{"id":47791910,"url":"https://github.com/ryanjdillon/nix-config","last_synced_at":"2026-04-03T15:48:30.258Z","repository":{"id":336925011,"uuid":"1151696247","full_name":"ryanjdillon/nix-config","owner":"ryanjdillon","description":"NixOS flake configuration managing multiple hosts with modular architecture, automated secret management, and k3s cluster orchestration.","archived":false,"fork":false,"pushed_at":"2026-03-31T16:53:58.000Z","size":890,"stargazers_count":0,"open_issues_count":4,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-31T18:42:09.366Z","etag":null,"topics":["dotfiles","infrastructure-as-code","k3s","kubernetes","nix-flakes","nixos"],"latest_commit_sha":null,"homepage":"","language":"Nix","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ryanjdillon.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-06T19:34:57.000Z","updated_at":"2026-03-24T20:33:11.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/ryanjdillon/nix-config","commit_stats":null,"previous_names":["ryanjdillon/nix-config"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/ryanjdillon/nix-config","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryanjdillon%2Fnix-config","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryanjdillon%2Fnix-config/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryanjdillon%2Fnix-config/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryanjdillon%2Fnix-config/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ryanjdillon","download_url":"https://codeload.github.com/ryanjdillon/nix-config/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryanjdillon%2Fnix-config/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31360829,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-03T15:19:21.178Z","status":"ssl_error","status_checked_at":"2026-04-03T15:19:20.670Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dotfiles","infrastructure-as-code","k3s","kubernetes","nix-flakes","nixos"],"created_at":"2026-04-03T15:48:29.647Z","updated_at":"2026-04-03T15:48:30.243Z","avatar_url":"https://github.com/ryanjdillon.png","language":"Nix","funding_links":[],"categories":[],"sub_categories":[],"readme":"# nix-config\n\nNixOS flake configuration managing multiple hosts with modular architecture, automated secret management, and k3s cluster orchestration.\n\n## Features\n\n- šŸ—ļø **Modular Architecture** - Reusable components with explicit enable flags\n- šŸ” **SOPS Secret Management** - Age-encrypted secrets with placeholder substitution\n- šŸ³ **k3s Cluster** - Raspberry Pi control plane with x86_64 worker nodes\n- šŸ  **Home Automation** - Home Assistant, Zigbee2MQTT, Mosquitto on ARM64\n- šŸ–„ļø **Multi-Architecture** - x86_64 desktops and ARM64 Raspberry Pi with cross-compilation\n- šŸ”„ **Automated Deployment** - Network deployment with deploy-rs, token rotation tools\n\n## Hosts\n\n| Host | Platform | Role | Key Features |\n|------|----------|------|--------------|\n| **rincon** | x86_64 (ThinkPad X1 Gen 12) | Laptop | Fingerprint reader, Azure CLI, Docker |\n| **solimar** | x86_64 (Desktop) | k3s Worker | General compute, NVIDIA RTX 2060, Frigate NVR |\n| **laconchita** | x86_64 (Desktop) | k3s Worker | AI/ML compute, NVIDIA RTX 3090, Coral TPU |\n| **faria** | ARM64 (RPi 4) | k3s Control Plane | Home automation, IoT hub |\n| **mondos** | x86_64 (ThinkPad X280) | Laptop | Ultraportable, 8th gen Intel |\n\n## Quick Start\n\n```bash\n# Clone repository\ngit clone \u003crepository-url\u003e \u0026\u0026 cd nix-config\n\n# Configure secrets\nsops secrets.yaml\n\n# Build and deploy\nsudo nixos-rebuild switch --flake .#\u003chostname\u003e\n```\n\nšŸ“– **Full setup instructions:** [Quickstart Guide](docs/quickstart.md)\n\n## Documentation\n\n### Getting Started\n- [Quickstart Guide](docs/quickstart.md) - Initial setup and deployment\n- [Architecture Overview](CLAUDE.md#architecture-overview) - System design and patterns\n- [Network Topology](docs/network-topology.md) - Network and service architecture\n\n### Operations\n- [Secret Management](docs/secret-management.md) - SOPS encryption and secret access patterns\n- [Raspberry Pi Deployment](docs/rpi-build.md) - ARM64 cross-compilation and SD card creation\n- [k3s Token Management](docs/k3s-token-management.md) - Cluster token rotation\n- [Troubleshooting](docs/troubleshooting.md) - Common issues and solutions\n\n## Common Commands\n\n```bash\n# Build and deploy\nsudo nixos-rebuild switch --flake .#\u003chostname\u003e\n\n# Build ARM64 SD image\nnix build .#packages.x86_64-linux.faria\n\n# Deploy to Raspberry Pi\ndeploy .#faria\n\n# Rotate k3s token\nnix run .#rotate-k3s-token\n\n# Edit secrets\nsops secrets.yaml\n\n# Home Manager\nhome-manager switch --flake .\n```\n\n## Architecture\n\n### Directory Structure\n\n```\nnix-config/\nā”œā”€ā”€ flake.nix # Flake orchestration and outputs\nā”œā”€ā”€ hosts/ # Host-specific configurations\nā”‚ ā”œā”€ā”€ rincon/\nā”‚ ā”œā”€ā”€ solimar/\nā”‚ ā”œā”€ā”€ laconchita/\nā”‚ ā””ā”€ā”€ faria/\nā”œā”€ā”€ modules/ # Reusable modules (disabled by default)\nā”‚ ā”œā”€ā”€ desktop/ # GNOME, printing, scanning\nā”‚ ā”œā”€ā”€ hardware/ # GPU, TPU, platform-specific\nā”‚ ā”œā”€ā”€ services/ # k3s, Frigate, Home Assistant\nā”‚ ā””ā”€ā”€ system/ # Users, SOPS, base configuration\nā”œā”€ā”€ hardware/ # Hardware profiles\nā”œā”€ā”€ systems/ # Base system configuration\nā”œā”€ā”€ users/ # Home-manager configurations\nā”œā”€ā”€ docs/ # Documentation\nā””ā”€ā”€ scripts/ # Automation scripts\n```\n\n### Module System\n\nAll modules follow the pattern:\n\n```nix\n{ lib, config, ... }:\nlet cfg = config.modules.\u003ccategory\u003e.\u003cname\u003e;\nin {\n options.modules.\u003ccategory\u003e.\u003cname\u003e.enable = lib.mkEnableOption \"description\";\n config = lib.mkIf cfg.enable {\n # Module implementation\n };\n}\n```\n\nModules are composed in host configurations like building blocks.\n\n## k3s Cluster\n\n```mermaid\ngraph TB\n Internet((Internet))\n\n subgraph Cloud[\"ā˜ļø AWS Cloud\"]\n Bastion[\"šŸŒ Bastion\u003cbr/\u003eCloud VM\u003cbr/\u003ePublic Access\"]\n end\n\n subgraph HomeNet[\"šŸ  Home Network\"]\n subgraph K3s[\"k3s Cluster\"]\n Control[\"šŸŽ›ļø faria\u003cbr/\u003eRaspberry Pi 4\u003cbr/\u003eARM64\u003cbr/\u003eControl Plane\"]\n\n Worker1[\"āš” solimar\u003cbr/\u003eAMD Ryzen\u003cbr/\u003eRTX 2060\u003cbr/\u003eGeneral Compute\"]\n Worker2[\"šŸ¤– laconchita\u003cbr/\u003eIntel\u003cbr/\u003eRTX 3090 + Coral TPU\u003cbr/\u003eAI/ML Workload\"]\n end\n end\n\n Internet --\u003e|HTTPS| Bastion\n Bastion -.-\u003e|Tailscale VPN| Control\n Control ==\u003e|k3s API\u003cbr/\u003e:6443| Worker1\n Control ==\u003e|k3s API\u003cbr/\u003e:6443| Worker2\n\n classDef cloud fill:#FF9900,stroke:#232F3E,stroke-width:2px,color:#fff\n classDef control fill:#326CE5,stroke:#fff,stroke-width:2px,color:#fff\n classDef worker fill:#00D4AA,stroke:#fff,stroke-width:2px,color:#fff\n classDef aiml fill:#E91E63,stroke:#fff,stroke-width:2px,color:#fff\n\n class Bastion cloud\n class Control control\n class Worker1 worker\n class Worker2 aiml\n```\n\n**Architecture:**\n- **Control Plane:** faria (ARM64) - k3s server, home automation hub\n- **General Compute:** solimar (RTX 2060) - Frigate NVR, media services\n- **AI/ML Workload:** laconchita (RTX 3090 + Coral TPU) - AI/ML compute with GPU taints\n- **External Access:** AWS bastion connected via Tailscale VPN\n\n## Secret Management\n\nSecrets are encrypted with SOPS-nix and age encryption:\n\n```bash\n# Edit secrets\nsops secrets.yaml\n\n# Access in configuration (two patterns)\nconfig.sops.placeholder.\"key\" # Placeholder substitution for generated configs\nconfig.sops.secrets.\"key\".path # Runtime path for file-based access\n```\n\nšŸ“– **Complete guide:** [Secret Management](docs/secret-management.md)\n\n## Development\n\n### Prerequisites\n\n- NixOS with flakes enabled\n- SOPS and age for secret management\n- Deploy-rs for remote deployment (optional)\n\n### Building\n\n```bash\n# Validate configuration\nnixos-rebuild build --flake .#\u003chostname\u003e\n\n# Test in VM (x86_64 only)\nsudo nixos-rebuild build-vm --flake .#\u003chostname\u003e\n./result/bin/run-\u003chostname\u003e-vm\n```\n\n### Contributing\n\n1. Create logical, atomic commits\n2. Use conventional commit format (feat/fix/refactor/docs/chore)\n3. Remove trailing whitespace: `nowhite ./`\n4. Test builds before pushing\n\n## License\n\nPersonal configuration repository. Use at your own risk.\n\n## References\n\n- [NixOS Manual](https://nixos.org/manual/nixos/stable/)\n- [Home Manager Manual](https://nix-community.github.io/home-manager/)\n- [SOPS-nix](https://github.com/Mic92/sops-nix)\n- [deploy-rs](https://github.com/serokell/deploy-rs)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fryanjdillon%2Fnix-config","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fryanjdillon%2Fnix-config","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fryanjdillon%2Fnix-config/lists"}