mbrasch mbrasch

Learning to use systemd-creds properly:

❯ pass show backups/notes | sudo systemd-creds encrypt --name=borg-notes - /tmp/borg-notes.creds

This encrypts with /var/lib/systemd/credential.secret, you can load using LoadCredentialEncrypted=:

https://systemd.io/CREDENTIALS/

In a systemd unit, if i provide the property LoadCredentialEncrypted=borg-notes:/tmp/borg-notes.creds, then I can run systemd-creds cat borg-notes to get the password:

❯ sudo systemd-run -P --wait -p LoadCredentialEncrypted=borg-notes:/tmp/borg-notes.creds systemd-creds cat borg-notes

Background

I have a brand new M1 MacBook Pro. I have a long list of complaints with homebrew, so I want to try Nix as my package manager instead, along with Home Manager to control my setup on a per-user basis. Once I've set this all up, theoretically, I should be able to reuse the same configuration on any other Macs I own.

What is Nix?

A reproducible, declarative package manager.

More info:

Install NixOS on ZFS With Opt-In State

Commands

# nvme0n1
# ├─nvme0n1p1    BOOT
# └─nvme0n1p2    LUKS CONTAINER
#   └─cryptroot  LUKS MAPPER
#     └─vg-swap  SWAP

Introduction

For a long time Windows user, starting using Mac can be an exercise in frustration and keeping your nerves at bay. Many things don't work as expected, need to be activated in some ways, keyboard shortcuts are non-existent or wildly different.

This page is a living reference of a Windows long-timer trying to do basic stuff on a Mac. If you see an easier way to achieve certain things, don't hesitate to drop a comment.

Autofs on Mac OS X

With autofs you can easily mount network volumes upon first access to the folder where you want to mount the volume. Autofs is available for many OS and is preinstalled on Mac OS X so I show you how I mounted my iTunes library folder using this method.

Prepare autofs to use a separate configuration file

autofs needs to be configured so that it knows where to gets its configuration. Edit the file /etc/auto_master and add the last line:

#
# Automounter master map
#

+auto_master # Use directory service

	# Edit this configuration file to define what should be installed on
	# your system. Help is available in the configuration.nix(5) man page
	# and in the NixOS manual (accessible by running ‘nixos-help’).

	{ config, lib, pkgs, ... }:
	{
	imports =
	[
	./hardware-configuration.nix
	];

	# https://github.com/diddledani/macOS-Linux-VM-with-Rosetta#setting-up-rosetta

	# 1. Run `sudo mkdir /var/run/rosetta`
	# 2. Run `sudo mount -t virtiofs ROSETTA /var/run/rosetta`
	# 3. Add the snippet below to /etc/nixos/configuration.nix

	boot.binfmt.registrations.rosetta = {
	interpreter = /var/run/rosetta/rosetta;
	magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00'';
	mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';

	#!/usr/bin/env bash
	set -exuo pipefail

	PROGRAM_NAME="$0"

	inst() {
	local system="" host="" action="install" from="auto" mount=""
	local -a nixCopyArgs
	while [[ "$#" -gt 0 ]] ; do
	case "$1" in

	# Edit this configuration file to define what should be installed on
	# your system. Help is available in the configuration.nix(5) man page
	# and in the NixOS manual (accessible by running ‘nixos-help’).

	{ config, pkgs, ... }:

	{
	imports =
	[ # Include the results of the hardware scan.
	./hardware-configuration.nix

	{ config, lib, pkgs, ... }:

	with lib;

	{
	imports =
	[
	<nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
	./machine-config.nix
	];