❄️ ≃ 💙
This repository defines almost† all of the configuration for my machines running the NixOS Linux distribution, including installed programs, configuration files and running services, in a declarative and reproducible way.
NixOS is built on top of Nix, a package manager and build system with a declarative approach based on a lazy functional programming language. It makes life infinitely easier. (See GNU Guix for an alternative with a stronger focus on software freedoms.)
This repository is not meant to be used as-is by anyone else, but feel free to take inspiration (see the license). Of course, this is a perpetual work in progress.
Structure
modules
is where most of the configuration is defined.
The top-level modules are imported for every machine and may then import submodules conditionally;
for example, the server
module imports every module in the server
directory if the current machine is
a server. Similarly, the station
module contains modules to be used in physical machines (desktops and laptops).
Configuration for Nix itself is defined in the nix
module.
This module creates the file ~/.nix-defexpr/default.nix
, which is used as the
source of Nix expressions for various Nix commands (see Usage).
This file roughly replicates the environment available in modules: lib
, config
, pkgs
, etc.
Configuration for my home directory is managed using Home Manager
(see the home-manager
module).
machines
contains machine-specific configuration:
mu
is a Netcup VPS that runs web, mail and DNS servers formonade.li
, serves as an IRC bouncer (see theweechat
module) and a central node for my WireGuard network and for Syncthing.mo
is my old laptop, a Lenovo ThinkPad T420.no
is my new laptop, a Lenovo ThinkPad T14s Gen 1 AMD.fu
is my desktop computer.
secrets
contains sops-encrypted secrets.
They are decrypted on system activation by sops-nix
using my GPG private key (see the secrets
module).
lib
extends the Nixpkgs lib.
lib.my
is a collection
of variables used in all the modules, such as my username, domain name and
email addresses.
my.machines
contains basic information about all my machines (including those
not yet running NixOS) such as WireGuard public keys and Syncthing IDs.
The module argument this
is mapped to my.machines.${hostname}
.
flake.nix
declares this repository as a flake, an experimental feature of Nix.
This is the entry point where things are plugged into each other. The flake exports the following outputs:
lib
is the lib defined above.nixosConfigurations
is the set of configurations for my machines.packages.x86_64-linux.iso
creates an ISO image similar to the official unstable minimal ISO but with a few conveniences, like my localisation settings, a flakes-enabled Nix, git, and the GPG agent with SSH support (seeiso.nix
).- for convenience,
packages.x86_64-linux.host = nixosConfigurations.host.config.system.build.toplevel
.
Usage
The nix
module also defines a config
command which I use to manage my systems. It has the
following subcommands:
env
is meant to be sourced in scripts (as in. config env
) and exports a few common variables usinglib.toShellVars
.compare
allows me to compare the locked version of a flake input to the current upstream version.update
updates flake inputs.repl
,eval
andbld
runnix repl
,nix eval
andnix build
respectively on~/.nix-defexpr
. These three commands can be made to use the config from the worktree rather than the currently activated config by passing--wip
.
specialise
switches to a specialisation. I am not currently using this.revert
is meant to be used afterconfig test
orconfig specialise
to revert to the latest generation of the system profile.home
builds and activates my Home Manager configuration without building the whole system. This is useful for quickly testing a change to my home.- every other command (
build
,test
,switch
, …) is passed on tonixos-rebuild
. If prefixed with@host
, the command is run remotely onhost
.
† things currently not managed by this repository include:
- partition layouts, disk encryption and formatting
- GPG private keys (used to decrypt secrets in this repository)
- local git checkouts
- Thunderbird configuration
- general state (wireless networks, mail, command histories, …)