william/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
All my nix stuff, in a single flake
1103 commits 8 branches 0 tags 5 MiB
Find a file
William 1dc55be5e1 flake.lock: Update 
Flake lock file updates:

• Updated input 'nix-ai-tools':
    'github:numtide/nix-ai-tools/58d5d222d6802a75c1ed637d049ea438d199051a?narHash=sha256-pQ2XzsB/n8E5FWYnICZu/BzkKy8a50EzmUGTCo5SeHg%3D' (2025-11-13)
  → 'github:numtide/nix-ai-tools/a2dfa932ed37e5b6224b39b4982c85cd8ebcca14?narHash=sha256-n6bChFrCf2/uHzTsZdABUt1%2BUa3n0jinNfamHd5DmBA%3D' (2025-11-17)
• Updated input 'nix-ai-tools/blueprint':
    'github:numtide/blueprint/633af1961cae8e02bc6195e6e599a6b09bf75217?narHash=sha256-wTQzbbQ6XHtvNJVuhJj%2BytZDRyNtwUKbrIfIvMvKNfQ%3D' (2025-10-28)
  → 'github:numtide/blueprint/5a9bba070f801d63e2af3c9ef00b86b212429f4f?narHash=sha256-O9Y%2BWer8wOh%2BN%2B4kcCK5p/VLrXyX%2Bktk0/s3HdZvJzk%3D' (2025-11-16)
• Updated input 'nix-ai-tools/nixpkgs':
    'github:NixOS/nixpkgs/9da7f1cf7f8a6e2a7cb3001b048546c92a8258b4?narHash=sha256-SlybxLZ1/e4T2lb1czEtWVzDCVSTvk9WLwGhmxFmBxI%3D' (2025-11-11)
  → 'github:NixOS/nixpkgs/85a6c4a07faa12aaccd81b36ba9bfc2bec974fa1?narHash=sha256-3YJkOBrFpmcusnh7i8GXXEyh7qZG/8F5z5%2B717550Hk%3D' (2025-11-16)
2025-11-18 19:09:57 -03:00
hosts add power profiles daemon to io 2025-11-13 19:16:39 -03:00
modules added error handling to ephemeral.nix 2025-10-15 20:07:51 -03:00
packages wrap fastfetch with config; run fastfetch on ssh login 2025-11-03 10:55:14 -03:00
secrets forgejo: disable singup; document root password 2025-11-09 10:34:57 -03:00
shared only forgejo is public for now 2025-11-09 12:36:43 -03:00
terranix new ssh key for himalia 2025-11-10 11:04:55 -03:00
users new noctalia ipc command 2025-11-10 11:46:54 -03:00
.envrc simplify .envrc 2024-09-25 08:43:28 -03:00
.gitignore dns records only for actual services 2025-11-09 13:37:04 -03:00
deploy.nix local build on io deploy 2025-10-20 11:41:15 -03:00
devShells.nix beginnings of split dns 2025-11-08 20:47:21 -03:00
flake.lock flake.lock: Update 2025-11-18 19:09:57 -03:00
flake.nix vicinae as a launcher 2025-11-10 07:52:47 -03:00
homeConfigurations.nix finalising niri config on io 2025-10-20 14:10:18 -03:00
nixosConfigurations.nix Split DNS servers: alexandria for LAN, trantor for tailnet 2025-11-08 21:35:53 -03:00
nixosModules.nix ephemeral is now a nixosModule 2025-10-15 19:59:31 -03:00
overlays.nix wrap fastfetch with config; run fastfetch on ssh login 2025-11-03 10:55:14 -03:00
packages.nix wrap fastfetch with config; run fastfetch on ssh login 2025-11-03 10:55:14 -03:00
readme.md Update readme.md 2025-11-09 16:28:17 -03:00
terranixConfigurations.nix Add Tailscale tailnet DNS configuration via Terranix 2025-11-09 10:29:45 -03:00
utils.nix Switch ACME to DNS-01 challenge with auto-configured certificates 2025-11-08 22:53:18 -03:00

readme.md

Nix Configuration

My personal Nix configuration for multiple NixOS hosts, home-manager users, miscellaneous resources... too many things to list. If I could put my life in a flake I would.

Hosts

Desktop Systems

  • rotterdam - Main desktop workstation (x86_64)

    • Features: Desktop, AI tools, Bluetooth, Dev environment, Gaming, Virtualization (libvirtd), Podman
    • Storage: Ephemeral root with LUKS encryption

  • io - Laptop workstation (x86_64)

    • Features: Desktop, AI tools, Bluetooth, Dev environment, Podman
    • Storage: Ephemeral root with LUKS encryption

Servers

  • alexandria - Home server (x86_64)

    • Hosts: Nextcloud, Vaultwarden, Jellyfin, Kanidm

  • trantor - Cloud server (aarch64)

    • Hosts: Forgejo
    • Cloud provider: Oracle Cloud Infrastructure
    • Storage: Ephemeral root with btrfs

Home Manager Configurations

  • user@rotterdam - Full desktop setup with gaming, OBS, and complete development environment
  • user@io - Lightweight desktop setup

Both configurations include:

  • btop, direnv, helix, starship, tmux
  • Stylix theme management
  • Fish shell with custom configurations

Terranix Configurations

Infrastructure as code using Terranix (NixOS + Terraform/OpenTofu):

  • oci-trantor - Oracle Cloud Infrastructure provisioning for Trantor server
  • cloudflare-baduhaidev - DNS and CDN configuration for baduhai.dev domain
  • tailscale-tailnet - Tailscale network ACL and device management

Services

All services are accessible via custom domains under baduhai.dev:

  • Kanidm (auth.baduhai.dev) - Identity and access management
  • Vaultwarden (pass.baduhai.dev) - Password manager
  • Forgejo (git.baduhai.dev) - Git forge (publicly accessible)
  • Nextcloud (cloud.baduhai.dev) - File sync and collaboration
  • Jellyfin (jellyfin.baduhai.dev) - Media server

Services are accessible via:

  • LAN for alexandria-hosted services
  • Tailscale VPN for all services
  • Public internet for Forgejo only

Notable Features

Ephemeral Root

Rotterdam, io, and trantor use an ephemeral root filesystem that resets on every boot:

  • Root filesystem is automatically rolled back using btrfs snapshots
  • Old snapshots retained for 30 days
  • Persistent data stored in dedicated subvolumes
  • Implements truly stateless systems

Custom DNS Architecture

  • Unbound DNS servers on both alexandria and trantor
  • Service routing based on visibility flags (public/LAN/Tailscale)
  • Split-horizon DNS for optimal access paths

Security

  • LUKS full-disk encryption on desktop systems
  • Fail2ban on public-facing servers
  • agenix for secrets management
  • Tailscale for secure remote access

Desktop Environment

  • Custom Niri window manager (Wayland compositor)
  • Using forked version with auto-centering feature
  • Stylix for consistent theming

Development Setup

  • Nix flakes for reproducible builds
  • deploy-rs for automated deployments
  • Podman for containerization
  • Complete AI tooling integration