NixOS Configurations
Here are my NixOS configurations.
These allows for system portability and configuration from machine to machine with a small amount of changes (usually disks, partitions, or hardware changes) once and enjoy a many times forward. The configurations allow for a base system to be installed, with a core amount of applications to operate. They shine when you add something like Home Manager is installed to allow for discrete per-user configuration of the environment. If you are looking for that configuration head on over to my Nix Home Manager | Dotfiles Repository.
If you would like to base your own configuration from this, you will need to be able to use Nix flakes.
Highlights:
-
BTRFS subvolume implementation with hourly automatic snapshots
-
Impermanence toggled for a clean installation on each reboot
-
Toggled full disk encryption
-
Support for RAID configurations
-
Deployment of secrets using sops-nix
-
Some real interesting bash scripts for automating common tasks
-
Declarative themes and wallpapers with nix-colors
-
I
sort of blewspent the summer of 2023 moving into this configuration after waving a fond farewell to near 2 decades of running Arch Linux. This, as with life, is still WIP. I documented the process on the Tired of IT! NixOS chapter on my website.
Tree Structure
flake.nix
: Entrypoint for NixOS configurations.hosts
: Host Configurationscommon
: Shared configurations consumed by all hosts.secrets
: Secrets that are available to all users
<host_a>
: "host_a" specific hardware and host configurationsecrets
: Secrets that are specific to the 'host_a' host
...
: And so on as above with other hosts
lib
: Helpers, functions, libraries and timesaversmodules
: Modules that are specific to this implementation and allow for toggled configurationapplication
: Applications accessible to all users of systemcontainer
: Containers using some sort of OCI container enginefeatures
: Features such as virtualization, gaming, cross compilationfilesystem
: Encryption, impermanence, BTRFS optionshardware
: Bluetooth, Printing, Sound, Wirelessnetwork
: Firewalls and VPNsservice
: Miscellanious daemons
overlays
: Ammendments and updates to packages that exist in the nix ecospherepkgs
: Custom packages, services, scripts that are specific to this installationusers
: Individual User folders
Usage
Manual approach
Get your installer disc booted up and your disks partitioned. I took notes on how I did an install with BTRFS and encryption on my website. Once you have your partitions created and subvolumes mounted then we can continue..
- Generate your
hardware-configuration.nix
file.
nixos-generate-config --root /mnt --file /tmp
- Go ahead and clone this repository.
nix-shell -p git nixFlakes
git clone https://github.com/tiredofit/nixos-config.git /mnt/etc/nixos
-
Either create a new host entry in
flake.nix
and add associated bits to thehosts
folder or modify one of the existing hostshardware-configuration.nix
with what you generated above. That's kinda janky, but it'll get you started.. -
Install your new NixOS system
nixos-install --root /mnt --flake /mnt/etc/nixos#<host>
Optimized deployment via script
- Use the included deployment script on an Arch or NixOS system to:
- Add remove new hosts and templates
- Update Flake
- Update running system
- Generate SSH Key and AGE keys per host
- Update host / repository secrets
- Remotely install a new system based on configuration via SSH
- Build locally and remotely update an in place system via SSH
Configuring a system
Features are toggleable via the host
configuration options. Have a look insie the modules/nixos
folder for options available.
For example to have a base AMD system using with an integrated GPU using BTRFS as a file system that allowed SSH, Docker, and a hardware webcam it would be configured as such:
host = {
hardware = {
cpu = "amd";
graphics = {
acceleration = true;
displayServer = "x";
gpu = "integrated-amd";
};
webcam.enable = true;
};
network = {
hostname = "samplehostname" ;
domainname = "tiredofit.ca" ;
};
role = server;
};
This very much relies on the modules/roles
folder and sets defaults per role, which can be overridden in each hosts unique configuration.
Keep it up to date
sudo nix flake update /etc/nixos/
sudo nixos-rebuild switch --flake /etc/nixos/#<host>
Managing Secrets
I document the process of getting encrypted secrets created and keeping up to date on my website. Tired of IT! Secrets Management.
License
Do you what you'd like and I hope that this inspires you for your own configurations as many others have myself.