Skip to content

JManch/nixos

4 Branches0 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

JManchJManch
advanced-camera-card: 6.2.2 -> 7.3.6
Mar 20, 2025
72eba35 · Mar 20, 2025

History

3,039 Commits
homes
homes
Mar 18, 2025
hosts
hosts
Mar 19, 2025
lib
lib
Mar 19, 2025
modules
modules
Mar 20, 2025
npins
npins
Mar 20, 2025
patches
patches
Mar 20, 2025
pkgs
pkgs
Mar 20, 2025
templates
templates
Sep 12, 2024
.gitignore
.gitignore
Jul 26, 2024
LICENSE
LICENSE
Mar 2, 2024
README.md
README.md
Mar 17, 2025
flake.lock
flake.lock
Mar 18, 2025
flake.nix
flake.nix
Mar 19, 2025

Repository files navigation

blank-workspace light-dark-split

Overview

  • Hyprland desktop environment integrated with systemd using UWSM
  • Single-command deployment with Disko and NixOS Anywhere
  • Fully modular configuration utilising NixOS module options
  • Tmpfs root file system with opt-in persistence—no stateful cruft
  • Persistent ZFS file system with full-disk encryption and compression
  • Passwordless disk decryption with Secure Boot and TPM
  • Declarative base-16 color scheme config with light/dark theme switching
  • Secret management using Agenix (secrets stored in private repo)
  • Declarative Restic backup system with remote redundancy

Structure

All system and Home Manager modules are stored under the modules directory. Options are used heavily to enable, disable, or modify modules on each host. Each host has two entry points for module configuration: hosts/<hostname>/default.nix for system configuration and homes/<hostname>.nix for Home Manager configuration.

Modules are imported using a wrapper lib/module-wrapper.nix that aims to reduce boilerplate and enforce a strict structure for options under a custom namespace.

Deployment

Hosts can be deployed with a single command. There is no need to manually copy SSH keys for secret deployment. All that's required is a master password. Everything, including secrets, will be installed.

Run build-iso to get a custom install ISO. The ISO authenticates my SSH key and provides the install script install-host <hostname>.

The configuration also supports running a VM-variant of any host using run-vm <hostname>. This enables easy debugging/testing of host configurations. It's particularly useful for bisecting old versions of configurations to debug regressions.

Secret Management

Secrets are managed using Agenix and are stored in a separate private repo. A private repo was required for storing personal packages and some slightly sensitive configuration (not sensitive enough to require encryption). Therefore, it was decided that secrets might as well be placed in the private repo as well.

Backups

Restic is utilised for a declarative and opt-in backup solution. Rather than saving full system snapshots, specific paths are backed up on a per-module basis to minimise the amount of redundant data in contingency storage. The backup module has options for defining custom restore scripts and backup scripts if necessary.

About

My NixOS configurations

Topics

dotfiles nixos home-assistant nixos-configuration nix-flake hyprland

Resources

Readme

License

MIT license
Activity

Stars

28 stars

Watchers

3 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages