Conversation

Notices

1. Embed this notice
   Christine Lemmer-Webber (cwebber@social.coop)'s status on Tuesday, 28-Jan-2025 03:50:45 JST Christine Lemmer-Webber

   For those using Guix Home: tell me about your setup! In particular:

   - What do you like/don't like about it?
   - Do you manage multiple computers with it?
   - How do you store secrets, eg your password manager file and gpg/ssh keys?
   - How do you sync state?
   - Anything else you want to tell me!

   • Embed this notice
     Christine Lemmer-Webber (cwebber@social.coop)'s status on Tuesday, 28-Jan-2025 03:52:11 JST Christine Lemmer-Webber

     in reply to

     I suppose I should tag this Guix Home thread with #guix

   • Embed this notice
     wlo (wizard@xyzzy.link)'s status on Tuesday, 28-Jan-2025 08:17:49 JST wlo

     in reply to
     @cwebber
     likes:
     - it's all the benefits of guix system but for your user profile only!
     - it can manage configs for everything even if you're too lazy to write a scheme wrapper for them. just put dotfiles in a stow-compatible format and point it at that
     - does what it says on the tin and will not unrecoverably trash your home directory if you mess anything up
     dislikes:
     - limited number of services at this point
     - not much documentation on writing your own services
     - a pure-guile approach to a declarative user profile isn't as possible at the moment as nix was with home-manager. there are too many things that would be too tedious to guile-ify without much productive gain.
     
     multiple computers:
     all my guix-home configs go into https://codeberg.org/wloxyz/guix-configs. i pull from and push to that manually every time i make a change major enough for me to care to sync it.
     
     secrets:
     i use syncthing to sync my password-store database across devices. i use a yubikey for roaming gpg / ssh keys and store an encrypted backup on cold storage.
     
     i also use syncthing to sync a "cui" folder under my dotfiles folder. i put stuff in there that's okay to live in the guix store in plain text, but that i'd rather not have in a public git repo. ideally, the contents of this folder shouldn't be essential to the functioning of the rest of the system and should be easily recreatable by hand if needed. it's currently empty.
     
     state:
     what state? if it's stateful data, that's at least not guix-home's problem and at most syncthing's
     
     anything else:
     guix-home was a big motivating factor for me switching from NixOS to guix. it works very well for what it promises and i'm able to confidently move computers and retain my same comfy environment between them :)
   • Embed this notice
     Christine Lemmer-Webber (cwebber@social.coop)'s status on Tuesday, 28-Jan-2025 08:18:04 JST Christine Lemmer-Webber

     in reply to

     • wlo

     @wizard Oh hey this is really helpful and what I was hoping for! Thank you!

   • Embed this notice
     Christine Lemmer-Webber (cwebber@social.coop)'s status on Tuesday, 28-Jan-2025 08:26:08 JST Christine Lemmer-Webber

     in reply to

     • Jonathan Frederickson

     @jfred oh yes I have suffered the "a package fails to build and now I guess I'm not gonna use this manifest for now and just --upgrade" feels

   • Embed this notice
     Jonathan Frederickson (jfred@jawns.club)'s status on Tuesday, 28-Jan-2025 08:26:09 JST Jonathan Frederickson

     in reply to

     @cwebber Oh, one painful thing about it though is that when a package in your home config fails to build (which is still frustratingly common IME) it blocks you from reconfiguring until you remove it from the config. Better than it getting silently removed I suppose but it can be a pain. I know Guix lets you have multiple profiles which could help mitigate this but that doesn't seem to jibe that well with the way Guix Home expects you to do things

   • Embed this notice
     Jonathan Frederickson (jfred@jawns.club)'s status on Tuesday, 28-Jan-2025 08:26:10 JST Jonathan Frederickson

     in reply to

     @cwebber For state I use Syncthing via the home-syncthing-service-type. Works pretty well for syncing my org files between machines and my phone, as well as some larger things like my music library

   • Embed this notice
     Jonathan Frederickson (jfred@jawns.club)'s status on Tuesday, 28-Jan-2025 08:26:12 JST Jonathan Frederickson

     in reply to

     @cwebber I use it across all my non-server computers and love it. Same base config across all of them with a few tweaks for e.g. work-only/sensitive configs

     I haven't really worked out secrets management very well beyond using Bitwarden for web stuff. Outside that I've just got authinfo files on each machine so far, and use things like remotepasseval in offlineimap. But secrets management has been a perennial frustration with Guix for me and I feel like Guix really needs a common answer for it

   • Embed this notice
     Ludovic Courtès (civodul@toot.aquilenet.fr)'s status on Tuesday, 28-Jan-2025 23:07:55 JST Ludovic Courtès

     in reply to

     @cwebber

     - I dislike that the Home team is next to nonexistent. :-)
     - single computer
     - ‘home-gpg-agent-service-type’ for SSH + GPG and out-of-band KeepassXC and ~/.authinfo.gpg
     - periodic backups via a Shepherd timer
     - I also use ‘home-dotfiles-service-type’ for “random config files”.

     I wish I had a Git service and other things that would make my config less stateful!

   • Embed this notice
     Janneke (janneke@todon.nl)'s status on Tuesday, 28-Jan-2025 23:26:52 JST Janneke

     in reply to

     @cwebber

     + managing of daemons (ssh-agent, git-daemon, kodi, ...) instead of through login scripts magic
     +/- i used to have everything in git, secrets, state, config. i have moved most if not all config to guix home and now it's much cleaner, (although i wonder about the wisdom of specifying .ssh/config as an sexp tree instead of a file in git). now i have /and/ git for secrets and state, /and/ guix home, so one more hoop to jump through configuring a new machine
     - there seems to be a very(?) active "upstream" (fork?) in rde with an unclear path to guix-home
     - multiple machines, but i'm doing lots of ugly (if (member host '("foo" "bar")) / (equal? kernel "GNU") ... and haven't found a nice way/example to do this cleanly
     - guix home reconfigure and the "new" feature of adding home-environment to the system configuration don't really play together
     ? not really a guix home issue, but all programs (gnome/gnome-shell, icecat/firefox) should provide a way to be configured declaratively. there's still a lot of state in ~/.local (and possibly ~/.cache) that programs just dump there, wondering how the developers of such softwares can live with that.

     that looks like a whole bunch of negatives, but i'm still quite happy with it.

   • Embed this notice
     Yunqi Shao (yqshao@mathstodon.xyz)'s status on Friday, 31-Jan-2025 22:59:20 JST Yunqi Shao

     in reply to

     @cwebber I manage multiple PC and VPS with it. Basically like it because of guix and in particular the model of service extension for configuration, and only thing I'm not happy with is slowness (of guix in general).

     I use gpg with sops-guix/password-store for secrets. Well, sops is not really used for home (I use it only for private keys or alike which goes to the system config), as most secrets in my home config are just passwords. Most things I want to sync works with syncthing.

     I still have bit chunk of dotfiles that are in some stow/chezmoi structure which is not particularly "guixy" for them to be applicable to machines I do not own.