[![built with nix](https://img.shields.io/static/v1?logo=nixos&logoColor=white&label=&message=Built%20with%20Nix&color=41439a)](https://builtwithnix.org) # My NixOS configurations Here's my NixOS/home-manager config files. Requires [Nix flakes](https://nixos.wiki/wiki/Flakes). ## Structure - `flake.nix`: Entrypoint for hosts and home configurations. Also exposes a devshell for boostrapping (`nix develop` or `nix-shell`). - `lib`: A few lib functions for making my flake cleaner - `hosts`: NixOS Configurations, accessible via `nixos-rebuild --flake`. - `common`: Shared configurations consumed by the machine-specific ones. - `global`: Configurations that are globally applied to all my machines. - `optional`: Opt-in configurations my machines can use. - `floki`: Lenovo ThinkPad X1 Carbon Extreme Gen 5 - `home`: My Home-manager configuration, acessible via `home-manager --flake` - Each directory here is a "feature" each hm configuration can toggle, thus customizing my setup for each machine (be it a server, desktop, laptop, anything really). - `modules`: A few actual modules (with options) I haven't upstreamed yet. - `overlay`: Patches and version overrides for some packages. Accessible via `nix build`. - `pkgs`: My custom packages. Also accessible via `nix build`. You can compose these into your own configuration by using my flake's overlay, or consume them through NUR. - `templates`: A couple project templates for different languages. Accessible via `nix init`. ## About the installation Home-manager is used in a standalone way, and because of opt-in persistence is activated on every boot with `loginShellInit`. ## How to bootstrap All you need is nix (any version). Run: ``` nix-shell ``` If you already have nix 2.4+, git, and have already enabled `flakes` and `nix-command`, you can also use the non-legacy command: ``` nix develop ``` `nixos-rebuild --flake .` To build system configurations `home-manager --flake .` To build user configurations `nix build` (or shell or run) To build and use packages `sops` To manage secrets ## Secrets For deployment secrets (such as user passwords and server service secrets), I'm using the awesome [`sops-nix`](https://github.com/Mic92/sops-nix). All secrets are encrypted with my personal PGP key (stored on a YubiKey), as well as the relevant systems's SSH host keys. On my desktop and laptop, I use `pass` for managing passwords, which are encrypted using (you bet) my PGP key. This same key is also used for mail signing, as well as for SSH'ing around. ## Tooling and applications I use Most relevant user apps daily drivers: - neovim - fish + starship - kitty - qutebrowser - neomutt + mbsync - khal + khard + todoman + vdirsyncer - gpg + pass - tailscale - podman - zathura - wofi - bat + fd + rg - kdeconnect - sublime-music Some of the services I host: - hydra - navidrome - deluge - prometheus - websites (such as https://burd.me ...) - headscale Nixy stuff: - nix-colors - sops-nix - impermanence - home-manager - deploy-rs - and NixOS and nix itself, of course :) Let me know if you have any questions about them :)