixpkgs/blob/release-18.09/nixos/modules/services/networking/ddclient.nix https://support.opendns.com/hc/en-us/articles/227987727-Linux-IP-Updater-for-Dynamic-Networks NixOS/nixpkgs#48432 NixOS/nixpkgs#24288
Create a configuration file based on the associated ./secrets/ddclient.conf template file
su root
mkdir -p /root/nixos/secrets/
vim /root/nixos/secrets/ddclient.confEdit the <...> fields of the ddclient.conf file. Then, still as root
chown -R root:root /root/nixos/secrets
sudo chmod -R 600 /root/nixos/secretsDisable ipv6 since "if using IPv6 connectivity (for DNS queries), the additional features of OpenDNS (content filtering, individual domain blocking, logs and stats, etc) do not take effect, because you cannot register your IPv6 address at https://dashboard.opendns.com/settings/ yet"
As much as possible standard shortcuts are used
XFCE
| Alt+F3 | app finder |
i3
| Mod+D | dmenu |
| Mod+Shift+q | kill current window |
| Mod+Shift+x | lock screen |
| Mod+w | horizontally tab windows |
| Mod+s | vertically tab windows |
Download battle.net client app, then install it within a 32bits wine
env WINEARCH=win32 wine Downloads/Battle.net-Setup.exeWhen installing client app, if you get
We couldn't verify the digital signature of your Battle.net Agent.
Follow the steps in this support article to fix this issue.
Error Code: BLZBNTBNA0000000C
Following official support page:
-
Close any running linux firefox
-
Install wine firefox
env WINEARCH=win32 winetricks firefox
-
Go to https://www.digicert.com/digicert-root-certificates.htm with wine firefox
-
Find, DigiCert Assured ID Root CA and click Download
You should now have a certificate. If it is not the case go to the support page for more information.
Steam seems to remember the video card used during its own installation or first start. If the card used while launching the game differs from the card used to install steam, problems may occur.
To totally reset the configuration of steam:
rm -r /home/<user>/.local/share/Steam .steam
Then restart steam with the dedicated Geforce graphic card instead of the integrated Intel graphic card.
Check that steam uses the right card : Help > System Information > Video Card.
Try some packages in the user space
nix-env -iA packagenix-collect-garbage --delete-older-than 3dGet all packages installed in the user space
nix-env -qUninstall a package
nix-env -e packageWhen a pull request is merged, it is first integrated to nixos-unstable-small channel. Some times later binary builds of the corresponding packages are made available on nixos-unstable channel. It might be useful to switch to the small channel to get a quick fix even if a local build will be requested.
nixos-rebuild switch --upgrade is equal to nix-channel --update nixos; nixos-rebuild switch : i.e. it first update the channels and then rebuild the system.
If you want to:
- add/remove a package but keep all other package as they are :
nixos-rebuild switch - upgrade all packages to latest versions (described in the corresponding branch of nixpkgs) or get a merged pull request on master:
nix-channel --add https://nixos.org/channels/nixos-unstable-small nixos
nixos-rebuild switch --upgrade
After some times you can return to unstable to benefit from the binary cache
nix-channel --add https://nixos.org/channels/nixos-unstable nixosGet available wifi:
iwlist <interface> scan
Web interface is found using:
ip link show
nix search wget or go to https://nixos.org/nixos/packages.html
A comprehensible example and some explanations.
Beware the "busybox" package, it seems to disturb the standard functioning of some commands.
For instance ps wont have anymore the -p option if busybox is installed.
nix-env -iA nixos.pstree does not install the real pstree, since the former would return:
pstree $Revision: 2.39 $ by Fred Hucht (C) 1993-2015
EMail: fred AT thp.uni-due.de
Usage: pstree [-f file] [-g n] [-l n] [-u user] [-U] [-s string] [-p pid] [-w] [pid ...]
-f file read input from <file> (- is stdin) instead of running
"ps -eo uid,pid,ppid,pgid,args"
-g n use graphics chars for tree. n=1: IBM-850, n=2: VT100, n=3: UTF-8
-l n print tree to n level deep
-u user show only branches containing processes of <user>
-U don't show branches containing only root processes
-s string show only branches containing process with <string> in commandline
-p pid show only branches containing process <pid>
-w wide output, not truncated to window width
pid ... process ids to start from, default is 1 (probably init)
Process group leaders are marked with '='.that seems to correspond to https://github.com/tmm1/pstree which is not the expected pstree.
Install expected pstree through nixos.pismic.
"Unlock" the panel of xfce if you want to move it. This can be done in the preference of the panel.
Clear systemd journals older than X days
journalctl --vacuum-time=10dClear systemd journals if they exceed X storage
journalctl --vacuum-size=2GTo debug dns lookups
nslookup -type=txt debug.opendns.comThe state of NixOS is backed up through the commited configuration.nix and the state of user configurations (dotfiles/wallpapers) are commited through home-manager home.nix and some commited files (wallpapers) too.
Some files are too heavy to be commited or contain personal data. These files/folders that should be backed up by hand, are:
- in the $HOME: Documents, Dev, Images, Music, Videos, Nextcloud, Backups
- Firefox bookmarks (export them passing by Ctrl+Shift+O)
- Thunderbird mail filters ./thunderbird/.../msgFilterRules.dat
- XFCE config files .config/xfce (FIXME: didn'tried to restore them yet)
When using thunderbird backups, check that thunderbird is not running when copying msgFilterRules.dat files. Otherwise thunderbird wont load the files and will even erase them when it stops.
Main differences with the install of arch linux on an ASUS zenbook pro UX32VD:
- systemd-boot instead of rEFInd
- i3 instead of xfce window manager
- icon-theme "tango" (already in default in xfce) instead of gnome-humanity
- fish shell instead of grml zsh
solve annoying prompt for nextcloud client
Install missing antidote
Install and pair LineageOS for mobile phone.
Explain file meanings: e.g. : dotfiles/.face is a png image used showing the user face in lightdm
Ristretto as an issue with thumbnails/preview images. Use feh instead, it is even more powerful.
Add custom actions for Thunar
Create a package for "i3lock-fancier" instead of "i3lock-fancy" : to allow switching keyboard layout while the screen is locked and you type a password.
Icons are in /run/current-system/sw/share/icons/
Do TIPP10: learn to type efficiently