emileclarkb/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

updated my personal GUIDE.md

Browse source 
rereading this now I don't fully agree with the home perms section... oops
This commit is contained in:
Emile Clark-Boman 2025-07-26 18:20:01 +10:00
parent 90be1ef9fb
commit f109744b87
2 changed files with 51 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

18
GUIDE
View file

@ -1,18 +0,0 @@
### Migrate to a Newer Version of Nixpkgs
```bash
# Determine the channel name you're using
nix-channel --list
nix-channel --remove <OLD_CHANNEL>
nix-channel --add <NEW_CHANNEL> # ie https://nixos.org/channels/nixos-25.05
nix-channel --update
# Now upgrade system profile (log to file in case of failure)
nixos-rebuild boot --upgrade | tee rebuild.log
```
### Finding New Things to Do
`man 5 configuration.nix` is incredibly useful
similar info can be found at https://mynixos.com/options
### For your curiosity
1. https://wiki.nixos.org/wiki/Firejail

51
GUIDE.md Normal file
View file

@ -0,0 +1,51 @@
### Migrate to a Newer Version of Nixpkgs
```bash
# Determine the channel name you're using
nix-channel --list
nix-channel --remove <OLD_CHANNEL>
nix-channel --add <NEW_CHANNEL> # ie https://nixos.org/channels/nixos-25.05
nix-channel --update
# Now upgrade system profile (log to file in case of failure)
nixos-rebuild boot --upgrade | tee rebuild.log
```
## Security Implications
### NixOS Default Home Permissions
```bash
# Executing from $HOME
>>> mkdir example.d && ls -l example.d
-rw-r--r-- 1 me users 1 Jul 25 10:13 example.d
>>> echo > example.f && ls -l example.f
-rw-r--r-- 1 me users 1 Jul 25 10:15 example.f
## But these ignore facl?
>>> getfacl "$HOME"
# file: home/me
# owner: me
# group: users
user::rwx
group::---
other::---
```
Many commands default to permissions that ignore the file access control listl (file ACLs).
This is not a NixOS specific issue. However this isn't ideal from a security perspective.
The simplest solution is a recursive `chmod -R 600 ~` but there are plenty of files we
intentionally want to be different.
> [!TODO]
> Solution: Make a Nix/Home-Manager package allowing for control over folder permissions.
> SOlution: Also it should warn if any files owned by $USER have a 2
## Further Reading
### Finding New Things to Do
`man 5 configuration.nix` is incredibly useful
similar info can be found at https://mynixos.com/options
### For your curiosity
1. https://wiki.nixos.org/wiki/Firejail