Configuration flake for NixOS systems

linux nix nixos

Nix 99.8%
CSS 0.2%

Find a file

Jordan Holt e711eb953a Some checks are pending Check flake / build-amd64-linux (push) Waiting to run Details flake.lock: Update Flake lock file updates: • Updated input 'disko': 'github:nix-community/disko/caa775cf67bfdc47f940edd96c975b5016df9059?narHash=sha256-Md/eOK5OjmvvHc2H52pLZe4zpP4XyfiS5vHqfRCz2HU%3D' (2026-05-29) → 'github:nix-community/disko/115e5211780054d8a890b41f0b7734cafad54dfe?narHash=sha256-eTAlX0CwgB84Ts3GaBd944A3DRXVMzgA0EqroZBISUo%3D' (2026-06-01) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/b76b5639c0593e0aeb0b5879ad62d4b30596c144?narHash=sha256-SCSLUKBmwlSLGQ8Xbr8PjRFtiHNk0l9ktqkcmqdBkfE%3D' (2026-05-29) → 'github:NixOS/nixos-hardware/4ed851c979641e28597a05086332d75cdc9e395f?narHash=sha256-fPBRVf6A5xlACYcOI59shGrjURuvwu0lRsDoSCEXt/I%3D' (2026-06-01) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/e8e446a361172fe838243958325845d0b845c5e5?narHash=sha256-WnxzG4x47uCgjz%2BuD%2BvOzbF%2BQid%2BhKyYdJWbduA9w7g%3D' (2026-05-29) → 'github:NixOS/nixpkgs/b51242d7d43689db2f3be91bd05d5b24fbb469c4?narHash=sha256-K5sT4jTpGs15ADhviMKNBH38REpPf5Q6mM1%2BN6cArVE%3D' (2026-05-31) • Updated input 'noctalia': 'github:noctalia-dev/noctalia-shell/b16dc50250af05d5048ac454dbf4e898d1adcac0?narHash=sha256-zeluNQgRgTglqKnv5EaM7DzSaqmrCdqTocmaWC7dxy0%3D' (2026-05-31) → 'github:noctalia-dev/noctalia-shell/fe6fa125f5ee7881c4ee0cf9c0a4329a8238d3c2?narHash=sha256-WnjyKaA%2BkywlyaPZs3dxD%2BXWVCMixsfDht8Sn7fshgs%3D' (2026-06-01)		2026-06-01 18:53:14 +01:00
.gitea/workflows	Check flake instead of dry building	2024-05-07 09:03:39 +01:00
hosts	hosts/odyssey: switch to niri	2026-05-30 22:33:01 +01:00
modules/nixos	modules/wireless: wpa_supplicant owns secret	2026-05-30 10:34:17 +01:00
nix	hosts/vps2: delete	2025-10-27 21:55:14 +00:00
overlays	pkgs/vaultwarden: remove	2026-05-30 10:22:31 +01:00
pkgs	pkgs/jellysearch: remove	2026-05-30 10:48:10 +01:00
secrets	system/wireless: migrate SSIDs	2026-05-17 10:58:37 +01:00
users	users/jordan: optionally add nvidia env to niri	2026-05-31 15:49:53 +01:00
flake.lock	flake.lock: Update	2026-06-01 18:53:14 +01:00
flake.nix	hosts/odyssey: add flake for comfyui	2026-05-30 21:05:49 +01:00
LICENSE	Bump LICENSE	2026-05-30 10:47:27 +01:00
README.md	treewide: remove hyprland	2026-01-11 21:49:17 +00:00

README.md

nix-config

System and user configuration for NixOS-based systems.


Shell:	zsh
WM:	Niri
Theme:	Adwaita
Terminal:	kitty

Provisioning a new host

nixos-anywhere is the module used for provisioning

Generate a new SSH host key in "$temp/etc/ssh" as per this guide.

ssh-keygen -t ed25519 -f /tmp/ssh_host_ed25519_key

Update nix-secrets with the new host key to enable the system to decrypt any relevant secrets.

In order to use the borgmatic module for backups, go to borgbase.com. Add the generated SSH host key and create a new repository for the system.

Create a new directory under hosts/ with a system configuration and disk layout.

Boot the NixOS installer (or any Linux distribution) on the target.

Then run:

nix run github:nix-community/nixos-anywhere -- \
  --disk-encryption-keys /tmp/secret.key /tmp/secret.key \
  --extra-files "$temp" \
  --flake .#<hostname> \
  root@<target-ip>

Post install

If backups are configured, you'll need to run:

borgmatic init --encryption repokey-blake2

then restart borgmatic.

To join the Tailscale network, run:

tailscale up --login-server https://headscale.vimium.net

then visit the URL, SSH onto vps1 and run headscale --user mesh nodes register --key <key>.

The new node can optionally be given a friendly name with headscale node rename -i <index> <hostname>.