This is a set of simple, opinionated wrappers around nixos-rebuild
All wrappers are in the form COMMAND MACHINE_NAME [NIX_OPTIONS]
, example:
# build 'bigmachine' remotely on 'myname@bigmachine', switch 'bigmachine' to the built config
switch-pull myname@bigmachine --show-trace
Flakem assumes that MACHINE_NAME
is the same in both flake.nix
and one of:
- IP address
- DNS name
string in SSH config
It also assumes the target is already an installed NixOS system; if this is not the case, initial deployment can be done with nixos-anywhere, eg:
nix run github:nix-community/nixos-anywhere -- \
--flake .#HOSTNAME --build-on-remote root@HOST_IP
# build machine locally
nix run github:siriobalmelli/flakem/master#build $(hostname)
# build machine remotely
nix run github:siriobalmelli/flakem/master#build-there bigmachine # can also be 'myuser@bigmachine'
# build machine locally, apply locally
nix run github:siriobalmelli/flakem/master#switch $(hostname)
# build machine remotely, apply remotely
nix run github:siriobalmelli/flakem/master#switch-pull myuser@bigmachine # can also be 'bigmachine'
# build machine locally, apply remotely
nix run github:siriobalmelli/flakem/master#switch-push bigmachine # can also be 'myuser@bigmachine'
# switch-pull, followed by a reboot and a nix-collect-garbage
nix run github:siriobalmelli/flakem/master#switch-pull-reset root@ another-machine
# switch-push, followed by a reboot and a nix-collect-garbage
nix run github:siriobalmelli/flakem/master#switch-push-reset internal-machine
# timeout-loop waiting for successful ssh
nix run github:siriobalmelli/flakem/master#ssh-wait my-host "uname -a"
description = "My Flake";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
flake-utils.url = "github:numtide/flake-utils";
flakem = {
url = "github:siriobalmelli/flakem";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
outputs = {
}: let
inherit (flake-utils.lib) eachDefaultSystem;
eachDefaultSystem (system: let
pkgs = import nixpkgs {
inherit system;
overlays = [self.overlays.default];
in {
packages = {
inherit (pkgs) build build-there ssh-wait switch switch-pull switch-pull-reset switch-push switch-push-reset;
# ... other packages here
// {
nixosConfigurations = {
bigmachine = nixpkgs.lib.nixosSystem {
# NixOS configuration
Then, from that flake's directory:
# build and deploy remotely
nix run .#switch-pull bigmachine
# etc ...
# called from a flake with 'specialArgs = { inherit inputs; };'
{inputs, lib, ...}: with lib; {
imports = [
packages.flakem.enable = mkDefault true;
These scripts are really only shorthands for invocations of nixos-rebuild
which also supply the nixos-rebuild
All scripts execute with set -x
to show the exact parameter set being passed
to nixos-rebuild
Note that nixos-rebuild
will run on non-nixos hosts, such as Darwin.
- CI with
nix flake update