Skip to content

JManch/nixos

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2,418 Commits
homes
homes
 
 
hosts
hosts
 
 
lib
lib
 
 
modules
modules
 
 
patches
patches
 
 
pkgs
pkgs
 
 
templates
templates
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
flake.lock
flake.lock
 
 
flake.nix
flake.nix
 
 

Repository files navigation

JManch/nixos

blank-workspace light-dark-split

Overview

  • Single-command deployment with Disko and NixOS Anywhere
  • Fully modular configuration utilising NixOS module options
  • Tmpfs root file system with opt-in persistence, no stateful cruft
  • Persistent ZFS file system with full-disk encryption and compression
  • Passwordless disk decryption with Secure Boot and TPM
  • Declarative base-16 color scheme config with light/dark theme switching
  • Secret management using Agenix (secrets stored in private repo)
  • Declarative Restic backup system with remote redundancy

Structure

All system and Home Manager modules are stored under the modules directory. Options are used heavily to enable, disable, or modify modules on each host. Each host has two entry points for module configuration: hosts/<hostname>/default.nix for system configuration and homes/<hostname>.nix for Home Manager configuration.

Modules are split into categories using directories. Each directory contains a default.nix file which defines all options for modules in that category. The benefits of this are that (1), modules avoid an extra layer of nesting for config = {} and (2), default.nix serves as a convenient location to view all options in a category.

Deployment

Hosts can be deployed with a single command. There is no need to manually copy SSH keys for secret deployment. All that's required is a master password. Everything, including secrets, will be installed.

Run build-iso to get a custom install ISO. The ISO authenticates my SSH key for remote installs and provides an install script for installing locally.

  • Local: install-local <hostname> inside the ISO
  • Remote: install-remote <hostname> <ip_address>

The configuration also supports running a VM-variant of any host using run-vm <hostname>. This enables easy debugging/testing of host configurations. It's particularly useful for bisecting old versions of configurations to debug regressions.

Secret Management

Secrets are managed using Agenix and are stored in a separate, private, repo. A private repo was required for storing personal packages and some slightly sensitive configuration (not sensitive enough to require encryption). Therefore, it was decided that secrets might as well be placed in the private repo as well.

Backups

Restic is utilised for a declarative and opt-in backup solution. Rather than saving full system snapshots, specific paths are backed up on a per-module basis to minimise the amount of redundant data in contingency storage. The backup module has options for defining custom restore scripts and backup scripts if necessary.

About

My NixOS configurations

Topics

nixos nixos-configuration nix-flake

Resources

Readme

License

MIT license
Activity

Stars

13 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages