wiro.world / dotfiles
yep, more dotfiles
fork atom
Nix 85.7%
HCL 6.1%
Common Lisp 2.1%
Just 0.4%
Shell 0.1%
Other 5.6%
544 3 0

Clone this repository

https://tangled.org/wiro.world/dotfiles https://tangled.org/did:plc:xhgrjm4mcx3p5h3y6eino6ti/dotfiles
git@knot.wiro.world:wiro.world/dotfiles git@knot.wiro.world:did:plc:xhgrjm4mcx3p5h3y6eino6ti/dotfiles

For self-hosted knots, clone URLs may differ based on your setup.

Download tar.gz
README.md

mrnossiom's NixOS, Home Manager, and servers configuration#

Structure#

  • apps: scripts serving dotfiles purposes
  • assets: media or files that don't fit in Nix files
  • home-manager: Home Manager specific
    • fragments: Home Manager configuration fragments
    • profiles: base Home Manager configurations to build upon (e.g. desktop, minimal)
    • options.nix: Home Manager configuration options and flags
  • hosts: per-server configuration because a profile makes no sense
  • lib: additional custom lib and flake helpers
  • modules: modules that fill a missing feature of NixOS or Home Manager
  • nixos: NixOS related config
    • hardware/<hostname>.nix: device-specific settings like settings generated by nixos-generate-config
    • layout/<layout>.nix: Disko disk layouts used by managedDiskLayout (e.g luks-btrfs)
    • fragments: opinionated NixOS configuration fragments
    • profiles/<profile>.nix: base system configurations to build upon (e.g. laptop, installer)
    • options.nix: configuration options and flags
  • overlays: just plain Nix overlays
  • pkgs: Custom packages either not eligible or missing from repositories
  • secrets: agenix encrypted secrets and ssh keys
  • templates: quickstart files for different languages
  • globals.nix: global values shared throughout the config (e.g. domains)

NixOS options#

{
	local.ports."<name>" = 4242; # Shorthand
	local.ports."<name>" = {
		number = 4242;
		string = "4242"; # Read-only
		public = true; # Opens firewall depending on tcp/udp value
		tcp = true;
		udp = false;
	};
}

Home Manager options#

{
	local.flags = {
		onlyCached = true; # dictate if you prefer to use cached pkgs
	};

	local.fragment."<name>".enable = true; # dictate whether to enable a fragment
}

Quick snippets and guides for myself#

Add a new module#

  • Copy template and replace <name> with module name

    {
	config,
	lib,
	...
}:

let
	cfg = config.local.fragment.<name>;
in
{
  options.local.fragment."<name>".enable = lib.mkEnableOption ''
    <name> related

    Depends on:
		- [<Condition>] <dependency>: <reason>
		- ...
  '';

  config = lib.mkIf cfg.enable {
		assertions = [
			{
				assertion = config."<dependency>".enable;
				message = "<name> module depends on <dependency>";
			}
		];

		# put the rest of the config here
	};
}

  • Add the newly created file to Git.

  • Add the new module to the import list in <type>/fragments/default.nix.

  • Activate the module in the wanted profile.

Bootstrap lightweight home-manager config#

nix run nixpkgs#home-manager -- switch --flake .#lightweight

Add a new device#

  • Rekey secrets with device root ssh key, and create a session age key.

Make a backup#

Pull up your favorite ArchaicBackup disc

  • Set environment variables

    RESTIC_REPOSITORY: /run/media/user/discname/ RESTIC_PASSWORD_FILE: ?

  • Initialize repository

    restic init --repo /srv/restic-repo

Deploy server#

nixos-anywhere --flake .#weird-row-server user@ip

nixos-rebuild switch \
	--flake .#weird-row-server \
	--target-host 2a01:4f8:c2c:76d2::1 \
	--use-remote-sudo

LUKS reminders#

Secure boot#

Milo Moisson © 2023-2026