fireproof/nixos
1
0
Fork 0
mirror of https://github.com/nickolaj-jepsen/nixos.git synced 2026-01-22 00:01:58 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
No description
187 commits 3 branches 0 tags 11 MiB
Find a file
github-actions[bot] 4fcaba3a56 flake.lock: Update 
Flake lock file updates:

• Updated input 'dank-material-shell':
    'github:AvengeMedia/DankMaterialShell/80ce6aa' (2026-01-20)
  → 'github:AvengeMedia/DankMaterialShell/eebb482' (2026-01-21)
• Updated input 'determinate':
    'https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/3.15.1/019b4e8a-dc22-75db-aef5-a447efbb1a13/source.tar.gz' (2025-12-24)
  → 'https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/3.15.2/019bde7d-0725-73ef-9705-498c50ef6e00/source.tar.gz' (2026-01-21)
• Updated input 'determinate/determinate-nixd-aarch64-darwin':
    'https://install.determinate.systems/determinate-nixd/tag/v3.15.1/macOS'
  → 'https://install.determinate.systems/determinate-nixd/tag/v3.15.2/macOS'
• Updated input 'determinate/determinate-nixd-aarch64-linux':
    'https://install.determinate.systems/determinate-nixd/tag/v3.15.1/aarch64-linux'
  → 'https://install.determinate.systems/determinate-nixd/tag/v3.15.2/aarch64-linux'
• Updated input 'determinate/determinate-nixd-x86_64-linux':
    'https://install.determinate.systems/determinate-nixd/tag/v3.15.1/x86_64-linux'
  → 'https://install.determinate.systems/determinate-nixd/tag/v3.15.2/x86_64-linux'
• Updated input 'determinate/nix':
    'https://api.flakehub.com/f/pinned/DeterminateSystems/nix-src/3.15.1/019b4e84-d036-75db-b6c6-6bc2e2035c53/source.tar.gz' (2025-12-24)
  → 'https://api.flakehub.com/f/pinned/DeterminateSystems/nix-src/3.15.2/019bde75-b4ee-74b2-a812-28dc2ee83d58/source.tar.gz' (2026-01-21)
• Updated input 'determinate/nixpkgs':
    'https://api.flakehub.com/f/pinned/DeterminateSystems/nixpkgs-weekly/0.1.914780%2Brev-306ea70f9eb0fb4e040f8540e2deab32ed7e2055/019b49b8-ed0f-724e-bdaf-5fd90cc1c590/source.tar.gz' (2025-12-21)
  → 'https://api.flakehub.com/f/pinned/DeterminateSystems/nixpkgs-weekly/0.1.930106%2Brev-bde09022887110deb780067364a0818e89258968/019bd9ed-5f0b-7074-afb0-8bb5e13a7598/source.tar.gz' (2026-01-19)
• Updated input 'dms-plugin-registry':
    'github:AvengeMedia/dms-plugin-registry/f30cbbf' (2026-01-20)
  → 'github:AvengeMedia/dms-plugin-registry/09e0469' (2026-01-21)
• Updated input 'niri':
    'github:sodiboo/niri-flake/6581f54' (2026-01-20)
  → 'github:sodiboo/niri-flake/2f38ab7' (2026-01-21)
• Updated input 'nix-vscode-extensions':
    'github:nix-community/nix-vscode-extensions/5ec5772' (2026-01-20)
  → 'github:nix-community/nix-vscode-extensions/05bffac' (2026-01-21)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/77ef7a2' (2026-01-18)
  → 'github:nixos/nixpkgs/3ceaaa8' (2026-01-20)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/e4bae1b' (2026-01-16)
  → 'github:nixos/nixpkgs/80e4adb' (2026-01-20)
• Updated input 'nur':
    'github:nix-community/NUR/dfc07ec' (2026-01-20)
  → 'github:nix-community/NUR/3f4b196' (2026-01-21)
• Updated input 'opencode':
    'github:anomalyco/opencode/7f50b27' (2026-01-20)
  → 'github:anomalyco/opencode/b10f423' (2026-01-21)
• Updated input 'opencode/nixpkgs':
    'github:NixOS/nixpkgs/be5afa0' (2026-01-16)
  → 'github:NixOS/nixpkgs/61db79b' (2026-01-13)
2026-01-21 16:01:17 +00:00
.github chore: fix lint 2026-01-21 16:50:15 +01:00
.vscode complete rework v3 2025-02-18 20:17:57 +01:00
hosts feat: add scripts 2026-01-20 01:02:28 +01:00
modules chore: fix lint 2026-01-21 00:11:43 +01:00
secrets feat: add zwift integration to home-assistant 2026-01-20 00:22:18 +01:00
.gitignore chore: remove result file 2025-09-05 08:27:28 +02:00
devshell.nix feat: add devshell 2025-12-13 20:04:09 +01:00
flake.lock flake.lock: Update 2026-01-21 16:01:17 +00:00
flake.nix fix: update dms 2026-01-19 17:44:37 +01:00
formatter.nix chore: update theme 2025-02-24 22:52:19 +01:00
justfile feat: add zwift integration to home-assistant 2026-01-20 00:22:18 +01:00
README.md feat: more wsl tweaks 2025-12-14 04:09:59 +01:00

README.md

NixOS Configuration

Personal NixOS configuration using flakes, home-manager, and agenix for secret management.

Quick Start

All common tasks are managed via just. Run just to see available commands.

System Operations

# Rebuild and switch to new configuration (current host)
just switch

# Rebuild a specific host
just switch desktop

# Update flake inputs
just update

# Update a specific input
just update nixpkgs

# Build without switching
just build-system

# Compare changes before switching
just diff

Remote Deployment

# Deploy to a remote host
just switch hostname user@remote

# Fresh install on a new machine
just deploy-remote hostname user@remote

Bootstrap ISO

# Build bootable USB installer
just bootstrap-iso

# Flash to USB drive
just bootstrap-flash /dev/sdX

Adding a New Host

  1. Run the new-host command:

    just new-host <hostname> <username>

    This creates:

    • hosts/<hostname>/default.nix file which you should edit
    • secrets/hosts/<hostname>/ directory with SSH keys

  2. Add host configuration in hosts/default.nix:

    <hostname> = mkSystem { host = .<hostname>; };

  3. Create required files in hosts/<hostname>/:

    • configuration.nix - Main host config
    • disk-configuration.nix - Disk layout (for disko)
    • Other host-specific modules as needed

  4. Generate hardware config:

    just factor <hostname>
# Or for remote:
just factor <hostname> user@remote

  5. Rekey secrets:

    just secret-rekey

Tip

If you upload the public key (secrets/hosts/<hostname>/id_ed25519.pub) to GitHub, you can pull & push directly from the new host.

Deploying

Nixos ISO install

A simple way to install a new machine is to use the official NixOS ISO to prepare a machine

Copy the private SSH key for the new host to /etc/ssh/ssh_host_ed25519_key

Enable flakes support in /etc/nixos/configuration.nix

{
  nix = {
    package = pkgs.nixFlakes;
    extraOptions = ''
      experimental-features = nix-command flakes
    '';
  };
}

Then run:

$ nix develop
$ just switch <hostname>

Secret Management

Secrets are managed with agenix + agenix-rekey, using a YubiKey as the master identity.

Structure

secrets/
├── yubikey-identity.pub    # Master encryption key
├── *.age                   # Global secrets
└── hosts/<hostname>/
    ├── id_ed25519.pub      # Host public key
    ├── id_ed25519.age      # Host private key (encrypted)
    └── .rekey/             # Rekeyed secrets for this host

Commands

# Edit a secret
just secret-edit <secret-name>

# Rekey all secrets (after adding hosts/secrets)
just secret-rekey

# Decrypt a file to stdout
just decrypt <file.age>

# Run rage with yubikey
just age -e <file> -o <output.age>

Development

Development Shell

A Nix development shell is available with useful tools for working on this configuration:

# Enter the development shell
nix develop

Formatting

Code is formatted using treefmt-nix with:

  • alejandra - Nix formatter
  • deadnix - Remove unused Nix code
  • statix - Nix linter
  • prettier - JSON/YAML/Markdown
  • just - Justfile formatter
  • fish_indent - Fish scripts
nix fmt

Useful Tools

# Explore dependency tree
just tree

# Generate Nix fetcher from URL
just nurl https://github.com/owner/repo

Theme

Heavily inspired by / stolen from Flexoki

Name Hex
bg #1C1B1A
bg-alt #282726
fg #DAD8CE
fg-alt #B7B5AC
muted #878580
ui #343331
ui-alt #403E3C
black #100F0F
accent #CF6A4C
red #D14D41
red-alt #AF3029
orange #DA702C
orange-alt #BC5215
yellow #D0A215
yellow-alt #AD8301
green #879A39
green-alt #66800B
cyan #3AA99F
cyan-alt #24837B
blue #4385BE
blue-alt #205EA6
purple #8B7EC8
purple-alt #5E409D
magenta #CE5D97
magenta-alt #A02F6F
white #DAD8CE
white-alt #F2F0E5