A general NixOS flake configuration, currently tailored for my System76 Serval WS laptop. Utilizes configurations from my existing dotfiles.
Features:
- Btrfs on LUKS encryption
- Impermanence (ephemeral root filesystem)
- Sway/Wayland desktop environment (seatd + auto-login)
- System76 hardware support + NVIDIA GPU + CUDA
- Home Manager for user environment
- zram swap with zstd compression
- Catppuccin theme (GTK/Qt) with Papirus icons
- VM and ISO build targets for testing
# run the VM (builds and launches QEMU)
nix run .#vm
# login: braden / testThe VM includes impermanence - root (/) resets on each boot while /home and /persist survive.
# build the ISO for hardware testing
nix build .#iso
# write to USB (replace /dev/sdX with your device)
sudo dd if=result/iso/*.iso of=/dev/sdX bs=4M status=progress
# boot and login: braden / nixos (or nixos / nixos)The ISO includes the full desktop environment for testing.
βββ flake.nix # main entry point
βββ hosts/
β βββ braden-serval-ws/ # System76 Serval WS config
β β βββ default.nix
β β βββ disko.nix # LUKS + Btrfs partitioning
β β βββ hardware.nix
β β βββ persistence.nix # impermanence config
β βββ vm/ # VM for testing
β β βββ default.nix
β β βββ disko.nix
β β βββ persistence.nix
β βββ iso/ # Live ISO for hardware testing
β βββ default.nix
βββ modules/
β βββ core/ # boot, nix, users, locale, zram, packages
β βββ desktop/ # sway, seatd, audio, fonts
β βββ hardware/ # system76, nvidia, cuda, bluetooth
β βββ services/ # networking (ssh, avahi), btrbk
βββ home/ # Home Manager config
βββ shell/ # zsh (oh-my-zsh), starship, direnv, gpg
βββ terminal/ # alacritty
βββ editor/ # neovim + AstroNvim
βββ desktop/ # sway, waybar, wofi, mako
βββ apps/ # git, dev-tools, jetbrains
βββ scripts/ # utility scripts from dotfiles
- NixOS minimal installer USB
- This repository cloned or accessible
# clone this repo
nix-shell -p git
git clone https://github.com/BradenM/nixos /tmp/nixos
cd /tmp/nixos# set LUKS password
echo "super-secret-password" > /tmp/disk-password
# run disko to partition and format
sudo nix --experimental-features "nix-command flakes" run \
github:nix-community/disko -- \
--mode disko ./hosts/braden-serval-ws/disko.nixThis creates:
/dev/nvme0n1p1- 1GB EFI partition β/boot/dev/nvme0n1p2- LUKS encrypted β Btrfs with subvolumes
# mount btrfs root
sudo mount -t btrfs -o subvol=/ /dev/mapper/cryptroot /mnt
# create read-only blank snapshot
sudo btrfs subvolume snapshot -r /mnt/@root /mnt/@root-blank
sudo umount /mnt# mount filesystems
sudo mount -t btrfs -o subvol=@root,compress=zstd,noatime /dev/mapper/cryptroot /mnt
sudo mkdir -p /mnt/{home,nix,persist,var/log,boot}
sudo mount -t btrfs -o subvol=@home,compress=zstd,noatime /dev/mapper/cryptroot /mnt/home
sudo mount -t btrfs -o subvol=@nix,compress=zstd,noatime /dev/mapper/cryptroot /mnt/nix
sudo mount -t btrfs -o subvol=@persist,compress=zstd,noatime /dev/mapper/cryptroot /mnt/persist
sudo mount -t btrfs -o subvol=@log,compress=zstd,noatime /dev/mapper/cryptroot /mnt/var/log
sudo mount /dev/nvme0n1p1 /mnt/boot
# generate hardware config
sudo nixos-generate-config --root /mnt --show-hardware-config > /tmp/hardware.nixReview /tmp/hardware.nix and merge relevant parts into target host.
sudo mkdir -p /mnt/persist/passwords
# set user password
echo "$(mkpasswd -m sha-512)" | sudo tee /mnt/persist/passwords/braden
# set root password (for emergency access)
echo "$(mkpasswd -m sha-512)" | sudo tee /mnt/persist/passwords/root
# secure permissions
sudo chmod 600 /mnt/persist/passwords/*sudo nixos-install --flake .#braden-serval-ws --no-root-passwdsudo rebootAfter boot, clone the NixOS configuration to a persistent location.
# clone to persist directory (survives impermanence resets)
git clone https://github.com/BradenM/nixos /persist/nixos
# or clone to home (also persists via @home subvolume)
git clone https://github.com/BradenM/nixos ~/nixoscd /persist/nixos # or ~/nixos
# edit configuration files
nvim home/default.nix
# test changes
sudo nixos-rebuild test --flake .#braden-serval-ws
# apply changes
sudo nixos-rebuild switch --flake .#braden-serval-ws
# commit and push
git add -A && git commit -m "description of changes"
git push| Location | Persists | Notes |
|---|---|---|
/persist/nixos |
Yes (bind-mounted) | Recommended for system config |
~/nixos |
Yes (@home subvolume) | Alternative location |
/etc/nixos |
Yes (bind-mounted) | Legacy location, not used by flakes |
/tmp/* |
No | Lost on reboot |
# test configuration (doesn't switch)
sudo nixos-rebuild test --flake .#braden-serval-ws
# switch to new configuration
sudo nixos-rebuild switch --flake .#braden-serval-ws
# build for next boot only
sudo nixos-rebuild boot --flake .#braden-serval-ws# update all inputs
nix flake update
# update specific input
nix flake lock --update-input nixpkgs# list generations
sudo nix-env --list-generations --profile /nix/var/nix/profiles/system
# rollback to previous generation
sudo nixos-rebuild switch --rollback
# boot menu also shows previous generations# remove old generations (keeps last 14 days by default)
sudo nix-collect-garbage -d
# remove specific generations
sudo nix-env --delete-generations +5 --profile /nix/var/nix/profiles/systemRoot (/) is ephemeral - it resets to a blank state on every boot. Only explicitly declared paths persist.
Via /persist (impermanence module):
/etc/nixos- NixOS configuration/etc/NetworkManager/system-connections- WiFi passwords/etc/ssh- SSH host keys/etc/machine-id- Machine identifier/var/lib/nixos- NixOS state/var/lib/systemd- Systemd state/var/lib/bluetooth- Bluetooth pairings
Via dedicated subvolumes:
/home- User home directories/nix- Nix store/var/log- System logs
- On boot, initrd runs a rollback script
- The
@rootsubvolume is deleted - A fresh
@rootis created from@root-blanksnapshot - The impermanence module bind-mounts paths from
/persist
Automatic hourly snapshots via btrbk:
# list snapshots
sudo btrbk list
# show snapshot details
sudo ls -la /mnt/btrfs-root/snapshots/
# manual snapshot
sudo btrbk run# mount btrfs root
sudo mount -t btrfs -o subvol=/ /dev/mapper/cryptroot /mnt
# list available snapshots
ls /mnt/snapshots/
# restore home from snapshot (example)
sudo btrfs subvolume delete /mnt/@home
sudo btrfs subvolume snapshot /mnt/snapshots/home.20240101T120000 /mnt/@home
sudo umount /mnt
sudo reboot# boot with init=/bin/sh
# mount and manually create blank snapshot
mount -t btrfs -o subvol=/ /dev/mapper/cryptroot /mnt
btrfs subvolume snapshot -r /mnt/@root /mnt/@root-blank| Target | Command | Description |
|---|---|---|
| Hardware | nixos-rebuild switch --flake .#braden-serval-ws |
Full System76 Serval WS config |
| VM | nix run .#vm |
QEMU VM with impermanence |
| ISO | nix build .#iso |
Live ISO for hardware testing |
The ISO is configured for testing on actual hardware before installation:
- Includes full Sway desktop with Home Manager config
- Manual TTY login (no auto-login), run
swayafter login to start desktop - Login as
braden(password:nixos) for full desktop - Login as
nixos(password:nixos) for basic testing - SSH enabled for remote access (root login allowed for installation)