This is my configuration for NixOS and home-manager, meant to harmonize my different systems.
This is not necessarily an example of good practices. This is what I am (probably) currently using.
Be careful if you want to use this “template”, this is not a framework neither an easy-come-easy-go library.
The purpose of making this repository public is for me to be able to easily share my current configuration files with others. It is not expected that anyone would use these files verbatim. I update files frequently, often multiple times per day, and at any given point, some files might be broken. I often push commits just so I can easily move files from one computer to another to continue working on them. I will make tags when I think my setup is stable enough for others to use.
The entire system configuration is written in Nix. A top-level structure is written below:
.
├── flake.nix
├── flake.lock
├── shell.nix # Shell declaration for this repo
├── docs # Docs about different topics
├── lib # Utility functions
├── overlays # Package overlays
├── packages # Custom personal packages
└── system # Top level system configuration
├── hosts # System host specific configuration
└── modules # Modules containing custom system configuration
└── home/<user> # Top level home-manager configuration
├── hosts # System host specific configuration
└── modules # Modules containing custom configuration for the userA convenience script is provided to setup the system on the live ISO (currently btrfs).
jonringer gave a brief explanation as to why one might want to use Nix flakes.
- Download the latest build of Nixos or build your own (see here)
- Boot into the installer.
- Clone the repository and start the installation script in order to get a working installation (more info here)
- Enable nix-flakes with
nix-shell -p git nixFlakes(No need if you build the custom iso) - Install NixOS:
nixos-install --root //mnt --no-root-passwd --flake //mnt/etc/nixos#XYZ, where XYZ is [the host you want to install] - Reboot!
- Change your
$USERpassword - Enjoy!
Secret management is performed using the excellent [sops-nix](https://github.com/Mic92/sops-nix).
Generate an age based key for myself from an existing SSH key:
mkdir -p .config/sops/age
# Remove passphrase from key.
cp ~/.ssh/id_ed25519 tmp-key
chmod 0600 tmp-key
ssh-keygen -p -N "" -f tmp-key
nix run nixpkgs#ssh-to-age -- -private-key \
-i ~/tmp-key >.config/sops/age/keys.txt
# Protect private key.
chmod 0600 .config/sops/age/keys.txtGet the public age key:
nix-shell -p age --run "age-keygen -y ~/.config/sops/age/keys.txt"This key is then put into .sops.yaml.
Generate a public key for a target host:
ssh-keyscan -t ed25519 host | nix run nixpkgs#ssh-to-ageThis key is then also put into .sops.yaml.
Create an encrypted file:
nix run nixpkgs#sops -- secrets/example.yaml
cat secrets/example.yamlReference the secrets in the system configuration:
sops.defaultSopsFile = ./../example.yaml;
sops.secrets.example-key = {};
sops.secrets."myservice/my_subdir/my_secret" = {};To install home-manager, which is no longer applied automatically (at a bare minimum Git is required):
nix shell nixpkgs#git
nix build --no-link .#homeConfigurations.marcus@hostname.activationPackage
"$(nix path-info .#homeConfigurations.<user>@<hostname>.activationPackage)"/activatehome-manager is then available through home-manager --flake </path/to/the/flake>.#username@hostname' switch.
- Flakes;
- Nix pills;
- Nix Flakes - Part 1: Introduction and tutorial;
- Nix Flakes - Part 2: Evaluation caching;
- Nix Flakes - Part 3: Managing Nixos Systems;
- Xe on Flakes: Introduction;
- Xe on Flakes: Packages and How to use Them;
- Pratical Nix Flakes by Serokell;
- Nix flakes by Yanboyang;
- How to learn Nix;
- Nix flakes, and how to convert to them;