Here's my NixOS/home-manager config files. Requires Nix flakes.
Looking for something simpler to start out with flakes? Try my starter config repo.
Highlights:
- NixOS configurations: desktop, laptop, servers
- Opt-in persistence through impermanence + blank snapshotting
- Encrypted single BTRFS partition (with disko for declarative partitioning)
- Secure Boot via lanzaboote
- Fully declarative self-hosted stuff
- Deployment secrets using sops-nix
- Mesh networked hosts with tailscale and headscale
- Flexible Home Manager configs through feature flags
- Extensively configured hyprland environment
- Declarative themes and wallpapers
- Hydra CI/CD builds every host, serves a binary cache, and hosts auto-upgrade by pull deployment
All my computers use a single btrfs (encrypted on all except headless systems)
partition, with subvolumes for /nix, a /persist directory (which I opt in
using impermanence), swap file, and a root subvolume (cleared on every boot).
Home-manager is used as a NixOS module, integrated via home-manager.users.
For deployment secrets (such as user passwords and server service secrets), I'm
using the awesome sops-nix. All secrets
are encrypted with my personal PGP key (stored on a YubiKey), as well as the
relevant systems's SSH host keys.
On my desktop and laptop, I use pass for managing passwords, which are
encrypted using (you bet) my PGP key. This same key is also used for mail
signing, as well as for SSH'ing around.
Most relevant user apps daily drivers:
- hyprland + hypridle + hyprlock
- waybar
- helix
- fish
- alacritty
- qutebrowser
- neomutt + mbsync
- khal + khard + todoman + vdirsyncer
- gpg + pass
- tailscale
- podman
- zathura
- wofi
- bat + fd + rg
- kdeconnect
Some of the services I host:
- hydra
- jellyfin
- *arrs (including torrent and usenet)
- prometheus
- websites (such as https://m7.rs)
- minecraft
- headscale
Nixy stuff:
- sops-nix
- impermanence
- disko
- lanzaboote
- home-manager
- and NixOS and nix itself, of course :)
Let me know if you have any questions about them :)