jordan/nix-config
1
1
Fork 0
Code Issues 10 Pull requests Projects Releases Packages Wiki Activity Actions 1
Configuration flake for NixOS systems
1,222 commits 14 branches 0 tags 2.5 MiB
  • Nix 99.8%
  • CSS 0.2%
Find a file
Exact
Jordan Holt 31f2f1e83a
Some checks are pending
Check flake / build-amd64-linux (push) Waiting to run
Details
flake.lock: Update 
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/cb6c151f5c9db4df0b69d06894dc8484de1f16a0?narHash=sha256-EDLi%2BYAsEEAmMeZe1v6GccuGRbCkpSZp/%2BA6g%2BpivR8%3D' (2026-02-22)
  → 'github:nix-community/home-manager/36e38ca0d9afe4c55405fdf22179a5212243eecc?narHash=sha256-aqBl3GNpCadMoJ/hVkWTijM1Aeilc278MjM%2BLA3jK6g%3D' (2026-02-25)
• Updated input 'niri':
    'github:sodiboo/niri-flake/673192ded8b7ac7f23b6a1a44957c0029cb81f62?narHash=sha256-rvXObttG6DWrYNPOVkGVK4/eP1wZuXTz7nUSRdvblLU%3D' (2026-02-23)
  → 'github:sodiboo/niri-flake/f8899e60a1425d21a03a05ac2c069a85398039b5?narHash=sha256-qe5t8E8uK5eSgPTxtfcde3VO8fnIr/Tu%2Bhn72FDry/E%3D' (2026-02-24)
• Updated input 'niri/nixpkgs-stable':
    'github:NixOS/nixpkgs/afbbf774e2087c3d734266c22f96fca2e78d3620?narHash=sha256-nhZJPnBavtu40/L2aqpljrfUNb2rxmWTmSjK2c9UKds%3D' (2026-02-21)
  → 'github:NixOS/nixpkgs/e764fc9a405871f1f6ca3d1394fb422e0a0c3951?narHash=sha256-sdaqdnsQCv3iifzxwB22tUwN/fSHoN7j2myFW5EIkGk%3D' (2026-02-24)
• Updated input 'nix-topology':
    'github:oddlama/nix-topology/5cdfb1006af22f1d0a7fc0ccd50d0a90701cbd70?narHash=sha256-QYhnWlQryb2yIyJslXokDvJ4SIUnGGskjFmzIoO/VrM%3D' (2026-02-23)
  → 'github:oddlama/nix-topology/b493b9b970388d79129ce1a92a6b060c9305386f?narHash=sha256-gFyFAFYYoNsvd6heI0XtDMIa4pnykjwDljS7dQm45uE%3D' (2026-02-24)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/740a22363033e9f1bb6270fbfb5a9574067af15b?narHash=sha256-yRKJ7gpVmXbX2ZcA8nFi6CMPkJXZGjie2unsiMzj3Ig%3D' (2026-02-18)
  → 'github:NixOS/nixos-hardware/41c6b421bdc301b2624486e11905c9af7b8ec68e?narHash=sha256-qwcDBtrRvJbrrnv1lf/pREQi8t2hWZxVAyeMo7/E9sw%3D' (2026-02-24)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/afbbf774e2087c3d734266c22f96fca2e78d3620?narHash=sha256-nhZJPnBavtu40/L2aqpljrfUNb2rxmWTmSjK2c9UKds%3D' (2026-02-21)
  → 'github:NixOS/nixpkgs/e764fc9a405871f1f6ca3d1394fb422e0a0c3951?narHash=sha256-sdaqdnsQCv3iifzxwB22tUwN/fSHoN7j2myFW5EIkGk%3D' (2026-02-24)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/0182a361324364ae3f436a63005877674cf45efb?narHash=sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ%3D' (2026-02-17)
  → 'github:NixOS/nixpkgs/2fc6539b481e1d2569f25f8799236694180c0993?narHash=sha256-0MAd%2B0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU%3D' (2026-02-23)
• Updated input 'noctalia':
    'github:noctalia-dev/noctalia-shell/90e44d6edd604a0877310b01ff20006abcf67e77?narHash=sha256-evn%2Bp0%2BT9yNtjdRr5UnYwXnhlHgFB8ilzhGQoYvgXhs%3D' (2026-02-23)
  → 'github:noctalia-dev/noctalia-shell/28dc8229b77a8c3e5b23f20306d821de3e13a84c?narHash=sha256-sfki5hpMegyjjK4ccDiLvy4DWQe1Nz2doI3ByqOHkyg%3D' (2026-02-26)
• Added input 'noctalia/noctalia-qs':
    'github:noctalia-dev/noctalia-qs/1711c5a20b74a31b703394164c5d2d9561f13ee9?narHash=sha256-lbZkAMNQl5Ymqhdvp46K8hubZ7n7KQRPnTP5bNJzMSk%3D' (2026-02-22)
• Added input 'noctalia/noctalia-qs/nixpkgs':
    follows 'noctalia/nixpkgs'
• Updated input 'pre-commit-hooks':
    'github:cachix/git-hooks.nix/49bbbfc218bf3856dfa631cead3b052d78248b83?narHash=sha256-Gtre9YoYl3n25tJH2AoSdjuwcqij5CPxL3U3xysYD08%3D' (2026-02-23)
  → 'github:cachix/git-hooks.nix/6e34e97ed9788b17796ee43ccdbaf871a5c2b476?narHash=sha256-%2BeXlIc4/7dE6EcPs9a2DaSY3fTA9AE526hGqkNID3Wg%3D' (2026-02-25)
2026-02-26 20:09:19 +00:00
.gitea/workflows Check flake instead of dry building 2024-05-07 09:03:39 +01:00
hosts hosts/library: update oauth secret for open-webui 2026-02-11 00:34:35 +00:00
modules/nixos treewide: remove gnome 2026-01-11 21:53:16 +00:00
nix hosts/vps2: delete 2025-10-27 21:55:14 +00:00
overlays pkgs/vaultwarden: init at git-a2ad1dc 2025-09-02 00:39:12 +01:00
pkgs pkgs/vaultwarden: init at git-a2ad1dc 2025-09-02 00:39:12 +01:00
secrets hosts/library: update oauth secret for open-webui 2026-02-11 00:34:35 +00:00
users users/guest: add jellyfin-desktop to impermanence 2026-02-10 23:55:59 +00:00
flake.lock flake.lock: Update 2026-02-26 20:09:19 +00:00
flake.nix treewide: remove hyprland 2026-01-11 21:49:17 +00:00
LICENSE Bump LICENSE year 2025-01-02 17:14:10 +00:00
README.md treewide: remove hyprland 2026-01-11 21:49:17 +00:00

README.md

nix-config

System and user configuration for NixOS-based systems.
Shell: zsh
WM: Niri
Theme: Adwaita
Terminal: kitty

Provisioning a new host

nixos-anywhere is the module used for provisioning

Generate a new SSH host key in "$temp/etc/ssh" as per this guide.

ssh-keygen -t ed25519 -f /tmp/ssh_host_ed25519_key

Update nix-secrets with the new host key to enable the system to decrypt any relevant secrets.

In order to use the borgmatic module for backups, go to borgbase.com. Add the generated SSH host key and create a new repository for the system.

Create a new directory under hosts/ with a system configuration and disk layout.

Boot the NixOS installer (or any Linux distribution) on the target.

Then run:

nix run github:nix-community/nixos-anywhere -- \
  --disk-encryption-keys /tmp/secret.key /tmp/secret.key \
  --extra-files "$temp" \
  --flake .#<hostname> \
  root@<target-ip>

Post install

If backups are configured, you'll need to run:

borgmatic init --encryption repokey-blake2

then restart borgmatic.

To join the Tailscale network, run:

tailscale up --login-server https://headscale.vimium.net

then visit the URL, SSH onto vps1 and run headscale --user mesh nodes register --key <key>.

The new node can optionally be given a friendly name with headscale node rename -i <index> <hostname>.