20230923 Nixos

Continue to improve the deck

One area the steamdeck sketches me out is “security”. Not so much financial information with the store but rather the security of the data on the desktop. The only thing protecting the desktop applications is a pin number.

While not the end of the world I keep a pretty sensitive todo list and information repository of files on most computers. I wouldn’t be in any trouble per say if someone gained access to it, but I’d prefer they not. I do consider the information to be private.

Luckily virtualization offers easy ways to encapsulate a more secure environment within a less secure one. It seems like Gnome Boxes is available as a flatpak and can be used to set up Qemu or KMS virtual machines.

Since this is a bit of an unreliable environment we can use something like Nix to allow us to quickly recover our configuration if steamos somehow eats our vm. I’ve seen alot of buzz around Nix and I’m eager to give the configuration declaration a try.

What’s needed

I think a good starting point here would be:

  • Any old desktop environment. Likely something light like XFCE or openbox.
  • Git
  • OpenSSH
  • Hugo
  • Emacs (native compilation?)
  • Python

Off to the races

Installation is the same as any Linux distro. Once you get done you’re facing:

nixos running in vm

And here we go. I’m in and reading the docs and it seems pretty easy at first glance. Up first you can easily try applications using:

nix-shell -p <package-name>

To install in the current session only an application. This seems pretty cool. Then there’s a configuration file /ect/nixos/configuration.nix that in theory gets called up by nixos-rebuild. The language for this file is dictionary/json/yaml like in that it just represents an object notation with some templates etc to abstract away repeated things.

First steps

Lets try to get emacs running first. In theory all that’s needed to get Emacs 29 installed (and repeatedly if we sync this file) is update our nix file:

trying to add Emacs

and then run nixos-rebuild. And….

it works!

I know much in the same I can add ssh, git etc and get my system bootstrapped in a repeatable way. I’m not certain what can be done to say automate adding SSH keys and fetching from GitHub. Perhaps at the very least I can have some scripts created automatically to save the shell commands.

I’m going to keep plugging away at this for the next bit, it seems very fun. I should be able to get a working, more secure vm before my next checkin.