My NixOS configurations
Here's my NixOS/home-manager config files. Requires Nix flakes.
Looking for something simpler to start out with flakes? Try my starter config repo.
Highlights:
- Multiple NixOS configurations, including desktop, laptop, server
- Opt-in persistence through impermanence + blank snapshotting
- Encrypted single BTRFS partition
- Fully declarative self-hosted stuff
- Deployment secrets using sops-nix
- Mesh networked hosts with tailscale and headscale
- Flexible Home Manager Configs through feature flags
- Extensively configured wayland environments (sway and hyprland) and editor (neovim)
- Declarative themes and wallpapers with nix-colors
- Hydra CI/CD server and binary cache that uses the desktops as remote builders
Structure
flake.nix: Entrypoint for hosts and home configurations. Also exposes a devshell for boostrapping (nix developornix-shell).lib: A few lib functions for making my flake cleanerhosts: NixOS Configurations, accessible vianixos-rebuild --flake.common: Shared configurations consumed by the machine-specific ones.global: Configurations that are globally applied to all my machines.optional: Opt-in configurations my machines can use.atlas: Desktop PC - 32GB RAM, R5 3600x, RX 5700XT | Hyprlandpleione: Lenovo Ideapad 3 - 8GB RAM, R7 5700u | Hyprlandmaia: Secondary Desktop PC - 16GB RAM, i5 6600, GTX 970 | Servermerope: Raspberry Pi 4 - 8GB RAM | Servercelaeno: Oracle Could VPS (Ampere) - 24GB RAM & 4vCPUs | Serveralcyone: Vultr VPS - 1GB RAM & 1 vCPU | Server
home: My Home-manager configuration, acessible viahome-manager --flake- Each directory here is a "feature" each hm configuration can toggle, thus customizing my setup for each machine (be it a server, desktop, laptop, anything really).
modules: A few actual modules (with options) I haven't upstreamed yet.overlay: Patches and version overrides for some packages. Accessible vianix build.pkgs: My custom packages. Also accessible vianix build. You can compose these into your own configuration by using my flake's overlay, or consume them through NUR.templates: A couple project templates for different languages. Accessible vianix init.
About the installation
All my computers use a single btrfs (encrypted on all except headless systems)
partition, with subvolumes for /nix, a /persist directory (which I opt in
using impermanence), swap file, and a root subvolume (cleared on every boot).
Home-manager is used in a standalone way, and because of opt-in persistence is
activated on every boot with loginShellInit.
How to bootstrap
All you need is nix (any version). Run:
nix-shellIf you already have nix 2.4+, git, and have already enabled flakes and
nix-command, you can also use the non-legacy command:
nix developnixos-rebuild --flake . To build system configurations
home-manager --flake . To build user configurations
nix build (or shell or run) To build and use packages
sops To manage secrets
Secrets
For deployment secrets (such as user passwords and server service secrets), I'm
using the awesome sops-nix. All secrets
are encrypted with my personal PGP key (stored on a YubiKey), as well as the
relevant systems's SSH host keys.
On my desktop and laptop, I use pass for managing passwords, which are
encrypted using (you bet) my PGP key. This same key is also used for mail
signing, as well as for SSH'ing around.
Tooling and applications I use
Most relevant user apps daily drivers:
- hyprland + swayidle + swaylock
- waybar
- neovim
- fish + starship
- kitty
- qutebrowser
- neomutt + mbsync
- khal + khard + todoman + vdirsyncer
- gpg + pass
- tailscale
- podman
- zathura
- wofi
- bat + fd + rg
- kdeconnect
- sublime-music
Some of the services I host:
- hydra
- navidrome
- deluge
- prometheus
- websites (such as https://m7.rs)
- minecraft
- headscale
Nixy stuff:
- nix-colors
- sops-nix
- impermanence
- home-manager
- deploy-rs
- and NixOS and nix itself, of course :)
Let me know if you have any questions about them :)
Unixpornish stuff
That's how my hyprland desktop setup look like (as of 2022 July).