jordan/nix-config
1
1
Fork 0
Code Issues 10 Pull requests Projects Releases Packages Wiki Activity Actions 1
Configuration flake for NixOS systems
1,277 commits 15 branches 0 tags 2.9 MiB
  • Nix 99.8%
  • CSS 0.2%
Find a file
Exact
Jordan Holt 2a04d78dc5
Some checks are pending
Check flake / build-amd64-linux (push) Waiting to run
Details
flake.lock: Update 
Flake lock file updates:

• Updated input 'niri':
    'github:sodiboo/niri-flake/3877b9fd1f78e831b3ea223f9e992c758d13df0f?narHash=sha256-yZvCnzf0NDL1vfMGRBkKthRmg8V93FzQ4CQNXhxh0Wg%3D' (2026-04-16)
  → 'github:sodiboo/niri-flake/7d67b9d0857c7efc7a6f9fc70982bdcb1e3d9a88?narHash=sha256-JGGdvn645wseAbRzwT/Zz2Y0na7v2FZ7FogIyKIFkk8%3D' (2026-04-16)
• Updated input 'niri/niri-unstable':
    'github:YaLTeR/niri/892470afd3dce5396828dd9b211b19210a16eaeb?narHash=sha256-7cKy5sGmN4Yt47Op0%2BA/b3iEMk/E2Ru%2BUiI42KfiEPc%3D' (2026-04-16)
  → 'github:YaLTeR/niri/82d4c7569e731379284e0653dcdadb8f17cceec7?narHash=sha256-MH7ieeYawsCAjGkoHFZfUDZXplEOiFgSpx2pGr5RK3c%3D' (2026-04-16)
• Updated input 'niri/nixpkgs-stable':
    'github:NixOS/nixpkgs/7e495b747b51f95ae15e74377c5ce1fe69c1765f?narHash=sha256-B35lpsqnSZwn1Lmz06BpwF7atPgFmUgw1l8KAV3zpVQ%3D' (2026-04-13)
  → 'github:NixOS/nixpkgs/1766437c5509f444c1b15331e82b8b6a9b967000?narHash=sha256-FbQAeVNi7G4v3QCSThrSAAvzQTmrmyDLiHNPvTF2qFM%3D' (2026-04-15)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/7e495b747b51f95ae15e74377c5ce1fe69c1765f?narHash=sha256-B35lpsqnSZwn1Lmz06BpwF7atPgFmUgw1l8KAV3zpVQ%3D' (2026-04-13)
  → 'github:NixOS/nixpkgs/1766437c5509f444c1b15331e82b8b6a9b967000?narHash=sha256-FbQAeVNi7G4v3QCSThrSAAvzQTmrmyDLiHNPvTF2qFM%3D' (2026-04-15)
2026-04-17 09:19:55 +01:00
.gitea/workflows Check flake instead of dry building 2024-05-07 09:03:39 +01:00
hosts hosts/common: disable sudo lectures 2026-04-16 23:10:16 +01:00
modules/nixos hosts/odyssey: enable home-manager impermanence 2026-04-13 21:04:47 +01:00
nix hosts/vps2: delete 2025-10-27 21:55:14 +00:00
overlays pkgs/vaultwarden: init at git-a2ad1dc 2025-09-02 00:39:12 +01:00
pkgs pkgs/vaultwarden: init at git-a2ad1dc 2025-09-02 00:39:12 +01:00
secrets hosts/vps1: remove migrated services 2026-04-05 16:51:25 +01:00
users users/jordan: persist .ssh 2026-04-16 23:05:06 +01:00
flake.lock flake.lock: Update 2026-04-17 09:19:55 +01:00
flake.nix treewide: remove hyprland 2026-01-11 21:49:17 +00:00
LICENSE Bump LICENSE year 2025-01-02 17:14:10 +00:00
README.md treewide: remove hyprland 2026-01-11 21:49:17 +00:00

README.md

nix-config

System and user configuration for NixOS-based systems.
Shell: zsh
WM: Niri
Theme: Adwaita
Terminal: kitty

Provisioning a new host

nixos-anywhere is the module used for provisioning

Generate a new SSH host key in "$temp/etc/ssh" as per this guide.

ssh-keygen -t ed25519 -f /tmp/ssh_host_ed25519_key

Update nix-secrets with the new host key to enable the system to decrypt any relevant secrets.

In order to use the borgmatic module for backups, go to borgbase.com. Add the generated SSH host key and create a new repository for the system.

Create a new directory under hosts/ with a system configuration and disk layout.

Boot the NixOS installer (or any Linux distribution) on the target.

Then run:

nix run github:nix-community/nixos-anywhere -- \
  --disk-encryption-keys /tmp/secret.key /tmp/secret.key \
  --extra-files "$temp" \
  --flake .#<hostname> \
  root@<target-ip>

Post install

If backups are configured, you'll need to run:

borgmatic init --encryption repokey-blake2

then restart borgmatic.

To join the Tailscale network, run:

tailscale up --login-server https://headscale.vimium.net

then visit the URL, SSH onto vps1 and run headscale --user mesh nodes register --key <key>.

The new node can optionally be given a friendly name with headscale node rename -i <index> <hostname>.