{"id":34642028,"url":"https://github.com/lanathlor/nixos","last_synced_at":"2026-05-18T16:33:22.178Z","repository":{"id":197596978,"uuid":"698130897","full_name":"lanathlor/nixos","owner":"lanathlor","description":null,"archived":false,"fork":false,"pushed_at":"2026-04-15T09:15:01.000Z","size":5473,"stargazers_count":0,"open_issues_count":1,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-04-15T10:37:26.577Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Nix","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lanathlor.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-09-29T08:19:30.000Z","updated_at":"2026-04-15T09:15:05.000Z","dependencies_parsed_at":"2023-10-01T15:58:19.643Z","dependency_job_id":"c39c7566-b95c-4f1e-847f-bdb1849af9f8","html_url":"https://github.com/lanathlor/nixos","commit_stats":null,"previous_names":["lanathlor/nixos"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/lanathlor/nixos","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lanathlor%2Fnixos","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lanathlor%2Fnixos/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lanathlor%2Fnixos/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lanathlor%2Fnixos/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lanathlor","download_url":"https://codeload.github.com/lanathlor/nixos/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lanathlor%2Fnixos/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33184156,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-18T09:27:30.708Z","status":"ssl_error","status_checked_at":"2026-05-18T09:27:28.300Z","response_time":71,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-12-24T17:24:00.995Z","updated_at":"2026-05-18T16:33:22.173Z","avatar_url":"https://github.com/lanathlor.png","language":"Nix","funding_links":[],"categories":[],"sub_categories":[],"readme":"# NixOS Configuration\n\nPersonal NixOS flake for two users across multiple machines, built with Home Manager.\n\n## Secrets Management\n\nThis repository uses [sops-nix](https://github.com/Mic92/sops-nix) to manage sensitive information like API keys and tokens.\n\n### Initial Setup\n\n1. **Generate an age key** (one-time per machine):\n   ```bash\n   sudo mkdir -p /var/lib/sops-nix\n   sudo age-keygen -o /var/lib/sops-nix/key.txt\n   sudo chmod 600 /var/lib/sops-nix/key.txt\n   ```\n\n2. **Get your public key**:\n   ```bash\n   sudo age-keygen -y /var/lib/sops-nix/key.txt\n   # Output: age1xxxxxx...\n   ```\n\n3. **Update `.sops.yaml`** with your public key:\n   ```yaml\n   creation_rules:\n     - path_regex: secrets/.*\\.yaml$\n       age: \u003e-\n         age1your-public-key-here\n   ```\n\n### Creating Secrets\n\n1. **Create the secrets file** from the example:\n   ```bash\n   cp secrets/secrets.yaml.example secrets/secrets.yaml\n   ```\n\n2. **Encrypt with sops**:\n   ```bash\n   sops -e -i secrets/secrets.yaml\n   ```\n\n3. **Edit encrypted secrets** (sops decrypts in-place):\n   ```bash\n   sops secrets/secrets.yaml\n   ```\n\n### Secrets File Format\n\n```yaml\ngithub_token: ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\ngitlab_token: glpat-xxxxxxxxxxxxxxxxxxxx\n```\n\n### How It Works\n\n- Secrets are encrypted in `secrets/secrets.yaml` and committed to git\n- On NixOS rebuild, sops-nix decrypts them to `/run/secrets/\u003csecret_name\u003e`\n- The age private key at `/var/lib/sops-nix/key.txt` is used for decryption\n- Secrets are only readable by root and the `users` group\n\n### Adding New Secrets\n\n1. Add the key to `secrets/secrets.yaml`:\n   ```bash\n   sops secrets/secrets.yaml\n   # Add: my_new_secret: \"value\"\n   ```\n\n2. Define the secret in `modules/system/security/sops/default.nix`:\n   ```nix\n   sops.secrets.my_new_secret = {\n     owner = \"root\";\n     group = \"users\";\n     mode = \"0440\";\n   };\n   ```\n\n3. Rebuild: `sudo nixos-rebuild switch --flake .#\u003chost\u003e`\n\nThe secret will be available at `/run/secrets/my_new_secret`.\n\n\n```\nflake.nix                     Entry point — nixosConfigurations\nhosts/                        Per-machine configs + hardware configuration files\nmodules/\n  games/                      Gaming-related modules (wago-addons, warcraftlogs)\n  nix/                        Nix daemon settings\n  rice/                       Desktop environment modules (Hyprland, GNOME, themes)\n  services/                   System services (SSH, Traefik, Ollama)\n  system/                     Core system config (users, virtualization)\nhome/\n  \u003cuser\u003e.nix                  Top-level Home Manager entry per user\n  programs/                   Per-program HM configs\n  services/                   Per-service HM configs (Dunst)\n  themes/                     Theme system (registry, per-theme assets)\noverlays/                     Custom package overlays\nusers/\n  lanath/profile.nix          Personal data for user lanath (single source of truth)\n  mushu/profile.nix           Personal data for user mushu\nkeys/                         SSH public keys (one file per user)\n```\n\n## Forking\n\n### 1. Create a user profile\n\nCopy an existing profile and fill in your data:\n\n```bash\ncp -r users/lanath users/\u003cyourname\u003e\n$EDITOR users/\u003cyourname\u003e/profile.nix\n```\n\nFields to update:\n- `username` — your Unix username\n- `homeDir` — your home directory (usually `/home/\u003cusername\u003e`)\n- `hashedPassword` — generate with `mkpasswd -m yescrypt`\n- `sshKeyFiles` — list of filenames in `keys/` to authorize for SSH login\n- `git.*` — name, email(s), GPG key fingerprint\n\nAdd your SSH public key(s) to `keys/`:\n\n```bash\ncp ~/.ssh/id_ed25519.pub keys/\u003cyourname\u003e.pub\n```\n\n### 2. Add a system user module\n\n```bash\ncp modules/system/user/lanath.nix modules/system/user/\u003cyourname\u003e.nix\n# Edit the import path to point to your profile\n$EDITOR modules/system/user/\u003cyourname\u003e.nix\n```\n\n### 3. Add a Home Manager config\n\n```bash\ncp home/lanath.nix home/\u003cyourname\u003e.nix\n$EDITOR home/\u003cyourname\u003e.nix\n```\n\nCopy and adjust the per-program configs under `home/programs/` as needed.\n\n### 4. Create a host\n\n```bash\ncp hosts/lanath-desktop.nix hosts/\u003chostname\u003e.nix\n$EDITOR hosts/\u003chostname\u003e.nix\n```\n\nGenerate your hardware configuration:\n\n```bash\nnixos-generate-config --show-hardware-config \u003e hosts/\u003chostname\u003e-hardware-configuration.nix\n```\n\nReplace the hardware UUID and kernel module references with the generated output.\n\n### 5. Register in flake.nix\n\nIn `flake.nix`, add your user to `homeManagerModule`:\n\n```nix\nhome-manager.users.\u003cyourname\u003e = import ./home/\u003cyourname\u003e.nix;\n```\n\nAnd add your host to `nixosConfigurations`:\n\n```nix\n\u003chostname\u003e = mkHost ./hosts/\u003chostname\u003e.nix;\n```\n\n### 6. Build\n\n```bash\nsudo nixos-rebuild switch --flake .#\u003chostname\u003e\n# or\nmake \u003chostname\u003e\n```\n\n## Common Commands\n\n| Command | Description |\n|---------|-------------|\n| `make \u003chost\u003e` | Rebuild and switch to a host config |\n| `make update` | Update all flake inputs |\n| `make clean` | Remove old generations and collect garbage |\n| `nix build .#nixosConfigurations.\u003chost\u003e.config.home-manager.users.\u003cuser\u003e.home.activationPackage` | Test HM build without switching |\n\n## Hardware Notes\n\nThe `*-hardware-configuration.nix` files contain machine-specific UUIDs and kernel modules. They are **not reusable** across machines — always generate a fresh one with `nixos-generate-config` on your target hardware.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flanathlor%2Fnixos","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flanathlor%2Fnixos","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flanathlor%2Fnixos/lists"}