All my nix stuff, in a single flake

Find a file

William 808bccf0a2 Add Tailscale tailnet DNS configuration via Terranix Configure global DNS nameservers for the Tailscale tailnet, setting trantor as the primary DNS server with Cloudflare as fallback. This enables custom DNS resolution across the entire tailnet. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>		2025-11-09 10:29:45 -03:00
hosts	junction default browser; remove brave	2025-11-09 07:55:42 -03:00
modules	added error handling to ephemeral.nix	2025-10-15 20:07:51 -03:00
packages	wrap fastfetch with config; run fastfetch on ssh login	2025-11-03 10:55:14 -03:00
secrets	rekeyd secrets	2025-11-08 20:46:38 -03:00
shared	Add Kanidm identity provider to alexandria	2025-11-08 22:24:37 -03:00
terranix	Add Tailscale tailnet DNS configuration via Terranix	2025-11-09 10:29:45 -03:00
users	junction default browser; remove brave	2025-11-09 07:55:42 -03:00
.envrc	simplify .envrc	2024-09-25 08:43:28 -03:00
.gitignore	trator terranix config functional; move disko configs to individual outputs; touching up trantor	2025-11-03 08:07:43 -03:00
deploy.nix	local build on io deploy	2025-10-20 11:41:15 -03:00
devShells.nix	beginnings of split dns	2025-11-08 20:47:21 -03:00
flake.lock	added ai tag for desktop hosts	2025-11-06 19:57:04 -03:00
flake.nix	added ai tag for desktop hosts	2025-11-06 19:57:04 -03:00
homeConfigurations.nix	finalising niri config on io	2025-10-20 14:10:18 -03:00
nixosConfigurations.nix	Split DNS servers: alexandria for LAN, trantor for tailnet	2025-11-08 21:35:53 -03:00
nixosModules.nix	ephemeral is now a nixosModule	2025-10-15 19:59:31 -03:00
overlays.nix	wrap fastfetch with config; run fastfetch on ssh login	2025-11-03 10:55:14 -03:00
packages.nix	wrap fastfetch with config; run fastfetch on ssh login	2025-11-03 10:55:14 -03:00
readme.md	readme glowup	2025-10-21 22:01:34 -03:00
terranixConfigurations.nix	Add Tailscale tailnet DNS configuration via Terranix	2025-11-09 10:29:45 -03:00
utils.nix	Switch ACME to DNS-01 challenge with auto-configured certificates	2025-11-08 22:53:18 -03:00

readme.md

NixOS Configuration

A declarative, modular NixOS/Home Manager flake configuration managing multiple systems with a tag-based architecture for maximum code reuse and flexibility.

Hosts

Host	Type	System	Version	Description
rotterdam	Desktop	x86_64-linux	NixOS Unstable	Primary workstation with gaming, development
io	Laptop	x86_64-linux	NixOS Unstable	Mobile workstation
alexandria	Server/NAS	x86_64-linux	NixOS 25.05	Personal server running Nextcloud, Forgejo, Jellyfin, Vaultwarden
trantor	VPS	aarch64-linux	NixOS 25.05	Oracle Cloud instance

Key Features

Architecture

Tag-based module system - Compose configurations using tags instead of traditional inheritance
Flake-based - Fully reproducible builds with locked dependencies
Multi-platform - Supports both x86_64 and aarch64 architectures
Deployment automation - Remote deployment via deploy-rs

Desktop Experience

Niri compositor - Custom fork with auto-centering window columns
Unified theming - Stylix-based theming
Wayland-native - Full Wayland support
Ephemeral root - Impermanent filesystem using BTRFS for atomic rollback capability

Self-Hosted Services

Nextcloud - Cloud storage with calendar, contacts, and notes
Forgejo - Self-hosted Git server
Jellyfin - Media streaming
Vaultwarden - Password manager backend
LibreSpeed - Network speed testing
All services behind Nginx and Tailscale with automatic SSL via Let's Encrypt

Security

Agenix - Encrypted secrets management
Tailscale - Zero-config VPN mesh network
Firewall - Configured on all hosts
SSH key-based authentication

Repository Structure

.
├── flake.nix                    # Main flake definition
├── utils.nix                    # Tag-based module system utilities
├── nixosConfigurations.nix      # Host definitions with tags
├── homeConfigurations.nix       # User configurations
├── deploy.nix                   # Remote deployment configuration
├── hosts/
│   ├── alexandria/              # Server-specific config
│   ├── io/                      # Laptop-specific config
│   ├── rotterdam/               # Desktop-specific config
│   ├── trantor/                 # VPS-specific config
│   └── modules/
│       ├── common/              # Shared base configuration
│       ├── desktop/             # Desktop environment setup
│       ├── server/              # Server-specific modules
│       └── [tag].nix            # Optional feature modules
├── users/
│   └── modules/                 # Home Manager configurations
│       └── [tag].nix            # Optional feature modules
├── packages/                    # Custom package definitions
└── secrets/                     # Encrypted secrets (agenix)

Tag System

Configurations are composed using tags that map to modules:

Common Tags (all hosts):

common - Base system configuration (automatically applied)

General Tags:

desktop - Mostly full desktop environment with Niri WM
dev - Development tools and environments
gaming - Steam, Heroic, gamemode, controller support
ephemeral - Impermanent root filesystem
networkmanager - WiFi and network management
libvirtd - KVM/QEMU virtualization
podman - Container runtime
bluetooth - Bluetooth support
fwupd - Firmware update daemon

Server Tags:

server - Server-specific configuration

Usage

Rebuilding a Configuration

# Local rebuild
sudo nixos-rebuild switch --flake .#hostname

# Remote deployment
deploy .#hostname

Updating Dependencies

nix flake update

Adding a New Host

Create host directory in hosts/
Define configuration in nixosConfigurations.nix with appropriate tags
Add deployment profile in deploy.nix if needed

Dependencies

nixpkgs - Stable (25.05) and unstable channels
home-manager - User configuration
agenix - Secrets management
disko - Declarative disk partitioning
stylix - System-wide theming
niri-flake - Wayland compositor (custom fork)
impermanence - Ephemeral filesystem support
deploy-rs - Remote deployment
nix-flatpak - Declarative Flatpak management