All my nix stuff, in a single flake
William
7a0353280e
Flake lock file updates:
• Updated input 'agenix':
'github:ryantm/agenix/9ba0d85de3eaa7afeab493fed622008b6e4924f5?narHash=sha256-lsNWuj4Z%2BpE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94%3D' (2025-10-28)
→ 'github:ryantm/agenix/fcdea223397448d35d9b31f798479227e80183f6?narHash=sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L%2BVSybPfiIgzU8lbQ%3D' (2025-11-08)
• Updated input 'deploy-rs':
'github:serokell/deploy-rs/125ae9e3ecf62fb2c0fd4f2d894eb971f1ecaed2?narHash=sha256-N9gBKUmjwRKPxAafXEk1EGadfk2qDZPBQp4vXWPHINQ%3D' (2025-09-01)
→ 'github:serokell/deploy-rs/9c870f63e28ec1e83305f7f6cb73c941e699f74f?narHash=sha256-9I2H9x5We6Pl%2BDBYHjR1s3UT8wgwcpAH03kn9CqtdQc%3D' (2025-11-04)
• Updated input 'disko':
'github:nix-community/disko/6f4cf5abbe318e4cd1e879506f6eeafd83f7b998?narHash=sha256-XOpKBp6HLzzMCbzW50TEuXN35zN5WGQREC7n34DcNMM%3D' (2025-10-31)
→ 'github:nix-community/disko/be1a6b8a05afdd5d5fa69fcaf3c4ead7014c9fd8?narHash=sha256-MjrytR2kiHYUnzX11cXaD31tS7kKdhM1KFaac0%2BKAig%3D' (2025-12-14)
• Updated input 'disko/nixpkgs':
'github:NixOS/nixpkgs/dab3a6e781554f965bde3def0aa2fda4eb8f1708?narHash=sha256-lFNVsu/mHLq3q11MuGkMhUUoSXEdQjCHvpReaGP1S2k%3D' (2025-07-15)
→ 'github:NixOS/nixpkgs/a8d610af3f1a5fb71e23e08434d8d61a466fc942?narHash=sha256-v5afmLjn/uyD9EQuPBn7nZuaZVV9r%2BJerayK/4wvdWA%3D' (2025-11-20)
• Updated input 'flake-parts':
'github:hercules-ci/flake-parts/0010412d62a25d959151790968765a70c436598b?narHash=sha256-z5PlZ47j50VNF3R%2BIMS9LmzI5fYRGY/Z5O5tol1c9I4%3D' (2025-11-01)
→ 'github:hercules-ci/flake-parts/5635c32d666a59ec9a55cab87e898889869f7b71?narHash=sha256-MhA7wmo/7uogLxiewwRRmIax70g6q1U/YemqTGoFHlM%3D' (2025-12-11)
• Updated input 'home-manager':
'github:nix-community/home-manager/8c824254b1ed9e797f6235fc3c62f365893c561a?narHash=sha256-I%2B8yE5HVR2SFcHnW0771psQ/zn0qVzsKHY/gUM0nEVM%3D' (2025-11-03)
→ 'github:nix-community/home-manager/58bf3ecb2d0bba7bdf363fc8a6c4d49b4d509d03?narHash=sha256-yeCxFV/905Wr91yKt5zrVvK6O2CVXWRMSrxqlAZnLp0%3D' (2025-12-14)
• Updated input 'niri-flake':
'github:sodiboo/niri-flake/df17789929ac80f4157b15724450db6a303a6dc9?narHash=sha256-U3SDbk7tIwLChpvb3FL66o8V0byaQ2RGMiy/3oLdxTI%3D' (2025-11-03)
→ 'github:sodiboo/niri-flake/ded1462ebc03ed723f0f9f5514e72469da687817?narHash=sha256-P9kQIIPSCqmKyHD/9wFZ4ezlqofnAzYBmolSF1f5xog%3D' (2025-12-14)
• Updated input 'niri-flake/niri-unstable':
'github:YaLTeR/niri/a2ca2b3c866bc781b12c334a9f949b3db6d7c943?narHash=sha256-anRlNG6t7esBbF1%2BALDeathVBSclA0PEL52Vo0WnN5g%3D' (2025-11-03)
→ 'github:YaLTeR/niri/7c0898570ca5bd3f10fbf4cf2f8a00edc48d787b?narHash=sha256-Erk%2BypR8N%2BrCvjMdUB1N/v4jtm4QRH9k7r/9zh2HyC8%3D' (2025-12-14)
• Updated input 'niri-flake/nixpkgs':
'github:NixOS/nixpkgs/2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15?narHash=sha256-kJ8lIZsiPOmbkJypG%2BB5sReDXSD1KGu2VEPNqhRa/ew%3D' (2025-10-31)
→ 'github:NixOS/nixpkgs/2fbfb1d73d239d2402a8fe03963e37aab15abe8b?narHash=sha256-9VvC20PJPsleGMewwcWYKGzDIyjckEz8uWmT0vCDYK0%3D' (2025-12-11)
• Updated input 'niri-flake/nixpkgs-stable':
'github:NixOS/nixpkgs/3de8f8d73e35724bf9abef41f1bdbedda1e14a31?narHash=sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo%3D' (2025-11-01)
→ 'github:NixOS/nixpkgs/28bb483c11a1214a73f9fd2d9928a6e2ea86ec71?narHash=sha256-9Wx53UK0z8Di5iesJID0tS1dRKwGxI4i7tsSanOHhF0%3D' (2025-12-13)
• Updated input 'niri-flake/xwayland-satellite-unstable':
'github:Supreeeme/xwayland-satellite/0728d59ff6463a502e001fb090f6eb92dbc04756?narHash=sha256-fBrUszJXmB4MY%2Bwf3QsCnqWHcz7u7fLq0QMAWCltIQg%3D' (2025-10-28)
→ 'github:Supreeeme/xwayland-satellite/f0ad674b7009a6afd80cea59d4fbf975dd68ee95?narHash=sha256-HtTPbV6z6AJPg2d0bHaJKFrnNha%2BSEbHvbJafKAQ614%3D' (2025-12-10)
• Updated input 'nix-ai-tools':
'github:numtide/nix-ai-tools/a2dfa932ed37e5b6224b39b4982c85cd8ebcca14?narHash=sha256-n6bChFrCf2/uHzTsZdABUt1%2BUa3n0jinNfamHd5DmBA%3D' (2025-11-17)
→ 'github:numtide/nix-ai-tools/053759f30ef14cbd87c0a1a1d3e7c729ca0db83f?narHash=sha256-VPcX5z0A58pcbRb3I42fBig3zTPm9a71iwrfgkte2J4%3D' (2025-12-14)
• Updated input 'nix-ai-tools/nixpkgs':
'github:NixOS/nixpkgs/85a6c4a07faa12aaccd81b36ba9bfc2bec974fa1?narHash=sha256-3YJkOBrFpmcusnh7i8GXXEyh7qZG/8F5z5%2B717550Hk%3D' (2025-11-16)
→ 'github:NixOS/nixpkgs/23735a82a828372c4ef92c660864e82fbe2f5fbe?narHash=sha256-yqHBL2wYGwjGL2GUF2w3tofWl8qO9tZEuI4wSqbCrtE%3D' (2025-12-13)
• Updated input 'nix-index-database':
'github:nix-community/nix-index-database/359ff6333a7b0b60819d4c20ed05a3a1f726771f?narHash=sha256-Pu1v3mlFhRzZiSxVHb2/i/f5yeYyRNqr0RvEUJ4UgHo%3D' (2025-11-02)
→ 'github:nix-community/nix-index-database/82befcf7dc77c909b0f2a09f5da910ec95c5b78f?narHash=sha256-d3NBA9zEtBu2JFMnTBqWj7Tmi7R5OikoU2ycrdhQEws%3D' (2025-12-09)
• Updated input 'nixos-cli':
'github:nix-community/nixos-cli/5c259f72ae1eaa00b99354d81130d8fddb7f9a7a?narHash=sha256-IUm2nkbKlDkG94ruTmIYLERpBn6gXydm3scZIKzpcKs%3D' (2025-11-01)
→ 'github:nix-community/nixos-cli/a2019789319c1678be8dc68ecf34c83f948e7475?narHash=sha256-ToKVLDYAzKyStJgCA7W%2BRZObvwABK9fQ8i1wLUUOdLM%3D' (2025-12-11)
• Added input 'nixos-cli/flake-parts':
'github:hercules-ci/flake-parts/2cccadc7357c0ba201788ae99c4dfa90728ef5e0?narHash=sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q%3D' (2025-11-21)
• Added input 'nixos-cli/flake-parts/nixpkgs-lib':
'github:nix-community/nixpkgs.lib/719359f4562934ae99f5443f20aa06c2ffff91fc?narHash=sha256-b0yj6kfvO8ApcSE%2BQmA6mUfu8IYG6/uU28OFn4PaC8M%3D' (2025-10-29)
• Updated input 'nixos-cli/nixpkgs':
'github:NixOS/nixpkgs/a7fc11be66bdfb5cdde611ee5ce381c183da8386?narHash=sha256-QoJjGd4NstnyOG4mm4KXF%2BweBzA2AH/7gn1Pmpfcb0A%3D' (2025-10-31)
→ 'github:NixOS/nixpkgs/23258e03aaa49b3a68597e3e50eb0cbce7e42e9d?narHash=sha256-nA5ywiGKl76atrbdZ5Aucd8SjF/v8ew9b9QsC%2BMKL14%3D' (2025-11-30)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15?narHash=sha256-kJ8lIZsiPOmbkJypG%2BB5sReDXSD1KGu2VEPNqhRa/ew%3D' (2025-10-31)
→ 'github:nixos/nixpkgs/2fbfb1d73d239d2402a8fe03963e37aab15abe8b?narHash=sha256-9VvC20PJPsleGMewwcWYKGzDIyjckEz8uWmT0vCDYK0%3D' (2025-12-11)
• Updated input 'nixpkgs-stable':
'github:nixos/nixpkgs/3de8f8d73e35724bf9abef41f1bdbedda1e14a31?narHash=sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo%3D' (2025-11-01)
→ 'github:nixos/nixpkgs/28bb483c11a1214a73f9fd2d9928a6e2ea86ec71?narHash=sha256-9Wx53UK0z8Di5iesJID0tS1dRKwGxI4i7tsSanOHhF0%3D' (2025-12-13)
• Updated input 'noctalia':
'github:noctalia-dev/noctalia-shell/5ca5aa602f58a8e0e73fedbef351f1cdf8cbe981?narHash=sha256-gHfzrTDSnNC5yRJwkZfP55fPHUc8DuB4OQEIBSQSs18%3D' (2025-11-03)
→ 'github:noctalia-dev/noctalia-shell/04852ccdc10ab7e289a4bd6f5987972196744e9d?narHash=sha256-4CUoczVKiEEGCVl4qw3jo9YRCpX6d53hw0KMptdaFCQ%3D' (2025-12-14)
• Removed input 'noctalia/quickshell'
• Removed input 'noctalia/quickshell/nixpkgs'
• Removed input 'noctalia/systems'
• Updated input 'stylix':
'github:danth/stylix/8c0640d5722a02178c8ee80a62c5f019cab4b3c1?narHash=sha256-wGiL2K3kAyBBmIZpJEskaSIgyzzpg0zwfvri%2BSy6/CI%3D' (2025-11-02)
→ 'github:danth/stylix/dd14de4432a94e93e10d0159f1d411487e435e1e?narHash=sha256-sDG%2Bc73xEnIw1pFNRWffKDnTWiTuyZiEP%2BIub0D3mWA%3D' (2025-12-11)
• Updated input 'stylix/base16-helix':
'github:tinted-theming/base16-helix/27cf1e66e50abc622fb76a3019012dc07c678fac?narHash=sha256-0CQM%2BFkYy0fOO/sMGhOoNL80ftsAzYCg9VhIrodqusM%3D' (2025-07-20)
→ 'github:tinted-theming/base16-helix/d646af9b7d14bff08824538164af99d0c521b185?narHash=sha256-m82fGUYns4uHd%2BZTdoLX2vlHikzwzdu2s2rYM2bNwzw%3D' (2025-10-17)
• Updated input 'stylix/firefox-gnome-theme':
'github:rafaelmardojai/firefox-gnome-theme/0909cfe4a2af8d358ad13b20246a350e14c2473d?narHash=sha256-lizRM2pj6PHrR25yimjyFn04OS4wcdbc38DCdBVa2rk%3D' (2025-09-17)
→ 'github:rafaelmardojai/firefox-gnome-theme/66b7c635763d8e6eb86bd766de5a1e1fbfcc1047?narHash=sha256-OkFLrD3pFR952TrjQi1%2BVdj604KLcMnkpa7lkW7XskI%3D' (2025-12-03)
• Updated input 'stylix/flake-parts':
'github:hercules-ci/flake-parts/4524271976b625a4a605beefd893f270620fd751?narHash=sha256-%2BuWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw%3D' (2025-09-01)
→ 'github:hercules-ci/flake-parts/2cccadc7357c0ba201788ae99c4dfa90728ef5e0?narHash=sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q%3D' (2025-11-21)
• Updated input 'stylix/gnome-shell':
'github:GNOME/gnome-shell/8c88f917db0f1f0d80fa55206c863d3746fa18d0?narHash=sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0%3D' (2025-05-25)
→ 'gitlab:GNOME/gnome-shell/c0e1ad9f0f703fd0519033b8f46c3267aab51a22?host=gitlab.gnome.org&narHash=sha256-bTmNn3Q4tMQ0J/P0O5BfTQwqEnCiQIzOGef9/aqAZvk%3D' (2025-11-30)
• Updated input 'stylix/nixpkgs':
'github:NixOS/nixpkgs/e643668fd71b949c53f8626614b21ff71a07379d?narHash=sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o%3D' (2025-09-24)
→ 'github:NixOS/nixpkgs/2d293cbfa5a793b4c50d17c05ef9e385b90edf6c?narHash=sha256-pp3uT4hHijIC8JUK5MEqeAWmParJrgBVzHLNfJDZxg4%3D' (2025-11-30)
• Updated input 'stylix/nur':
'github:nix-community/NUR/ba8d9c98f5f4630bcb0e815ab456afd90c930728?narHash=sha256-VLx0z396gDCGSiowLMFz5XRO/XuNV%2B4EnDYjdJhHvUk%3D' (2025-09-27)
→ 'github:nix-community/NUR/1d9616689e98beded059ad0384b9951e967a17fa?narHash=sha256-mCBl7MD1WZ7yCG6bR9MmpPO2VydpNkWFgnslJRIT1YU%3D' (2025-12-03)
• Updated input 'stylix/tinted-schemes':
'github:tinted-theming/schemes/317a5e10c35825a6c905d912e480dfe8e71c7559?narHash=sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St%2BUrqkM%3D' (2025-09-12)
→ 'github:tinted-theming/schemes/0f6be815d258e435c9b137befe5ef4ff24bea32c?narHash=sha256-Hju0WtMf3iForxtOwXqGp3Ynipo0EYx1AqMKLPp9BJw%3D' (2025-11-23)
• Updated input 'stylix/tinted-tmux':
'github:tinted-theming/tinted-tmux/d217ba31c846006e9e0ae70775b0ee0f00aa6b1e?narHash=sha256-n5ZJgmzGZXOD9pZdAl1OnBu3PIqD%2BX3vEBUGbTi4JiI%3D' (2025-09-14)
→ 'github:tinted-theming/tinted-tmux/edf89a780e239263cc691a987721f786ddc4f6aa?narHash=sha256-lbSVPqLEk2SqMrnpvWuKYGCaAlfWFMA6MVmcOFJjdjE%3D' (2025-11-30)
• Updated input 'stylix/tinted-zed':
'github:tinted-theming/base16-zed/824fe0aacf82b3c26690d14e8d2cedd56e18404e?narHash=sha256-4EFOUyLj85NRL3OacHoLGEo0wjiRJzfsXtR4CZWAn6w%3D' (2025-09-14)
→ 'github:tinted-theming/base16-zed/907dbba5fb8cf69ebfd90b00813418a412d0a29a?narHash=sha256-rCD/pAhkMdCx6blsFwxIyvBJbPZZ1oL2sVFrH07lmqg%3D' (2025-11-30)
• Updated input 'terranix':
'github:terranix/terranix/a79a47b4617dfb92184e2e5b8f5aa6fc06c659c8?narHash=sha256-J1L1yP29NVBJO04LA/JGM6kwhnjeNhEsX0tLFnuN3FI%3D' (2025-11-03)
→ 'github:terranix/terranix/3b5947a48da5694094b301a3b1ef7b22ec8b19fc?narHash=sha256-iVS4sxVgGn%2BT74rGJjEJbzx%2BkjsuaP3wdQVXBNJ79A0%3D' (2025-11-06)
• Updated input 'vicinae':
'github:vicinaehq/vicinae/54722e36137d8273ef0a5db37776fb8302c79238?narHash=sha256-8BoGGsWfkS/2ODBSCYd5HJNFGuLY8fFl27rXmWClXQw%3D' (2025-11-09)
→ 'github:vicinaehq/vicinae/32cf6b1f82e007cddba9c9ae037eff670219cd55?narHash=sha256-etv2HJA9OWvTkjnrjaNSqvebu9gWLIGPYb9PWr4qkfM%3D' (2025-12-09)
• Removed input 'vicinae/flake-utils'
• Removed input 'vicinae/flake-utils/systems'
• Added input 'vicinae/systems':
'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e?narHash=sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768%3D' (2023-04-09)
• Updated input 'zen-browser':
'github:0xc000022070/zen-browser-flake/10e69cb268b1d3dc91135e72f5462b2acfbcc3aa?narHash=sha256-sIPhzkDrfe6ptthZiwoxQyO6rKd9PgJnl%2BLOyythQkI%3D' (2025-11-03)
→ 'github:0xc000022070/zen-browser-flake/463d3f091ad2b0ba2a4982f4181d22e452b2659d?narHash=sha256-rAWVEEbfWZKTaiqBA/ogkeHvbzlkDHZjZPHbjWUnpw8%3D' (2025-12-14)
• Updated input 'zen-browser/home-manager':
'github:nix-community/home-manager/e8c19a3cec2814c754f031ab3ae7316b64da085b?narHash=sha256-S%2BwmHhwNQ5Ru689L2Gu8n1OD6s9eU9n9mD827JNR%2Bkw%3D' (2025-07-15)
→ 'github:nix-community/home-manager/827f2a23373a774a8805f84ca5344654c31f354b?narHash=sha256-RYHN8O/Aja59XDji6WSJZPkJpYVUfpSkyH%2BPEupBJqM%3D' (2025-11-12)
• Updated input 'zen-browser/nixpkgs':
'github:nixos/nixpkgs/20075955deac2583bb12f07151c2df830ef346b4?narHash=sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs%2BStOp19xNsbqdOg%3D' (2025-08-19)
→ 'github:nixos/nixpkgs/c5ae371f1a6a7fd27823bc500d9390b38c05fa55?narHash=sha256-4PqRErxfe%2B2toFJFgcRKZ0UI9NSIOJa%2B7RXVtBhy4KE%3D' (2025-11-12)
|
||
|---|---|---|
| hosts | ||
| modules | ||
| packages | ||
| secrets | ||
| shared | ||
| terranix | ||
| users | ||
| .envrc | ||
| .gitignore | ||
| deploy.nix | ||
| devShells.nix | ||
| flake.lock | ||
| flake.nix | ||
| homeConfigurations.nix | ||
| nixosConfigurations.nix | ||
| nixosModules.nix | ||
| overlays.nix | ||
| packages.nix | ||
| readme.md | ||
| terranixConfigurations.nix | ||
| utils.nix | ||
Nix Configuration
My personal Nix configuration for multiple NixOS hosts, home-manager users, miscellaneous resources... too many things to list. If I could put my life in a flake I would.
Hosts
Desktop Systems
-
rotterdam - Main desktop workstation (x86_64)
- Features: Desktop, AI tools, Bluetooth, Dev environment, Gaming, Virtualization (libvirtd), Podman
- Storage: Ephemeral root with LUKS encryption
-
io - Laptop workstation (x86_64)
- Features: Desktop, AI tools, Bluetooth, Dev environment, Podman
- Storage: Ephemeral root with LUKS encryption
Servers
-
alexandria - Home server (x86_64)
- Hosts: Nextcloud, Vaultwarden, Jellyfin, Kanidm
-
trantor - Cloud server (aarch64)
- Hosts: Forgejo
- Cloud provider: Oracle Cloud Infrastructure
- Storage: Ephemeral root with btrfs
Home Manager Configurations
- user@rotterdam - Full desktop setup with gaming, OBS, and complete development environment
- user@io - Lightweight desktop setup
Both configurations include:
- btop, direnv, helix, starship, tmux
- Stylix theme management
- Fish shell with custom configurations
Terranix Configurations
Infrastructure as code using Terranix (NixOS + Terraform/OpenTofu):
- oci-trantor - Oracle Cloud Infrastructure provisioning for Trantor server
- cloudflare-baduhaidev - DNS and CDN configuration for baduhai.dev domain
- tailscale-tailnet - Tailscale network ACL and device management
Services
All services are accessible via custom domains under baduhai.dev:
- Kanidm (auth.baduhai.dev) - Identity and access management
- Vaultwarden (pass.baduhai.dev) - Password manager
- Forgejo (git.baduhai.dev) - Git forge (publicly accessible)
- Nextcloud (cloud.baduhai.dev) - File sync and collaboration
- Jellyfin (jellyfin.baduhai.dev) - Media server
Services are accessible via:
- LAN for alexandria-hosted services
- Tailscale VPN for all services
- Public internet for Forgejo only
Notable Features
Ephemeral Root
Rotterdam, io, and trantor use an ephemeral root filesystem that resets on every boot:
- Root filesystem is automatically rolled back using btrfs snapshots
- Old snapshots retained for 30 days
- Persistent data stored in dedicated subvolumes
- Implements truly stateless systems
Custom DNS Architecture
- Unbound DNS servers on both alexandria and trantor
- Service routing based on visibility flags (public/LAN/Tailscale)
- Split-horizon DNS for optimal access paths
Security
- LUKS full-disk encryption on desktop systems
- Fail2ban on public-facing servers
- agenix for secrets management
- Tailscale for secure remote access
Desktop Environment
- Custom Niri window manager (Wayland compositor)
- Using forked version with auto-centering feature
- Stylix for consistent theming
Development Setup
- Nix flakes for reproducible builds
- deploy-rs for automated deployments
- Podman for containerization
- Complete AI tooling integration