| .. | ||
| .forgejo/workflows | ||
| docs | ||
| flake | ||
| homes | ||
| hosts | ||
| lib | ||
| modules | ||
| secrets | ||
| .editorconfig | ||
| .envrc | ||
| .gitattributes | ||
| .gitignore | ||
| .luacheckrc | ||
| .luarc.json | ||
| flake.lock | ||
| flake.nix | ||
| LICENSE | ||
| README.md | ||
| stylua.toml | ||
Nýx
My overengineered NixOS flake: Desktops, laptops, servers and everything
else that can run an OS.
Screenshot last updated 2024-03-19
High Level Overview
A high level overview of this monorepo, containing configurations for all of my machines that are running or have ran NixOS at some point in time. As I physically cannot stop tinkering with my configuration, nothing in this repository (including the overview sections) should be considered final. As such, it is not recommended to be used as a template but you are welcome to browse the codebase to your liking, you may find bits that are interesting or/and useful to you.
Before you proceed, I would like to point you towards the credits section below where I pay tribute to the individuals who have contributed to this project, whether through code reference, suggestions, bug reports, or simply moral support.
Notable Features
- All-in-one - Servers, desktops, laptops, virtual machines and anything you
can think of. Managed in one place.
- Sane Defaults - The modules attempt to bring the most sane defaults, while providing per-host toggles for conflicting choices.
- Flexible Modules - Both Home-manager and NixOS modules allow users to retrieve NixOS or home-manager configurations from anywhere.
- Extensive Configuration - Most desktop programs are configured out of the box and shared across hosts, with override options for per-host controls.
- Custom extended library - An extended library for functions that help organize my system.
- Shared Configurations - Reduces re-used boilerplate code by sharing modules and profiles across hosts.
- Fully Modular - Utilizes NixOS' module system to avoid hard-coding any of
the options.
- Profiles & Roles - Provide serialized configuration sets and pluggables for easily changing large portions of configurations with less options and minimal imports.
- Detached Homes - Home-manager configurations are able to be detached for non-NixOS usage.
- Modularized Flake Design - With the help of flake-parts, the flake is
fully modular: keeping my
flake.nixcleaner than ever. - Declarative Themes - Using my module options, profiles and wallpkgs. Everything theming is handled inside the flake.
- Tree-wide formatting - Format files in any language with the help of devshells and treefmt-nix modules for flake-parts.
- Declarative nftables firewall - Overengineered nftables chain builder for easy firewall setups.
- Personal Installation Media - Personalized ISO images for system installation and recovery.
- Secrets Management - Manage secrets through Agenix.
- Opt-in Impermanence - On-demand ephemeral root using BTRFS rollbacks and impermanence.
- Encryption Ready - Supports and actively utilizes full disk encryption.
- Wayland First - Leaves Xorg in the past where it belongs. Everything is configured around Wayland, with Xorg only as a fallback.
Repo Structure
- flake.nix Ground zero of my system configuration. Declaring entrypoints
- lib Personal library of functions and utilities
- docsThe documentation for my flake repository
- notes Notes from tedious or/and under-documented processes I have gone through. More or less a blog
- cheatsheet Useful tips that are hard to memorize, but easy to write down
- flake/ Individual parts of my flake, powered by flake-parts
- modules modules provided by my flake for both internal and public use
- pkgs packages exported by my flake
- schemes home-baked flake schemas for upcoming flake schemas
- templates templates for initializing flakes. Provides some language-specific flakes
- args.nix initiate and configure nixpkgs locally
- deployments.nix host setup for deploy-rs, currently a work in progress
- treefmt.nix various language-specific configurations for treefmt
- homes my personalized Home-Manager configuration module
- hosts per-host configurations that contain machine specific instructions and setups
- modules modularized NixOS configurations
- core The core module that all systems depend on
- extra Extra modules that are rarely imported
- options Definitions of module options used by common modules
- meta Internal, read-only module that defines host capabilities based on other options
- device Hardware capabilities of the host
- documentation Local module system documentation
- system OS-wide configurations for generic software and firmware on system level
- theme Active theme configurations ranging from QT theme to shell colors
- usrEnv userspace exclusive configurations. E.g. lockscreen or package sets
- secrets Agenix secrets
Host Specifications
| Name | Description | Type | Arch |
|---|---|---|---|
gaea |
Custom live media, used as an installer | ISO | - |
erebus |
Air-gapped virtual machine/live-iso configuration for sensitive jobs | ISO | - |
enyo |
Day-to-day desktop workstation boasting a full AMD system. | Desktop | x86_64-linux |
helios |
Hetzner cloud VPS for non-critical infrastructure | Server | x86_64-linux |
prometheus |
HP Pavillion with a a GTX 1050 and i7-7700hq | Laptop | x86_64-linux |
epimetheus |
Twin of prometheus, features full disk encryption in addition to everything prometheus provides | Laptop | x86_64-linux |
hermes |
HP Pavillion with a Ryzen 7 7730U, and my main portable workstation. Used on-the-go | Laptop | x86_64-linux |
atlas |
Proof of concept server host that is used by my Raspberry Pi 400 | Server | aarch64-linux |
icarus |
My 2014 Lenovo Yoga Ideapad that acts as a portable server, used for testing hardware limitations | Laptop | x86_64-linux |
artemis |
VM host for testing basic NixOS concepts. Previously targeted aarch64-linux | VM | x86_64-linux |
apollon |
VM host for testing networked services, generally used on servers | VM | x86_64-linux |
leto |
VM host running medium-priority infrastructure inside a virtualized root server | VM | x86_64-linux |
Credits & Special Thanks to
My special thanks go to fufexan for convincing me to use NixOS and sticking around to answer my most stupid and deranged questions, as well as my atrocious abstractions.
And to sioodmy which my configuration is initially based on. The simplicity of his configuration flake allowed me to take a foothold in the Nix world.
Awesome People
I shamelessly stole from got inspired by those folks
sioodmy - fufexan - rxyhn - NobbZ - ViperML - spikespaz - hlissner - fortuneteller2k - Max Headroom
... and surely there are more, but I tend to forget.
Anti-credits
Pretend I haven't credited those people (but I will, because they are equally awesome and I appreciate them)
n3oney - gerg-l (bald frog) - eclairevoyant - FrothyMarrow
Other Cool Resources
Resource that helped shape and improve this configuration, or resources that I strongly recommend that you read in no particular order.
Readings
- A list of Nix library functions and builtins
- Zero to Nix
- Nix Pills
- Xe Iaso's blog
- Vinícius Müller's Blog
- Viper's Blog
- Solène's Blog
- ...my own "blog"?
Software
Software that helped this configuration become what it is, or software I find interesting
Linux
Nix/NixOS
Projects I have made to use in this repository, or otherwise cool software that are used in this repository that I would like to endorse.
- nyxpkgs - my personal package collection
- neovim-flake - highly modular neovim module for NixOS & Home-manager
- docr - my barebones static site generator, used to generate my blog
- schizofox - hardened Firefox configuration for the delusional and the paranoid
Additionally, take a look at my notes/blog for my notes on specific processes on NixOS.
License
Unless explicitly stated otherwise, all code under this repository (except for anything in docs directory) is licensed under the GPLv3, or should you prefer, under any later version of the GPL released by the FSF.
The notes and documentation available in docs directory is licensed under the CC BY License.
All code here (excluding secrets) are available for your convenience and at my expense as I believe it is in NixOS configurations' spirit to share knowledge with and learn from other NixOS users. As such if you are directly copying a section of my configuration, please include a copyright notice at the top of the file you import the code.
It is not enforced, but your kindness and due diligence would be appreciated.
Preview
Screenshot last updated 2023-12-09