mira/nixos
1
0
Fork 0
Code Activity
NixOS configuration
179 commits 2 branches 0 tags 795 KiB
Find a file
Exact
mira 3fd1ea8951 flake: update
2026-01-29 01:31:30 +01:00
home feat(qrcode,elephant): adds qr-scan script with custom entry for elephant 2026-01-20 10:44:19 +01:00
hosts
.envrc
.gitignore
.sops.yaml
flake.lock flake: update 2026-01-29 01:31:30 +01:00
flake.nix
Justfile
README.md

README.md

NixOS Configuration

Modular NixOS + Home Manager configuration with impermanence.

Current hosts

Host Arch Role Hardware
hyades x86_64 Desktop Ryzen 7 3700X · RX 6800 XT · 32GB
naiads x86_64 Laptop Framework 13 (Ryzen AI 7 350 · 32GB)

Structure

The configuration lives in the user-writeable /persist/nixos-directory.

.
├── flake.nix         # Flake definition with all hosts
├── hosts
│   ├── modules
│   │   ├── core      # Core system configuration
│   │   └── desktop   # Desktop-specific system configuration
│   └── HOSTNAME      # Host-specific system configuration (incl. hardware-config)
└── home
    ├── modules
    │   ├── core      # Core home configuration
    │   └── desktop   # Desktop-specific home configuration
    └── HOSTNAME      # Host-specific home configuration

Usage

This configuration utilizes the helper NH.

Rebuild system

# Rebuild current host
nh os switch # zsh alias `rebuild`

# Rebuild specific host
nh os switch -H HOSTNAME

Update flake inputs

nh os switch -u # zsh alias `update`

Garbage collection

# Clean old generations
nh clean all

Adding a new host

Host preparation

Partitioning

# Set the disk name to make it easier
DISK=/dev/nvmeXn1 # replace this with the name of the device you are using
  • Set up the boot partition
parted "$DISK" -- mklabel gpt
parted "$DISK" -- mkpart ESP fat32 1MiB 1GiB # size: 1 GiB
parted "$DISK" -- set 1 boot on # assumes UEFI

mkfs.vfat -n BOOT "$DISK"p1
  • Set up swap partition
parted "$DISK" -- mkpart Swap linux-swap 1GiB 33GiB # size: 32 GiB
mkswap -L SWAP "$DISK"p2
swapon "$DISK"p2
  • Set up encrypted nixos partition
parted "$DISK" -- mkpart primary 33GiB 100%

cryptsetup --verify-passphrase -v luksFormat "$DISK"p3 # /dev/nvmeXn1p3
cryptsetup open "$DISK"p3 enc # the name enc is arbitrary, rename if you wish

mkfs.btrfs -L NIXOS /dev/mapper/enc
  • Mount the disk and create subvolumes via btrfs
mount -t btrfs /dev/mapper/enc /mnt

# First we create the subvolumes
btrfs subvolume create /mnt/nix
btrfs subvolume create /mnt/persist
btrfs subvolume create /mnt/log

umount /mnt
  • Mount subvolumes for the config
# /nix
mkdir /mnt/nix
mount -o subvol=nix,compress=zstd,noatime /dev/mapper/enc /mnt/nix

# /persist
mkdir /mnt/persist
mount -o subvol=persist,compress=zstd,noatime /dev/mapper/enc /mnt/persist

# /var/log
mkdir -p /mnt/var/log
mount -o subvol=log,compress=zstd,noatime /dev/mapper/enc /mnt/var/log

# Do not forget to mount the boot partition!
mkdir /mnt/boot
mount "$DISK"p1 /mnt/boot
  • Generate initial hardware-configuartion.nix
nixos-generate-config --root /mnt # available at /mnt/etc/nixos
  1. Create hosts/<hostname>/ directory
  2. Add boot.nix, file-systems.nix and hardware.nix (from the via nixos-generate-config generated hardware-configuration.nix)
  3. Add the default.nix that imports the host-specific system configuration and the necessary system modules
  4. Create home/<hostname>/default.nix that imports the host-specific home configuration and the necessary home modules
  5. Add host with their respective system to flake.nix:
nixosConfigurations = {
  # ...existing hosts...
  newhost = mkHost { system = "system"; hostname = "newhost"; };
};

Adding secrets via sops

  1. Add the config-wide AGE-SECRET-KEY to ~/.config/sops/age/keys.txt
  2. Create a host-specific system ssh-key under /etc/ssh (sudo ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N "")
  3. Change to nix-shell with sops and ssh-to-age (nix-shell -p sops ssh-to-age)
  4. Generate the host-specific public age-key for the system public ssh-key (ssh-to-age < /etc/ssh/ssh_host_ed25519_key.pub)
  5. Append the .sops.yaml with the host-specific public age-key and creation rule
keys:
  # Admin key
  # ...

  # Host keys
  # other host keys
  - &<hostname> age1...

creation_rules:
  # other host creation rules

  - path_regex: hosts/<hostname>/secrets\.yaml$
    key_groups:
      - age:
          - *admin
          - *<hostname>
  1. Create the host-specific hosts/<hostname>/secrets.yaml (sops hosts/<hostname>/secrets.yaml) and add the necessary secrets
    • Create the user ssh-key (ssh-keygen -t ed25519 -f /tmp/ssh_ed25519_<hostname> -N "")
    • Add the users private ssh-key (/tmp/ssh_ed25519_<hostname>) as ssh_private_key
  2. Add the users public ssh-key (/tmp/ssh_ed25519_<hostname>.pub) to home/<hostname>/ssh.nix

Persistence

Persisted directories are defined in:

  • System: hosts/modules/core/persistence.nixenvironment.persistence
  • Home: home/modules/core/persistence.nixhome.persistence

Add new directories as needed when installing new applications.