These are my dotfiles managed with chezmoi.io for Linux and MacOS (and partially the other shit OS which desperately tries to convert itself into a *nix OS) and NixOS configurations for Desktop and VM.

See the documentation to learn how to install NixOS on to your system or in a VM.

To install configuration files we use chezmoi:

chezmoi init https://github.com/gabyx/chezmoi.git
chezmoi diff

and to apply use

• For non encrypted files use (which is truly non-interactively, no passphrase prompt)

  just apply-configs-exclude-encrypted

• For encrypted files use (which might prompt for the passphrase):

  just apply-configs

To deploy the configs you need the minimal stuff installed:

• findutils
• delta
• git
• git-lfs
• age
• just

Chezmoi is configured to use age as encryption tool with a secret private-key file config/dot_config/chezmoi/key.age which was generated with:

age-keygen > key
age-keygen | tee | age -e --armor > key.age && rm key

where the printed private key P acts as the passphrase to decrypt key.age.

This file key.age is encrypted and contains the private key for all age encryption in this repository. The file is encoded in human-readable PEM format (--armor).

The file key.age is decrypted when chezmoi apply is run in a before hook such that all encrypted files can be decrypted in one go. The decrypted key is then again deleted in a after hook](config/run_after_delete-decrypted-private-key.sh).

The "passphrase" P can be stored into the login keyring to make just cm apply pass non-interactively:

secret-tool store --label='Chezmoi Key-File Passphrase' chezmoi keyfile-private-key

Inspect the store with seahorse.

Sometimes it does not start due to credential backend changes (?). Specify element-desktop --password-store="gnome-libsecret" once, which should fix that.

I am using gnome-online-accounts because they work flawlessly for a various of different providers (google, Exchange). The mail/calendar client evolution is really good and has a very nice user-experience also with PGP etc. It is honestly better than thunderbird and integrates better into the system and also from a security perspective (does not contain a browser etc.).

Automated setup of these online accounts apparently works but is still a bit brittle. It is crucial to follow the below steps.

Setting up the accounts happens with the two folders:

• ~/.config/goa-1.0
• ~/.config/evolution/sources

Skip to step 3 on a fresh system.

1. Check that there are no online accounts already setup:

   XDG_CURRENT_DESKTOP=GNOME gnome-control-center

   Check tab Online Accounts.

2. Make sure you do not have anything in your login keyring with a name starting with GOA. Check seahorse. Should be automatically true if no online accounts are setup.

3. Kill all evolution processes: evolution --force-shutdown.

4. Delete all evolution settings and state:

   Stop also the services for evolution:

   systemctl --user stop evolution-addressbook-factory.service
   systemctl --user stop evolution-calendar-factory.service
   systemctl --user stop evolution-source-registry.service
   systemctl --user daemon-reload

   rm -rf ~/.config/evolution
   rm -rf ~/.local/share/evolution

5. Apply the two folders ~/.config/goa-1.0 and ~/.config/evolution/sources with (uncomment the ignore in .chezmoiignore).

   just cm apply
   
   find ~/.config/evolution/sources -type f -name "*.source" | \
      xargs -I {} sed -i -E "s@NeedsInitialSetup=false@NeedsInitialSetup=true@" {}

6. Restart the dbus service, as it controls the goa-daemon. Since we are using dbus-broker which exposes all dbus services as systemd services we can restart it together with the evolution services which might still be running.

   systemctl --user restart dbus-broker

   This should log you out and then login again.

   Only resetting with systemctl --user restart dbus-:[email protected] or just login out did not work.

7. Stop any evolution already running after login.

   evolution --force-shutdown
   systemctl --user stop evolution-addressbook-factory.service
   systemctl --user stop evolution-calendar-factory.service
   systemctl --user stop evolution-source-registry.service

8. Now provide credentials to the online accounts in gnome-control-center:

   XDG_CURRENT_DESKTOP=GNOME gnome-control-center

9. Check mail.nix for adjustments in the dconf settings GUID strings.

10. Start evolution and you should see now all accounts be connected and working. If evolution starts up without having picked up the accounts, you probably need another dbus restart above or logout or complete restart.

The script in uses khal to read the synced calendar entries with vdirsyncer which runs periodically.

It syncs google calendar and also the Outlook calendar over davmail which is configured with this file. Davmail will popup a window for the OAuth authentication if the token is not there.

• When I log out and in again, evolution gets sometimes really stuck in authentication and what helps is to do

     systemctl --user restart dbus-broker

• When vdirsyncer sync fails you can get the offending calendar entries by doing:

     curl -u "$user:$password" http://localhost:1080/users/[email protected]/calendar/<file-path>

  or delete it with

     curl -u "$user:$password" -X DELETE http://localhost:1080/users/[email protected]/calendar/<file-path>

  which resolves duplicate items issues.

• [] Consider using flake-parts and every file is a flake-part module It makes it much easier:
  • https://discourse.nixos.org/t/pattern-every-file-is-a-flake-parts-module/61271/16
  • https://github.com/vic/vix/blob/03d9abb6b8d664119fc6b16dd863b4aa038ef95a/modules/vic/doom.nix#L4
  • https://github.com/vic/vix/tree/main/modules