NixOS Configuration

My personal Nix and NixOS configuration for reproducible, declarative systems and environments across multiple hosts. This is a personal configuration with limited applicability to others, though some patterns may be useful for reference. Common self-hosting services have been extracted to a separate project, Eilean.

Usage

NixOS

See the NixOS manual for how to install NixOS.

1. Clone this repository to /etc/nixos/ on a NixOS system.
2. Set up the host configuration in /etc/nixos/hosts/<hostname>/.
3. Deploy the host with nixos-rebuild switch.

Remote Deployment

deploy-rs can be used to update remote hosts via SSH with deploy .#hostname.

Home Manager

For non-NixOS systems, you can use Home Manager standalone:

1. Install Nix and enable flakes.
2. Clone this repository and follow the Home Manager manual.
3. Deploy the profile with home-manager switch.

Nix-on-Droid

See upstream.

Repository Structure

• flake.nix - Entry point where inputs, outputs, and overlays are defined. The flake.lock file locks these inputs for reproducibility.
• hosts/ - Host-specific configurations where each subdirectory represents a separate machine.
  • Hosts are named after animals, following a rough naming scheme where,
    • Stationary hosts are mammals.
      • Servers are even-toed ungulates (Artiodactyls), e.g. the Network-Attached Storage (NAS) server elephant.
      • SBCs are small mammals (Eulipotyphla), e.g. the Home Assistant server and Zigbee bridge shrew.
      • Desktops are carnivores (Carnivora), e.g. the tower PC vulpine.
    • Mobile (battery powered) hosts are reptiles, e.g. the laptop gecko.
    • Virtual hosts are birds, e.g. the virtual private server owl.
    • Work-associated hosts are aquatic.
    • barnacle builds an ISO image that can be written to media like a USB flash drive to create a read-only live USB that can be booted to provide the custom environment on all my other hosts and used to, for example, install an operating system, with the install.sh script.
  • Each host directory typically contains,
    • default.nix - Main configuration entry point that imports other modules.
    • hardware-configuration.nix - Hardware-specific configuration generated by nixos-generate-config.
    • minimal.nix - A minimal configuration that can be useful when updating with insuffient disk space. The minimal configuration can be build, the default.nix system garbage collected, and then the updated configuration built. Note this precludes trivial rollback.
    • Other modules seperating functionality, such as services.nix.
• modules/ - NixOS modules of common functionality extracted into modular components which can be enabled by host configurations.
• pkgs/ - Custom package definitions for packages not available in nixpkgs or requiring modifications.
• home/ - Home-manager NixOS modules configurations.
• secrets/ - Encrypted secrets managed by agenix.
• scripts/ - Miscellaneous scripts.
• nix-on-droid/ - Nix-on-Droid configuration.

Managing Secrets

Secrets are managed using agenix. To add a new secret, update secrets.nix and run cd secrets && agenix -e <secret-name>.age. To update an existing secret you need only do the latter.