gabrielgio.me @ 702cb5103b952bff6964c1214e583955a1e8fb16

702cb510Gabriel A. Giovanini
tar.gz
1 week ago 
New blog post about my setup

  1diff --git a/content/posts/2025-10.18-local-setup.md b/content/posts/2025-10.18-local-setup.md
  2new file mode 100644
  3index 0000000000000000000000000000000000000000..dae4761ffe25d22df85ce8935d50a4caf5acd1aa
  4--- /dev/null
  5+++ b/content/posts/2025-10.18-local-setup.md
  6@@ -0,0 +1,255 @@
  7+---
  8+layout: post
  9+title: "Notes on getting my local setup up to speed"
 10+date: 2025-10-18
 11+lastmod: 2025-10-18
 12+tags: ['alpine', 'nix']
 13+---
 14+
 15+Before we get to the actual setup, I'll first share some background on how I
 16+arrived at the solution I'm currently using. If you want to go to the actual
 17+steps jump to [provisioning](#provisioning).
 18+
 19+# Git
 20+
 21+One of the many chores in my day to day digital life is keeping the
 22+configurations between my home and work machines synced and tidy. I tried
 23+chezmoi[^1] at some point but it didn't stick (I don't recall why as it was many
 24+years ago). After some trial and error I have settled on using simple git
 25+repository in my home folder which I used for many years. The setup would be
 26+like:
 27+
 28+```bash
 29+cd $HOME
 30+git init
 31+echo "*" > .gitignore
 32+```
 33+
 34+And for every new file I wanted to keep track I'd add it  by `git add -f <FILE>`
 35+and once I'm on a new computer I'd git clone the repository on home folder to
 36+get configuration in their correct place.
 37+
 38+That repository contains all my essential configuration; shell files (.profile,
 39+fish configuration), applications (waybar, git, niri), my email configuration
 40+(aerc, maildir, notmuch), and yes, some of those have secrets stored in plain
 41+text (in a private repository, of course 😅).
 42+
 43+However that approach has some shortcomings when the configuration between
 44+computers differ. For example I can't simply commit my mail connection
 45+configuration (`aerc/accounts.conf`) since I have one for work with corporate
 46+email and one on my home machine with my private email as they would conflict.
 47+
 48+# Nix to rescue
 49+
 50+Now it comes Nix to the rescue! Or more specifically home-manger[^2].
 51+
 52+It all started at work where we had expanded our nix usage as a way to share
 53+resource between repositories (e.g.: linter configuration, required binaries to
 54+run tests). This daily exposure helped me to better understand its capabilities
 55+and it gradually started to grow with me.
 56+
 57+So naturally I have gravitated toward home-manger as way to have a global
 58+configuration for nix without having to use nixos, and the more I learned the
 59+more I saw the potential to use as my local configuration. After a couple of
 60+months gradually migrating my setup, I've now moved everything over to
 61+home-manager.
 62+
 63+Besides just dotfiles managing home-mamager allows me to supplement my setup
 64+with binaries that are not available on latest alpine. So lets share some
 65+details how I'm setting up home manger. Here[^7] is my full configuration
 66+repository for reference which runs on flake mode[^8]. I won't go into every
 67+details of all those files. You're better off following a dedicated guide on nix
 68+for that, but I'll share some key points.
 69+
 70+Looking at `flake.nix` we have two hostnames/profiles; home and work.
 71+
 72+```nix
 73+    "gabrielgio@workstation.lan" = home-manager.lib.homeManagerConfiguration {
 74+        inherit pkgs;
 75+
 76+        extraSpecialArgs = {
 77+          inherit inputs;
 78+          git = {
 79+            name = "Gabriel A. Giovanini";
 80+            email = "g.arakakigiovanini@gridx.de";
 81+          };
 82+        };
 83+
 84+        modules = [
 85+          ./home.nix
 86+          ./secrets/gridx/gridx.nix
 87+        ];
 88+      };
 89+      "gabrielgio@homestation.lan" = home-manager.lib.homeManagerConfiguration {
 90+        inherit pkgs;
 91+
 92+        extraSpecialArgs = {
 93+          inherit inputs;
 94+          git = {
 95+            name = "Gabriel A. Giovanini";
 96+            email = "mail@gabrielgio.me";
 97+          };
 98+        };
 99+
100+        modules = [
101+          ./home.nix
102+        ];
103+      };
104+```
105+
106+Both inherit the base packages and share the same core configuration on
107+`home.nix`, which contains shared dotfiles and packages. While you won't be able
108+to see the contents for obvious reasons, this file includes work related tools,
109+terraform linter, awscli2, internal tooling and much more.
110+
111+Now that extra git configuration is used to configure the proper git
112+configuration for each profiles. That later[^9] is used to set the jj config
113+files with the correct values.
114+
115+```nix
116+{
117+  pkgs,
118+  inputs,
119+  git,
120+  ...
121+}: let
122+  tomlFormat = pkgs.formats.toml {};
123+in {
124+  xdg.configFile."jj/config.toml".source = tomlFormat.generate "config.toml" {
125+    user = {
126+      name = git.name;
127+      email = git.email;
128+    };
129+    ...
130+}
131+```
132+
133+### Git crypt
134+
135+I use git-crypt[^10] to be able so share secrets between machines and still be
136+able to publicly share most of my configuration.
137+
138+## Why not nix-os?
139+
140+Pretty much because I like alpine. It is a simple, small and because of that,
141+the entire distro fits on my head[^4]. APK is straightforward to understand and
142+build yourself[^3]. OpenRC follows a simple model that's easy to make sense of
143+and dead simple to configure. I run it as my home and work computer as well as
144+my server (even running on diskless mode). It gets out of my way, and I haven't
145+seen any major issues even on major upgrades. 
146+
147+Also there's something about having 12 version of glibc installed that just does
148+not sit well with me. (some could argue I have felt for the sunk cost fallacy
149+but I will deny it!)
150+
151+# Provisioning {#provisioning}
152+
153+I have recently formatted my home computer and as always I forgot to take notes
154+so as ~~punishiment~~ exercise, I'll setup a VM from scratch to validate all
155+the steps are correct. In the end it should be a couple steps only.
156+
157+Similar to my other post[^5] we will be using qemu. First create the disk:
158+
159+```bash
160+qemu-img create -f qcow2 var.cow2 30G
161+```
162+
163+Later go to alpine and download the latest image for virtual[^6].
164+
165+Now we can start VM with:
166+
167+```bash
168+qemu-system-x86_64 \
169+    -machine accel=kvm \
170+    -display gtk \
171+    -smp $(nproc) \
172+    -m 2048 \
173+    -cdrom alpine-virt-3.22.2-x86_64.iso \
174+    -drive file=var.cow2,if=virtio
175+```
176+
177+Now run the classic `setup-alpine` then reboot and run `setup-desktop sway` and
178+`setup-devd udev`.
179+
180+## Niri for 3.22 and bonus building APKBUILD
181+
182+Now there is niri. On alpine it is already on community folder but it is not
183+available on 3.22. This means I need to setup APK building to build that
184+package. This approach is actually easier than build from source code directly,
185+since APKBUILD takes care of all development dependencies.
186+
187+```bash
188+# make sure you have community repository enabled on /etc/apk/repositories
189+doas apk add git alpine-sdk
190+addgroup <USER> abuild # might need to re-login or run: su <USER>
191+abuild-keygen -a -i
192+git clone --depth 1 https://gitlab.alpinelinux.org/alpine/aports.git
193+cd aports/community/niri
194+abuild -r
195+```
196+
197+Depending on your system configuration it will take some time to build but at
198+the end there will be a new folder `$HOME/packages` which contains the result of
199+the build. Add it to your `/etc/apk/repositories`.
200+
201+```bash
202+echo "/home/<USER>/packages/community" >> /etc/apk/repositories
203+apk add -U niri
204+```
205+
206+
207+To continue, here are the basic packages I typically install. I maintain a
208+shared list of common packages that can all be installed with a single command:
209+
210+```bash
211+curl https://artifacts.gabrielgio.me/world | xargs -I{} apk add {}
212+```
213+
214+## Getting home-manager off the ground
215+
216+Before we do anything with nix make sure you have `nix-daemon` running and your
217+user added to `/etc/nix/nix.conf`
218+
219+```bash
220+allowed-users = @nix <USERNAME>
221+build-users-group = nixbld
222+max-jobs = <CPU_COUNT>
223+extra-nix-path = nixpkgs=flake:nixpkgs
224+experimental-features = nix-command flakes
225+```
226+
227+Then:
228+
229+```bash
230+rc-service nix-daemon restart
231+```
232+
233+Clone home-manager repository:
234+
235+```bash
236+cd .config
237+git clone https://git.gabrielgio.me/home-manager
238+```
239+
240+Now run the shell with nh utility inside of the cloned folder:
241+
242+```bash
243+nix shell nixpkgs#nh
244+# inside of the shell run:
245+nh home switch .
246+```
247+
248+Now on the home folder we should see .profile linked `ls -lha $HOME`. Once here
249+exit tty1 and log in again and you should see niri. After that I have to add ssh
250+and pgp keys and I'm set.
251+
252+[^1]: https://github.com/twpayne/chezmoi
253+[^2]: https://github.com/nix-community/home-manager
254+[^3]: https://apkdoc.gabrielgio.me/
255+[^4]: https://drewdevault.com/2021/05/06/Praise-for-Alpine-Linux.html
256+[^5]: https://gabrielgio.me/posts/2023-04-30-using-data-mode-alpine/
257+[^6]: https://alpinelinux.org/downloads/
258+[^7]: https://git.gabrielgio.me/home-manager/tree/
259+[^8]: https://nix-community.github.io/home-manager/index.xhtml#ch-nix-flakes
260+[^9]: https://git.gabrielgio.me/home-manager/tree/jj.nix
261+[^10]: https://github.com/AGWA/git-crypt