Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/nicdumz/nix-config
Configurations for my machines and home directories.
https://github.com/nicdumz/nix-config
dotfiles nix nixos
Last synced: 15 days ago
JSON representation
Configurations for my machines and home directories.
- Host: GitHub
- URL: https://github.com/nicdumz/nix-config
- Owner: nicdumz
- License: mit
- Created: 2025-01-10T21:23:29.000Z (about 1 month ago)
- Default Branch: main
- Last Pushed: 2025-01-26T08:59:54.000Z (16 days ago)
- Last Synced: 2025-01-26T09:27:52.252Z (16 days ago)
- Topics: dotfiles, nix, nixos
- Language: Nix
- Homepage:
- Size: 1.08 MB
- Stars: 0
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Nix configurations
This is a replacement of my previous [dotfiles](https://github.com/nicdumz/dotfiles) setup, except
that on top of user configuration intent this repo also encodes machine configuration intent.
- Nix + Home Manager manage the "dotfiles" home user configuration intent.
- Where I can control the OS, I run NixOS.
## Structure
I follow exactly the structure from [snowfall-lib](https://snowfall.org/guides/lib/quickstart/) and
recommend a read to understand their philosophy.
```
├── nix/ snowfall-lib structure
│── secrets/ sops encrypted secrets
├── .envrc direnv directive
├── README.md Github Repo landing page
├── flake.nix Core flake
├── flake.lock Lockfile
└── LICENSE Project License
```
## Features
- Secret management: integration with `sops`/`sops-nix` lets me check-in encrypted secrets. My FIDO2 keys allow for decryption/rewrapping for a new host's pubkey. After deployment to a new host, the host can decrypt its secrets, exposing them via `/run/...` to the correct application.
- TODO: actually not FIDO yet...
- Multi-machine, multi-user by design.
- `disko` handles partition layout for new installs.
- Development on this repo:
- I cannot commit to the `main` branch, instead I need to use feature branches, via Github PRs.
Each PR integrates with [Garnix](https://garnix.io/), building all the hosts, and validating configs.
- `direnv` integration: if you `cd` into the repo you should get a useable development environment.
- `nix fmt` in this repo just does the right thing.
- A few git hooks enforcing best practices.
## Usage examples
Everyday usage:
```sh
colmena build # builds all hosts
colmena apply # apply to all remote hosts
colmena apply-local --sudo build # build for my local host
colmena apply-local --sudo switch # apply for my local host
```
Building an iso for a liveusb purpose:
```sh
nix build .#nixosConfigurations.liveusb.config.system.build.isoImage
```
Deploying a new machine locally (with disk partitioning):
```sh
sudo nix run 'github:nix-community/disko/latest#disko-install' -- --write-efi-boot-entries --flake '.#bistannix' --disk main /dev/sda
```
## Inspiration
- https://truxnell.github.io/nix-config/ is a great read.
- https://github.com/jakehamilton/config fairly clean repo using snowfall-lib.