Fedora + Nix

Índice

0. Preparando Todo
1. Usuarios (mínimo privilegio)
2. Login: greetd + tuigreet + niri
3. Sudo-rs
4. Instalar Nix (multiusuario)
5. Configurar Nix en /etc/nix/nix.conf
6. Sistema base con DNF
7. Flake Home Manager
8. Notas útiles y rollbacks

Preparación

sudo dnf up -y
sudo dnf in -y helix tar git NetworkManager-wifi NetworkManager-tui iwlwifi-mvm-firmware

Usuarios (mínimo privilegio)

• admin → con sudo
• main / focus / safe → sin sudo.

Crear usuarios:

sudo groupadd -f nhm
sudo useradd -m -s /bin/bash -G nhm main  && sudo passwd main
sudo useradd -m -s /bin/bash -G nhm focus && sudo passwd focus
sudo useradd -m -s /bin/bash -G nhm safe  && sudo passwd safe

Login: greetd + tuigreet + niri

sudo dnf in -y niri greetd tuigreet xdg-desktop-portal xdg-desktop-portal-wlr
sudo dnf rm -y fuzzel nano bluez

Configurar /etc/greetd/config.toml:

[terminal]
vt = 1
[default_session]
command = "tuigreet --cmd 'niri --session' --time --remember --asterisks"
user = "greetd"

Habilitar:

sudo systemctl set-default graphical.target
sudo systemctl enable greetd

Sudo-rs

su
dnf -y in sudo-rs
install -d /usr/local/bin
cat >/usr/local/bin/sudo <<'EOF'
#!/bin/sh
exec /usr/bin/sudo-rs "$@"
EOF
chmod 0755 /usr/local/bin/sudo
restorecon -v /usr/local/bin/sudo || true
type -a sudo    # debe listar /usr/local/bin/sudo primero

Su-rs

su
cat >/usr/local/bin/su <<'EOF'
#!/bin/sh
exec /usr/bin/su-rs "$@"
EOF
chmod 0755 /usr/local/bin/su
restorecon -v /usr/local/bin/su || true
type -a su    # debe listar /usr/local/bin/su primero

Instalar Nix (multiusuario)

curl --proto '=https' --tlsv1.2 -sSf -L https://artifacts.nixos.org/experimental-installer | sh -s -- install
. /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh

Configurar Nix en /etc/nix/nix.conf

Preparar directorio:

sudo mkdir /nhm
sudo chown admin:nhm /nhm
sudo chmod 750 /nhm
cd /nhm
git clone https://codeberg.org/Kyronix/dotfiles.git
cd dotfiles
git checkout nix-fedora
sudo git config --system --add safe.directory /nhm/dotfiles

Editar como root:

experimental-features = nix-command flakes
sandbox = true
sandbox-fallback = false
trusted-users = root @wheel
keep-outputs = true
keep-derivations = true

Aplicar:

sudo systemctl restart nix-daemon

Sistema base con DNF

sudo dnf config-manager addrepo --from-repofile=https://repository.mullvad.net/rpm/stable/mullvad.repo
sudo dnf config-manager addrepo --from-repofile=https://brave-browser-rpm-release.s3.brave.com/brave-browser.repo

sudo dnf in -y setroubleshoot nmap dnf-plugins-core power-profiles-daemon wlogout \
  libguestfs-tools usbguard-selinux @virtualization brave-browser mullvad-vpn mullvad-browser \
  lxqt-policykit clamav swayidle pulseaudio-utils foot mako

Flake Home Manager

# Genera/Actualiza flake.lock
cd /nhm/dotfiles
nix flake update

Desde el usuario correr este comando:

nix run /nhm/dotfiles#home-manager -- switch --flake /nhm/dotfiles#<usuario>

# Logeado como admin
nix run /nhm/dotfiles#home-manager -- switch --flake /nhm/dotfiles#admin
# Logeado como main 
nix run /nhm/dotfiles#home-manager -- switch --flake /nhm/dotfiles#main
# Logeado como focus
nix run /nhm/dotfiles#home-manager -- switch --flake /nhm/dotfiles#focus
# Logeado como safe
nix run /nhm/dotfiles#home-manager -- switch --flake /nhm/dotfiles#safe

Extra

Si estas en /nhm/dotfiles se puede usar:

nix run .#home-manager -- switch --flake .#admin

Notas útiles

• Update:

cd /nhm/dotfiles
nix flake update                     # refresca nixpkgs/home-manager en flake.lock
# aplica por usuario:
nix run .#home-manager -- switch --flake .#admin
nix run .#home-manager -- switch --flake .#main
nix run .#home-manager -- switch --flake .#focus
nix run .#home-manager -- switch --flake .#safe

• HM:

home-manager generations
home-manager switch --rollback

• Limpieza:

sudo nix store gc
# Por usuario
home-manager expire-generations "-30 days"