Leveraging nix, nix-os and other funny magic man words to apply machine and home configurations

Repository Documentation

Having used a variety of infracture as code solutions - and having found them lacking in some areas, it is time to give nix a go. Frustrations with other methods tend to be bitrot and config drift - very annoying to want to do a quick disaster recovery and find your have different versions of modules/utilities, breaking changes in code you didnt catch, etc.

To Install

# nixos-rebuild switch --flake github:truxnell/nix-config#HOST

• Learn nix
• Mostly reproduce features from my existing homelab
• Replace existing ubuntu-based 'NAS'
• Handle secrets - decided on SOPS for simplicity
• Keep it simple, use trusted boring tools
• Establish code quality infrastructure (formatting, linting, pre-commit)

• Expand usage to other shell environments such as WSL, etc
• Comprehensive testing infrastructure
• Enhanced CI/CD workflows
• Developer experience improvements

• Additional hosts (NUC, RasPi)
• VM build configurations
• Expanded monitoring and observability

• Github Actions update fly.io instances (Bitwarden)
• Bring over hosts (landed on bazzite for laptop/gaming desktop)
  • NAS
  • NUC
  • JJY raspi
• Documentation!
• ssh_config build from computers?
• Modularise host to allow vm builds and hw builds
• Add license
• Add taskfiles

• Ensure secrets are grabbed from note and all sops re-encrypte with task sops:re-encrypt
• Add to relevant github action workflows
• Add to .github/settings.yaml for PR checks

cd ~/dotfiles
sudo nixos-rebuild switch --flake .
# This will automatically pick the configuration name based on the hostname

Applying configuration changes to a remote machine can be done as follows:

cd ~/dotfiles
nixos-rebuild switch --flake .#nameOfMachine --target-host machineToSshInto --use-remote-sudo

Before committing changes:

# Format code
just fmt

# Run linting
just lint

# Run comprehensive checks (lint + pre-commit)
just check

# Run full test suite
just test-all

Install pre-commit hooks for automatic checks:

just pre-commit-init

This will run formatting, linting, and security checks automatically on commit.

Run validation tests:

# Quick validation
nix flake check --no-build

# Comprehensive test suite
./test-flake.sh

# Test specific host configuration
nix eval --impure .#nixosConfigurations.daedalus.config.system.name

See Testing Guide for more details.

Eval config to see what keys are being set.

nix eval .#nixosConfigurations.rickenbacker.config.security.sudo.WheelNeedsPassword
nix eval .#nixosConfigurations.rickenbacker.config.mySystem.security.wheelNeedsPassword

And browsing whats at a certain level in options - or just use nix-inspect TUI

nix eval .#nixosConfigurations.rickenbacker.config.home-manager.users.truxnell --apply builtins.attrNames --json

Quickly run a flake to see what the next error message is as you hack.

nixos-rebuild dry-run --flake . --fast --impure

• Misterio77/nix-starter-config
• billimek/dotfiles
• Erase your Darlings
• NixOS Flakes