william/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
All my nix stuff, in a single flake
1116 commits 10 branches 0 tags 5.2 MiB
Find a file
William b8f9e8a19c flake.lock: Update 
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/916506443ecd0d0b4a0f4cf9d40a3c22ce39b378?narHash=sha256-P0kM%2B5o%2BDKnB6raXgFEk3azw8Wqg5FL6wyl9jD%2BG5a4%3D' (2025-12-19)
  → 'github:nix-community/disko/00395d188e3594a1507f214a2f15d4ce5c07cb28?narHash=sha256-GVJ0jKsyXLuBzRMXCDY6D5J8wVdwP1DuQmmvYL/Vw/Q%3D' (2026-01-20)
• Updated input 'disko/nixpkgs':
    'github:NixOS/nixpkgs/a8d610af3f1a5fb71e23e08434d8d61a466fc942?narHash=sha256-v5afmLjn/uyD9EQuPBn7nZuaZVV9r%2BJerayK/4wvdWA%3D' (2025-11-20)
  → 'github:NixOS/nixpkgs/3327b113f2ef698d380df83fbccefad7e83d7769?narHash=sha256-MJwOjrIISfOpdI9x4C%2B5WFQXvHtOuj5mqLZ4TMEtk1M%3D' (2026-01-17)
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/250481aafeb741edfe23d29195671c19b36b6dca?narHash=sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY%3D' (2026-01-05)
  → 'github:hercules-ci/flake-parts/80daad04eddbbf5a4d883996a73f3f542fa437ac?narHash=sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY%3D' (2026-01-11)
• Updated input 'home-manager':
    'github:nix-community/home-manager/92394f9deafa80b9de95d7e0f10de78d39ff0564?narHash=sha256-clGZcCXX4VLLdzFDu2YRflI%2BoKWbv41x0w0G06h88L0%3D' (2026-01-08)
  → 'github:nix-community/home-manager/63a87808f5f9b6e4195a1d33f6ea25d23f4aa0df?narHash=sha256-zyMpWHqcpKVmRc1W2NEK7DAuyVJZV62Jdjqudg70b1k%3D' (2026-01-20)
• Updated input 'impermanence':
    'github:nix-community/impermanence/82e5bc4508cab9e8d5a136626276eb5bbce5e9c5?narHash=sha256-iyrn9AcPZCoyxX4OT8eMkBsjG7SRUQXXS/V1JzxS7rA%3D' (2026-01-07)
  → 'github:nix-community/impermanence/0d633a69480bb3a3e2f18c080d34a8fa81da6395?narHash=sha256-6nY0ixjGjPQCL%2B/sUC1B1MRiO1LOI3AkRSIywm3i3bE%3D' (2026-01-19)
• Updated input 'impermanence/home-manager':
    'github:nix-community/home-manager/7419250703fd5eb50e99bdfb07a86671939103ea?narHash=sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ%3D' (2025-05-23)
  → 'github:nix-community/home-manager/c47b2cc64a629f8e075de52e4742de688f930dc6?narHash=sha256-kkgA32s/f4jaa4UG%2B2f8C225Qvclxnqs76mf8zvTVPg%3D' (2026-01-16)
• Updated input 'impermanence/nixpkgs':
    'github:nixos/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D' (2025-05-23)
  → 'github:nixos/nixpkgs/e4bae1bd10c9c57b2cf517953ab70060a828ee6f?narHash=sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc%3D' (2026-01-16)
• Updated input 'niri-flake':
    'github:sodiboo/niri-flake/a789aa1512a9157d5d3392b27e60621fd0d83438?narHash=sha256-HLr9k8g1Geq40PLsNw7I5N8TZkBYtQVjkgDPV/Kehxk%3D' (2026-01-08)
  → 'github:sodiboo/niri-flake/6581f5458309233622c1b73c8902dcaea7be16eb?narHash=sha256-ct4qxmFJeJbaJKiOnXOZmRmVmk7TpT%2BlohuTgTr%2BkYQ%3D' (2026-01-20)
• Updated input 'niri-flake/niri-unstable':
    'github:YaLTeR/niri/10df9f4717cbd4efd20ae796eb6b0aa400127bdc?narHash=sha256-qS4tdG2iUQwSld9dTH1gk8GcIOrRi9umMgPv8MGDIA0%3D' (2026-01-07)
  → 'github:YaLTeR/niri/d7184a04b904e07113f4623610775ae78d32394c?narHash=sha256-Ub8eed4DsfIDWyg30xEe%2B8bSxL/z5Af/gCjmvJ0V/Hs%3D' (2026-01-17)
• Updated input 'niri-flake/nixpkgs':
    'github:NixOS/nixpkgs/5912c1772a44e31bf1c63c0390b90501e5026886?narHash=sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4%3D' (2026-01-07)
  → 'github:NixOS/nixpkgs/e4bae1bd10c9c57b2cf517953ab70060a828ee6f?narHash=sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc%3D' (2026-01-16)
• Updated input 'niri-flake/nixpkgs-stable':
    'github:NixOS/nixpkgs/d351d0653aeb7877273920cd3e823994e7579b0b?narHash=sha256-r4GVX%2BFToWVE2My8VVZH4V0pTIpnu2ZE8/Z4uxGEMBE%3D' (2026-01-07)
  → 'github:NixOS/nixpkgs/77ef7a29d276c6d8303aece3444d61118ef71ac2?narHash=sha256-XsM7GP3jHlephymxhDE%2B/TKKO1Q16phz/vQiLBGhpF4%3D' (2026-01-18)
• Updated input 'niri-flake/xwayland-satellite-unstable':
    'github:Supreeeme/xwayland-satellite/74cf1a95a35fd7aec76432bc2cd9b310e0d908c5?narHash=sha256-0PgS7M1SV6JCN3MugFZPaP8J%2BMr2o7lSDFTPVYZSIAY%3D' (2026-01-07)
  → 'github:Supreeeme/xwayland-satellite/ed1cef792b4def3321ff9ab5479df09609f17a69?narHash=sha256-C1JbyJ3ftogmN3vmLNfyPtnJw2wY64TiUTIhFtk1Leg%3D' (2026-01-18)
• Updated input 'nix-ai-tools':
    'github:numtide/llm-agents.nix/1e0eaa265ba27a04f89b3265583bdf7da54a3972?narHash=sha256-Wo1jRV29yb3NwWf1hG80rmhrTC5x3F%2Bbvj5u/fvxMW4%3D' (2026-01-08)
  → 'github:numtide/llm-agents.nix/78f3fdc13ef903475aa5bfc0f85eeefaa36af837?narHash=sha256-gFoGvnW2YDWsxKD56kdiXbhh9vBPAU3yusssbXF0UMo%3D' (2026-01-20)
• Updated input 'nix-ai-tools/nixpkgs':
    'github:NixOS/nixpkgs/16c7794d0a28b5a37904d55bcca36003b9109aaa?narHash=sha256-fFUnEYMla8b7UKjijLnMe%2BoVFOz6HjijGGNS1l7dYaQ%3D' (2026-01-02)
  → 'github:NixOS/nixpkgs/bde09022887110deb780067364a0818e89258968?narHash=sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo%2Bw8KsY4%3D' (2026-01-19)
• Updated input 'nix-ai-tools/treefmt-nix':
    'github:numtide/treefmt-nix/778a1d691f1ef45dd68c661715c5bf8cbf131c80?narHash=sha256-QfX6g3Wj2vQe7oBJEbTf0npvC6sJoDbF9hb2%2BgM5tf8%3D' (2026-01-07)
  → 'github:numtide/treefmt-nix/e96d59dff5c0d7fddb9d113ba108f03c3ef99eca?narHash=sha256-67vyT1%2BxClLldnumAzCTBvU0jLZ1YBcf4vANRWP3%2BAk%3D' (2026-01-11)
• Updated input 'nix-flatpak':
    'github:gmodena/nix-flatpak/62f636b87ef6050760a8cb325cadb90674d1e23e?narHash=sha256-0bBqT%2B3XncgF8F03RFAamw9vdf0VmaDoIJLTGkjfQZs%3D' (2025-08-09)
  → 'github:gmodena/nix-flatpak/123fe29340a5b8671367055b75a6e7c320d6f89a?narHash=sha256-Sbh037scxKFm7xL0ahgSCw%2BX2/5ZKeOwI2clqrYr9j4%3D' (2026-01-17)
• Updated input 'nixos-cli':
    'github:nix-community/nixos-cli/b68f36728504f1017591a9e296237a867e52156d?narHash=sha256-V/4vkr/tTJ50dh57GEKZbEikex%2BGqOVVF2SVYwLcSmQ%3D' (2026-01-02)
  → 'github:nix-community/nixos-cli/5e79001c7a8b556c3c61d4ef38f0f0fa1187ee90?narHash=sha256-6w1Mhg6%2B46LlaheCa1O/jIk02ukerZ7DdUf9GlQVGxc%3D' (2026-01-18)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/5912c1772a44e31bf1c63c0390b90501e5026886?narHash=sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4%3D' (2026-01-07)
  → 'github:nixos/nixpkgs/e4bae1bd10c9c57b2cf517953ab70060a828ee6f?narHash=sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc%3D' (2026-01-16)
• Updated input 'nixpkgs-stable':
    'github:nixos/nixpkgs/d351d0653aeb7877273920cd3e823994e7579b0b?narHash=sha256-r4GVX%2BFToWVE2My8VVZH4V0pTIpnu2ZE8/Z4uxGEMBE%3D' (2026-01-07)
  → 'github:nixos/nixpkgs/77ef7a29d276c6d8303aece3444d61118ef71ac2?narHash=sha256-XsM7GP3jHlephymxhDE%2B/TKKO1Q16phz/vQiLBGhpF4%3D' (2026-01-18)
• Updated input 'noctalia':
    'github:noctalia-dev/noctalia-shell/6a61bf185c1b9a508377bde924db58ff53ef2d93?narHash=sha256-/fDWzjo%2BukaTCBzxycwyR5xB10/4N%2Bi9wBfTOFNfYHQ%3D' (2026-01-08)
  → 'github:noctalia-dev/noctalia-shell/1ef5c0eb307e8a4f30dfa6bcc75cf90ae8c6af46?narHash=sha256-T4H/VMjGwBuHEIrPYWfXQ73XV0foCuFGgH7k3SNSJDo%3D' (2026-01-20)
• Updated input 'stylix':
    'github:danth/stylix/a525e4774f2576e0f10b8b183c2dfaf7d165c052?narHash=sha256-5/hrrHMZuwwJXqLb86MBElPKS61Efe%2BhgGkVvpbzJM4%3D' (2026-01-08)
  → 'github:danth/stylix/06684f00cfbee14da96fd4307b966884de272d3a?narHash=sha256-3%2Bh7OxqfrPIB/tRsiZXWE9sCbTm7NQN5Ie428p%2BS6BA%3D' (2026-01-18)
• Updated input 'vicinae':
    'github:vicinaehq/vicinae/aab965dcf29529c5fab67b9c2fb5f8168f76fa1b?narHash=sha256-OPBgcM2ZzbVEUS6lwRpJo2JBfiRK8TmYVSmZImEW2gA%3D' (2026-01-07)
  → 'github:vicinaehq/vicinae/934bc0ad47be6dbd6498a0dac655c4613fd0ab27?narHash=sha256-u5bWDuwk6oieTnvm1YjNotcYK8iJSddH5%2BS68%2BX4TSc%3D' (2026-01-19)
• Updated input 'zen-browser':
    'github:0xc000022070/zen-browser-flake/8b2302d8c10369c9135552cc892da75cff5ddb03?narHash=sha256-5ysv8EuVAgDoYmNuXEUNf7vBzdeRaFxeIlIndv5HMvs%3D' (2026-01-07)
  → 'github:0xc000022070/zen-browser-flake/37149a5b77e8fd2b5332e8cec9edf39ca5b8e8bc?narHash=sha256-w10iy/aqd5LtD78NDWWG%2BeKGzkb%2BcGhAAo7PVciLbWE%3D' (2026-01-20)
• Updated input 'zen-browser/home-manager':
    'github:nix-community/home-manager/e4e78a2cbeaddd07ab7238971b16468cc1d14daf?narHash=sha256-GKgwu5//R%2BcLdKysZjGqvUEEOGXXLdt93sNXeb2M/Lk%3D' (2025-12-30)
  → 'github:nix-community/home-manager/b4d88c9ac42ae1a745283f6547701da43b6e9f9b?narHash=sha256-cJbFn17oyg6qAraLr%2BNVeNJrXsrzJdrudkzI4H2iTcg%3D' (2026-01-14)
• Updated input 'zen-browser/nixpkgs':
    'github:nixos/nixpkgs/c0b0e0fddf73fd517c3471e546c0df87a42d53f4?narHash=sha256-coBu0ONtFzlwwVBzmjacUQwj3G%2BlybcZ1oeNSQkgC0M%3D' (2025-12-28)
  → 'github:nixos/nixpkgs/ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38?narHash=sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs%3D' (2026-01-11)
2026-01-20 15:42:26 -03:00
hosts nixfmt-rfc-style is now nixfmt; programs.adb no longer a thing 2026-01-08 14:44:36 -03:00
modules added error handling to ephemeral.nix 2025-10-15 20:07:51 -03:00
packages claude-desktop package 2025-12-16 10:37:28 -03:00
secrets forgejo: disable singup; document root password 2025-11-09 10:34:57 -03:00
shared cleaner shared services file 2025-11-30 09:47:05 -03:00
terranix new ssh key for himalia 2025-11-10 11:04:55 -03:00
users collabora is now the online office suite 2025-11-30 09:59:31 -03:00
.envrc simplify .envrc 2024-09-25 08:43:28 -03:00
.gitignore dns records only for actual services 2025-11-09 13:37:04 -03:00
deploy.nix local build on io deploy 2025-10-20 11:41:15 -03:00
devShells.nix nixfmt-rfc-style is now nixfmt; programs.adb no longer a thing 2026-01-08 14:44:36 -03:00
flake.lock flake.lock: Update 2026-01-20 15:42:26 -03:00
flake.nix claude-desktop package 2025-12-16 10:37:28 -03:00
homeConfigurations.nix finalising niri config on io 2025-10-20 14:10:18 -03:00
nixosConfigurations.nix update nixpkgs-stable to 25.11 2025-12-14 11:01:03 -03:00
nixosModules.nix ephemeral is now a nixosModule 2025-10-15 19:59:31 -03:00
overlays.nix claude-desktop package 2025-12-16 10:37:28 -03:00
packages.nix claude-desktop package 2025-12-16 10:37:28 -03:00
readme.md Update readme.md 2025-11-09 16:28:17 -03:00
terranixConfigurations.nix Add Tailscale tailnet DNS configuration via Terranix 2025-11-09 10:29:45 -03:00
utils.nix cleaner shared services file 2025-11-30 09:47:05 -03:00

readme.md

Nix Configuration

My personal Nix configuration for multiple NixOS hosts, home-manager users, miscellaneous resources... too many things to list. If I could put my life in a flake I would.

Hosts

Desktop Systems

  • rotterdam - Main desktop workstation (x86_64)

    • Features: Desktop, AI tools, Bluetooth, Dev environment, Gaming, Virtualization (libvirtd), Podman
    • Storage: Ephemeral root with LUKS encryption

  • io - Laptop workstation (x86_64)

    • Features: Desktop, AI tools, Bluetooth, Dev environment, Podman
    • Storage: Ephemeral root with LUKS encryption

Servers

  • alexandria - Home server (x86_64)

    • Hosts: Nextcloud, Vaultwarden, Jellyfin, Kanidm

  • trantor - Cloud server (aarch64)

    • Hosts: Forgejo
    • Cloud provider: Oracle Cloud Infrastructure
    • Storage: Ephemeral root with btrfs

Home Manager Configurations

  • user@rotterdam - Full desktop setup with gaming, OBS, and complete development environment
  • user@io - Lightweight desktop setup

Both configurations include:

  • btop, direnv, helix, starship, tmux
  • Stylix theme management
  • Fish shell with custom configurations

Terranix Configurations

Infrastructure as code using Terranix (NixOS + Terraform/OpenTofu):

  • oci-trantor - Oracle Cloud Infrastructure provisioning for Trantor server
  • cloudflare-baduhaidev - DNS and CDN configuration for baduhai.dev domain
  • tailscale-tailnet - Tailscale network ACL and device management

Services

All services are accessible via custom domains under baduhai.dev:

  • Kanidm (auth.baduhai.dev) - Identity and access management
  • Vaultwarden (pass.baduhai.dev) - Password manager
  • Forgejo (git.baduhai.dev) - Git forge (publicly accessible)
  • Nextcloud (cloud.baduhai.dev) - File sync and collaboration
  • Jellyfin (jellyfin.baduhai.dev) - Media server

Services are accessible via:

  • LAN for alexandria-hosted services
  • Tailscale VPN for all services
  • Public internet for Forgejo only

Notable Features

Ephemeral Root

Rotterdam, io, and trantor use an ephemeral root filesystem that resets on every boot:

  • Root filesystem is automatically rolled back using btrfs snapshots
  • Old snapshots retained for 30 days
  • Persistent data stored in dedicated subvolumes
  • Implements truly stateless systems

Custom DNS Architecture

  • Unbound DNS servers on both alexandria and trantor
  • Service routing based on visibility flags (public/LAN/Tailscale)
  • Split-horizon DNS for optimal access paths

Security

  • LUKS full-disk encryption on desktop systems
  • Fail2ban on public-facing servers
  • agenix for secrets management
  • Tailscale for secure remote access

Desktop Environment

  • Custom Niri window manager (Wayland compositor)
  • Using forked version with auto-centering feature
  • Stylix for consistent theming

Development Setup

  • Nix flakes for reproducible builds
  • deploy-rs for automated deployments
  • Podman for containerization
  • Complete AI tooling integration