All my nix stuff, in a single flake

Find a file

William 7309074f25 flake.lock: Update Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/fcdea223397448d35d9b31f798479227e80183f6?narHash=sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L%2BVSybPfiIgzU8lbQ%3D' (2025-11-08) → 'github:ryantm/agenix/b027ee29d959fda4b60b57566d64c98a202e0feb?narHash=sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I%3D' (2026-02-04) • Updated input 'disko': 'github:nix-community/disko/00395d188e3594a1507f214a2f15d4ce5c07cb28?narHash=sha256-GVJ0jKsyXLuBzRMXCDY6D5J8wVdwP1DuQmmvYL/Vw/Q%3D' (2026-01-20) → 'github:nix-community/disko/71a3fc97d80881e91710fe721f1158d3b96ae14d?narHash=sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE%3D' (2026-01-27) • Updated input 'disko/nixpkgs': 'github:NixOS/nixpkgs/3327b113f2ef698d380df83fbccefad7e83d7769?narHash=sha256-MJwOjrIISfOpdI9x4C%2B5WFQXvHtOuj5mqLZ4TMEtk1M%3D' (2026-01-17) → 'github:NixOS/nixpkgs/48698d12cc10555a4f3e3222d9c669b884a49dfe?narHash=sha256-yxgb4AmkVHY5OOBrC79Vv6EVd4QZEotqv%2B6jcvA212M%3D' (2026-01-25) • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/80daad04eddbbf5a4d883996a73f3f542fa437ac?narHash=sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY%3D' (2026-01-11) → 'github:hercules-ci/flake-parts/57928607ea566b5db3ad13af0e57e921e6b12381?narHash=sha256-AnYjnFWgS49RlqX7LrC4uA%2BsCCDBj0Ry/WOJ5XWAsa0%3D' (2026-02-02) • Updated input 'flake-parts/nixpkgs-lib': 'github:nix-community/nixpkgs.lib/2075416fcb47225d9b68ac469a5c4801a9c4dd85?narHash=sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo%3D' (2025-12-14) → 'github:nix-community/nixpkgs.lib/72716169fe93074c333e8d0173151350670b824c?narHash=sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ%2BQDT/KDuyHXVJOpM%3D' (2026-02-01) • Updated input 'home-manager': 'github:nix-community/home-manager/63a87808f5f9b6e4195a1d33f6ea25d23f4aa0df?narHash=sha256-zyMpWHqcpKVmRc1W2NEK7DAuyVJZV62Jdjqudg70b1k%3D' (2026-01-20) → 'github:nix-community/home-manager/6a1f7101d2c3ee87d485a87880d73b4665c6a4bd?narHash=sha256-ZwU5wXKNqpOQvjNz6aBp1j5peiBZow1%2B%2B6pLnk5VAhs%3D' (2026-02-12) • Updated input 'impermanence': 'github:nix-community/impermanence/0d633a69480bb3a3e2f18c080d34a8fa81da6395?narHash=sha256-6nY0ixjGjPQCL%2B/sUC1B1MRiO1LOI3AkRSIywm3i3bE%3D' (2026-01-19) → 'github:nix-community/impermanence/7b1d382faf603b6d264f58627330f9faa5cba149?narHash=sha256-03%2BJxvzmfwRu%2B5JafM0DLbxgHttOQZkUtDWBmeUkN8Y%3D' (2026-01-27) • Updated input 'niri-flake': 'github:sodiboo/niri-flake/6581f5458309233622c1b73c8902dcaea7be16eb?narHash=sha256-ct4qxmFJeJbaJKiOnXOZmRmVmk7TpT%2BlohuTgTr%2BkYQ%3D' (2026-01-20) → 'github:sodiboo/niri-flake/7634add8bf2dd225d04f535de4bd0ee60982f367?narHash=sha256-QgJZ%2BW6YE6nAzO/m7ezamAzr9DTflIEXRozMivL0%2Bhc%3D' (2026-02-11) • Updated input 'niri-flake/niri-unstable': 'github:YaLTeR/niri/d7184a04b904e07113f4623610775ae78d32394c?narHash=sha256-Ub8eed4DsfIDWyg30xEe%2B8bSxL/z5Af/gCjmvJ0V/Hs%3D' (2026-01-17) → 'github:YaLTeR/niri/41b5de87692b8262fbdbff7faab93f04ff0be453?narHash=sha256-8GzUa8bCyQ688jYW2waXrOqetTr7oV8UPTO2He%2B5Hsg%3D' (2026-02-10) • Updated input 'niri-flake/nixpkgs': 'github:NixOS/nixpkgs/e4bae1bd10c9c57b2cf517953ab70060a828ee6f?narHash=sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc%3D' (2026-01-16) → 'github:NixOS/nixpkgs/d6c71932130818840fc8fe9509cf50be8c64634f?narHash=sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84%3D' (2026-02-08) • Updated input 'niri-flake/nixpkgs-stable': 'github:NixOS/nixpkgs/77ef7a29d276c6d8303aece3444d61118ef71ac2?narHash=sha256-XsM7GP3jHlephymxhDE%2B/TKKO1Q16phz/vQiLBGhpF4%3D' (2026-01-18) → 'github:NixOS/nixpkgs/6c5e707c6b5339359a9a9e215c5e66d6d802fd7a?narHash=sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs%3D' (2026-02-11) • Updated input 'niri-flake/xwayland-satellite-unstable': 'github:Supreeeme/xwayland-satellite/ed1cef792b4def3321ff9ab5479df09609f17a69?narHash=sha256-C1JbyJ3ftogmN3vmLNfyPtnJw2wY64TiUTIhFtk1Leg%3D' (2026-01-18) → 'github:Supreeeme/xwayland-satellite/86f5bd5d867ad6e120935dfe825f6b903ebbeddd?narHash=sha256-Q75S8cEqJoZ92s1y4zArvk2U1ayAy2E4SaF7gbNXkYQ%3D' (2026-02-08) • Updated input 'nix-ai-tools': 'github:numtide/llm-agents.nix/78f3fdc13ef903475aa5bfc0f85eeefaa36af837?narHash=sha256-gFoGvnW2YDWsxKD56kdiXbhh9vBPAU3yusssbXF0UMo%3D' (2026-01-20) → 'github:numtide/llm-agents.nix/266d4d8a55eef6dd23cd0adced301053d8fc23c9?narHash=sha256-HQXK2CXAhBuTBw99Ip018Vp9MMAPfJVywgRrkwMUgMc%3D' (2026-02-12) • Updated input 'nix-ai-tools/blueprint': 'github:numtide/blueprint/0ed984d51a3031065925ab08812a5434f40b93d4?narHash=sha256-BJDu7dIMauO2nYRSL4aI8wDNtEm2KOb7lDKP3hxdrpo%3D' (2026-01-02) → 'github:numtide/blueprint/c7da5c70ad1c9b60b6f5d4f674fbe205d48d8f6c?narHash=sha256-zI%2B7cbMI4wMIR57jMjDSEsVb3grapTnURDxxJPYFIW0%3D' (2026-01-25) • Updated input 'nix-ai-tools/nixpkgs': 'github:NixOS/nixpkgs/bde09022887110deb780067364a0818e89258968?narHash=sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo%2Bw8KsY4%3D' (2026-01-19) → 'github:NixOS/nixpkgs/2343bbb58f99267223bc2aac4fc9ea301a155a16?narHash=sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8%3D' (2026-02-11) • Updated input 'nix-ai-tools/treefmt-nix': 'github:numtide/treefmt-nix/e96d59dff5c0d7fddb9d113ba108f03c3ef99eca?narHash=sha256-67vyT1%2BxClLldnumAzCTBvU0jLZ1YBcf4vANRWP3%2BAk%3D' (2026-01-11) → 'github:numtide/treefmt-nix/337a4fe074be1042a35086f15481d763b8ddc0e7?narHash=sha256-wQ6NJSuFqAEmIg2VMnLdCnUc0b7vslUohqqGGD%2BFyxk%3D' (2026-02-04) • Updated input 'nix-index-database': 'github:nix-community/nix-index-database/82befcf7dc77c909b0f2a09f5da910ec95c5b78f?narHash=sha256-d3NBA9zEtBu2JFMnTBqWj7Tmi7R5OikoU2ycrdhQEws%3D' (2025-12-09) → 'github:nix-community/nix-index-database/2684bb8080a6f2ca5f9d494de5ef875bc1c4ecdb?narHash=sha256-hy0gcAgAcxrnSWKGuNO%2BOb0x6jQ2xkR6hoaR0qJBHYs%3D' (2026-02-05) • Updated input 'nixos-cli': 'github:nix-community/nixos-cli/5e79001c7a8b556c3c61d4ef38f0f0fa1187ee90?narHash=sha256-6w1Mhg6%2B46LlaheCa1O/jIk02ukerZ7DdUf9GlQVGxc%3D' (2026-01-18) → 'github:nix-community/nixos-cli/9a2e97e8832b211df22c5cb21a55ebf1c3eb2be1?narHash=sha256-TFRhwVzPg3ly388J3CYYvjrma/dWjsBVpNE437bWeHk%3D' (2026-02-12) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/e4bae1bd10c9c57b2cf517953ab70060a828ee6f?narHash=sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc%3D' (2026-01-16) → 'github:nixos/nixpkgs/d6c71932130818840fc8fe9509cf50be8c64634f?narHash=sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84%3D' (2026-02-08) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/77ef7a29d276c6d8303aece3444d61118ef71ac2?narHash=sha256-XsM7GP3jHlephymxhDE%2B/TKKO1Q16phz/vQiLBGhpF4%3D' (2026-01-18) → 'github:nixos/nixpkgs/6c5e707c6b5339359a9a9e215c5e66d6d802fd7a?narHash=sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs%3D' (2026-02-11) • Updated input 'noctalia': 'github:noctalia-dev/noctalia-shell/1ef5c0eb307e8a4f30dfa6bcc75cf90ae8c6af46?narHash=sha256-T4H/VMjGwBuHEIrPYWfXQ73XV0foCuFGgH7k3SNSJDo%3D' (2026-01-20) → 'github:noctalia-dev/noctalia-shell/d87364964948b9d691f8363f85a5e23bee154df9?narHash=sha256-xg40mnp5KKBepACmvlPzmn5iPyUBxktfv50saSVUn0M%3D' (2026-02-12) • Updated input 'stylix': 'github:danth/stylix/06684f00cfbee14da96fd4307b966884de272d3a?narHash=sha256-3%2Bh7OxqfrPIB/tRsiZXWE9sCbTm7NQN5Ie428p%2BS6BA%3D' (2026-01-18) → 'github:danth/stylix/db03fed72e5ca02be34e1d24789345a943329738?narHash=sha256-QHFYyngohNhih4w%2B3IqQty5DV%2Bp1txsx1kkk6XJWar8%3D' (2026-02-12) • Updated input 'vicinae': 'github:vicinaehq/vicinae/934bc0ad47be6dbd6498a0dac655c4613fd0ab27?narHash=sha256-u5bWDuwk6oieTnvm1YjNotcYK8iJSddH5%2BS68%2BX4TSc%3D' (2026-01-19) → 'github:vicinaehq/vicinae/0c70267ab7e07d7972012fcf8ae58808a32a2e86?narHash=sha256-21lurBRyHgJbVD3E0/i7Fhxi4rBUxyznGfKpdGVtEdc%3D' (2026-02-12) • Updated input 'zen-browser': 'github:0xc000022070/zen-browser-flake/37149a5b77e8fd2b5332e8cec9edf39ca5b8e8bc?narHash=sha256-w10iy/aqd5LtD78NDWWG%2BeKGzkb%2BcGhAAo7PVciLbWE%3D' (2026-01-20) → 'github:0xc000022070/zen-browser-flake/0078cf2d5e81eb56a9356d51f2738f7141194de1?narHash=sha256-iJ9c0ZewfRRYUflaEOj43n5TWaB6Ezygn2UA/ZHGQJA%3D' (2026-02-12) • Updated input 'zen-browser/home-manager': 'github:nix-community/home-manager/b4d88c9ac42ae1a745283f6547701da43b6e9f9b?narHash=sha256-cJbFn17oyg6qAraLr%2BNVeNJrXsrzJdrudkzI4H2iTcg%3D' (2026-01-14) → 'github:nix-community/home-manager/f4ad5068ee8e89e4a7c2e963e10dd35cd77b37b7?narHash=sha256-07HMIGQ/WJeAQJooA7Kkg1SDKxhAiV6eodvOwTX6WKI%3D' (2026-01-31) • Updated input 'zen-browser/nixpkgs': 'github:nixos/nixpkgs/ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38?narHash=sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs%3D' (2026-01-11) → 'github:nixos/nixpkgs/bfc1b8a4574108ceef22f02bafcf6611380c100d?narHash=sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI%3D' (2026-01-26)		2026-02-12 17:16:01 -03:00
aspects	no more deploy-rs	2026-02-12 16:41:53 -03:00
data	add data/services.nix for shared service definitions	2026-02-06 22:46:49 -03:00
packages	packages/overlays: use builtins.readDir for dynamic package discovery	2026-02-07 08:08:59 -03:00
secrets	forgejo: disable singup; document root password	2025-11-09 10:34:57 -03:00
shells	no more deploy-rs	2026-02-12 16:41:53 -03:00
terranix	terranix: import flakeModule once in flake.nix	2026-02-07 08:18:49 -03:00
.envrc	simplify .envrc	2024-09-25 08:43:28 -03:00
.gitignore	dns records only for actual services	2025-11-09 13:37:04 -03:00
flake.lock	flake.lock: Update	2026-02-12 17:16:01 -03:00
flake.nix	no more deploy-rs	2026-02-12 16:41:53 -03:00
readme.md	Update readme.md	2025-11-09 16:28:17 -03:00

readme.md

Nix Configuration

My personal Nix configuration for multiple NixOS hosts, home-manager users, miscellaneous resources... too many things to list. If I could put my life in a flake I would.

Hosts

Desktop Systems

rotterdam - Main desktop workstation (x86_64)
- Features: Desktop, AI tools, Bluetooth, Dev environment, Gaming, Virtualization (libvirtd), Podman
- Storage: Ephemeral root with LUKS encryption
io - Laptop workstation (x86_64)
- Features: Desktop, AI tools, Bluetooth, Dev environment, Podman
- Storage: Ephemeral root with LUKS encryption

Servers

alexandria - Home server (x86_64)
- Hosts: Nextcloud, Vaultwarden, Jellyfin, Kanidm
trantor - Cloud server (aarch64)
- Hosts: Forgejo
- Cloud provider: Oracle Cloud Infrastructure
- Storage: Ephemeral root with btrfs

Home Manager Configurations

user@rotterdam - Full desktop setup with gaming, OBS, and complete development environment
user@io - Lightweight desktop setup

Both configurations include:

btop, direnv, helix, starship, tmux
Stylix theme management
Fish shell with custom configurations

Terranix Configurations

Infrastructure as code using Terranix (NixOS + Terraform/OpenTofu):

oci-trantor - Oracle Cloud Infrastructure provisioning for Trantor server
cloudflare-baduhaidev - DNS and CDN configuration for baduhai.dev domain
tailscale-tailnet - Tailscale network ACL and device management

Services

All services are accessible via custom domains under baduhai.dev:

Kanidm (auth.baduhai.dev) - Identity and access management
Vaultwarden (pass.baduhai.dev) - Password manager
Forgejo (git.baduhai.dev) - Git forge (publicly accessible)
Nextcloud (cloud.baduhai.dev) - File sync and collaboration
Jellyfin (jellyfin.baduhai.dev) - Media server

Services are accessible via:

LAN for alexandria-hosted services
Tailscale VPN for all services
Public internet for Forgejo only

Notable Features

Ephemeral Root

Rotterdam, io, and trantor use an ephemeral root filesystem that resets on every boot:

Root filesystem is automatically rolled back using btrfs snapshots
Old snapshots retained for 30 days
Persistent data stored in dedicated subvolumes
Implements truly stateless systems

Custom DNS Architecture

Unbound DNS servers on both alexandria and trantor
Service routing based on visibility flags (public/LAN/Tailscale)
Split-horizon DNS for optimal access paths

Security

LUKS full-disk encryption on desktop systems
Fail2ban on public-facing servers
agenix for secrets management
Tailscale for secure remote access

Desktop Environment

Custom Niri window manager (Wayland compositor)
Using forked version with auto-centering feature
Stylix for consistent theming

Development Setup

Nix flakes for reproducible builds
deploy-rs for automated deployments
Podman for containerization
Complete AI tooling integration