addison/nix-config
1
0
Fork 0
Code Activity
My NixOS config
335 commits 4 branches 0 tags 809 KiB
Find a file
Exact
Addison Emig 66dd052918 chore: update lock
2026-03-05 07:23:18 -05:00
docker/ai-dev feat: updates 2025-11-17 10:01:28 -06:00
docs docs: update install info 2025-11-06 15:43:17 -05:00
dot-files feat: script for monitor layout 2026-01-23 09:11:39 -05:00
hosts feat: add app for signing PDFs 2026-03-03 05:48:27 -05:00
modules fix: wt go 2026-03-04 05:01:10 -05:00
oh-my-zsh fix: git dirty status should include staged files 2025-11-13 14:54:38 -05:00
scripts feat: script for monitor layout 2026-01-23 09:11:39 -05:00
.envrc feat: switch dev server to iMac 2026-01-16 10:07:26 -05:00
.gitignore feat: secret management for dev server 2025-11-29 08:15:39 -05:00
flake.lock chore: update lock 2026-03-05 07:23:18 -05:00
flake.nix chore: update email 2026-02-27 04:44:01 -05:00
LICENSE Initial commit 2025-09-28 06:58:34 -04:00
README.md feat: use llm-agents for daily updates 2026-01-23 05:05:21 -05:00

README.md

nix-config

This repository holds my NixOS + Home-Manager configuration using the flakes approach for both a USB-drive sandbox installation and a full laptop installation.

Bootstrap / Initial Setup

  1. Get "Minimal ISO image" from the NixOS ISO Download Page

  2. Write it to a USB drive

  3. Boot from the USB drive

  4. Install to hard drive

  5. Clone this repository:

    git clone https://github.com/pertempto/nix-config.git ~/nix-config
cd ~/nix-config

  6. If you are setting up a new host - copy the automatically generated /etc/nixos/hardware-configuration.nix file to the appropriate ~/nix-config/hosts/ subdirectory.

    • Don't forget to git add the file - otherwise nix won't recognize it.
    • Verify the new file has the correct owner and group.

  7. Apply your host configuration:

    # This uses the usbSandbox host, but use the correct one for your system
sudo nixos-rebuild switch --flake .#usbSandbox

  8. Reboot

  9. Verify everything works

Note

One you have installed the flake the first time, you should be able to use the u alias in ZSH to trigger future updates.

Manual Steps

The following will need copied across manually and should be kept private and secure:

  • SSH keys
  • GitLab/GitHub auth
  • VPN connection configuration
    • OpenVPN3 for work
    • TailScale at home

The following manual tweaks I also apply:

  • Cosmic
    • Display orientation
    • Hide dock
    • Touchpad
      • Enable "Tap to click"
      • Enable "Scroll with two fingers"
    • Workspaces Span Displays
    • Tile current workspace
    • New workspace behavior: Tiled
    • Set up Startup Applications
  • Vivaldi
    • Dark mode
    • Left-side tab bar
    • Disable password manager
    • ChatGPT search engine
  • Cosmic Terminal
    • Hide header
    • Set font to FiraCode
  • Run setup-repos.sh script for the host

You will also want to switch to using SSH for the nix-config repo so that you can push changes: git remote set-url origin git@github.com:Pertempto/nix-config.git

Using the Flake

  • Rebuild system configuration:

    sudo nixos-rebuild switch --flake .#<host-name>

  • Update inputs and lock file:

    nix flake update
git add flake.lock
git commit -m "chore: update flake inputs"

Hosts & Hardware Profiles

  • Dev Server (devServer): For my homelab dev server. It runs in a ProxMox virtual machine.
  • USB Sandbox (usbSandbox): For getting started without committing to a full installation to my hard drive.
  • Work Laptop (thinkpad): For my ThinkPad T490 work laptop.
  • Additional host profiles may be added as needed.

Maintenance & Upgrades

  • Periodically run nix flake update to refresh inputs; commit changes.
  • Use Git branches when experimenting (e.g., switching compositors).

Security & Secrets

  • Do not commit secrets (API keys, private keys, credentials).
  • Store secrets next to the host/module and name them like <name>-secrets.nix or *-secrets.conf; keep examples with a .example suffix.
  • .gitignore already ignores **/*-secrets.nix and **/*-secrets.conf; restrict permissions (e.g. chmod 600).
  • For stronger protection consider encryption (age/GPG) or a secret manager.

Roadmap

  • Create flake.nix with proper inputs and outputs.
  • Define usbSandbox profile.
  • Install NixOS on USB drive (sandbox) and apply config.
  • Create Home-Manager config for user addison.
  • Test hardware (WiFi, GPU, battery, power) on sandbox.
  • List current applications from Pop!_OS and check availability.
  • Iterate configuration until system and home workflows are stable.
  • Backup Pop!_OS data.
  • Define thinkpad profile.
  • Install NixOS on internal drive.
  • Clone repo on internal install and apply thinkpad profile.
  • Verify everything works.
  • Set up nix.gc.
  • Set up nix.optimise.
  • Set up weekly slack reminder to run nix flake update

To Do: Flake Refactoring

Following best practices audit:

  • Add inputs.llm-agents.inputs.nixpkgs.follows = "nixpkgs" to flake.nix (avoids separate nixpkgs checkout)
  • Extract mkHost helper in flake.nix to eliminate nixosSystem boilerplate (~80 lines of duplication)
  • Pass inputs once via specialArgs instead of individual inputs (time-tracker, specture, llm-agents)
  • Update module signatures to accept inputs parameter
  • Move programs.vscode from shared.nix to home.nix (Home Manager is better fit for user extensions)
  • Move interactive shell config (oh-my-zsh, shellInit) from shared.nix to home.nix
  • Replace home.file."${config.xdg.configHome}" pattern in home.nix with xdg.configFile for subdirs

License

This configuration is licensed under the MIT License. Feel free to fork and adapt, though your hardware and preferences may differ.