NixOS flake for all of mine + my husband's hosts. Modules for Hyprland, Sway (with options for tablet optimizations), GNOME, and a variety of Home Lab services running on a mix of nix-native and OCI containers. Uses home-manager for managing dotfiles and disko for automatically partioning drives.
Host | lavaridge | petalburg | rustboro |
---|---|---|---|
Model | Framework Laptop 13 | Lenovo Yoga 9i Gen 8 | ThinkPad T440p |
Display | 13.5" 2256x1504 60Hz | 14" 2880x1800 90hz OLED | 14" 1920x1080 60hz |
CPU | AMD Ryzen 7640U | Intel Core i7-1360P | Intel Core i5-4210M |
RAM | 32GB DDR5-5600Mhz | 16GB LPDDR5-5200Mhz | 16GB DDR3L-1600Mhz |
GPU | AMD Radeon 760M | Intel Iris Xe Graphics | Intel HD Graphics 4600 |
Storage | 1TB Sk hynix P41 | 512GB M.2 PCIe 4.0 | 512GB SATA SSD |
Desktop | Hyprland | Sway (tablet mode) | Sway |
Host | fallarbor | mauville |
---|---|---|
Model | Framework Laptop 13 | Custom Mini-ITX Desktop |
Display | 13.5" 2256x1504 60Hz | 34" 3440x1440 160Hz VA |
CPU | Intel Core i5-1135G7 | AMD Ryzen 5 2600 |
RAM | 16GB DDR4-3200Mhz | 16GB DDR4-3200Mhz |
GPU | Intel Iris Xe Graphics | AMD Radeon Rx 6700 |
Storage | 512GB M.2 PCIe 3.0 | 1TB M.2 PCIe 3.0 |
Desktop | Hyprland | Sway |
Service | Description | Source/Runtime | Domain |
---|---|---|---|
Nix Binary Cache | LAN cache for nix derivations. | nix-serve (nixpkgs) | https://nixcache.raffauflabs.com |
Navidrome | SubSonic-compatible music server. | nix-container (nixpkgs) | https://music.raffauflabs.com |
Plex | Music, TV, and Movie streaming. | OCI: plexinc/pms-docker:public | https://plex.raffauflabs.com |
Audiobookshelf | Podcasts & audiobooks. | OCI: advplyr/audiobookshelf:latest | https://podcasts.raffauflabs.com |
FreshRSS | RSS & News reader. | OCI: freshrss/freshrss:latest | https://news.raffauflabs.com |
Transmission | BitTorrent. | OCI: linuxserver/transmission:latest | Tailnet |
Samba | LAN file shares. | nixpkgs | Tailnet |
Nginx | Reverse proxy. | nixpkgs | Tailnet |
Ollama | Runs opensource LLMs. | nixpkgs | Tailnet |
🔴 Do not deploy this flake unmodified to your machine. It won't work. This is my own NixOS and home-manager flake for my personal devices. Each hardware-configuration is host-specific. If you fork this repository, replace them with the hardware-configuration.nix that NixOS generates for you.
While widely used and considered stable, flakes are still considered experimental. To enable Flakes, add the following lines to your configuration.nix
and rebuild.
nix.settings.experimental-features = [ "nix-command" "flakes" ];
Alternatively, pass --experimental-features "nix-command flakes"
to nix
to temporarily use flakes.
In order to deploy this Flake on your host, run the following command:
sudo nixos-rebuild boot --flake github:alyraffauf/nixcfg#$HOSTNAME
Substitute $HOSTNAME
for whichever hostname you have chosen. Reboot to apply the flake's configuration for the chosen host.
🔴 This will erase your computer's disk as specified by the host configuration, installing a fresh copy of NixOS. Backup first!
If you want to install NixOS from this flake, run the following commands, ideally from a NixOS live environment, substituting $HOSTNAME
with a NixOS configuration specified in flake.nix
.
sudo nix --experimental-features "nix-command flakes" run github:alyraffauf/nixcfg -- $HOSTNAME
- Create
hosts/$HOSTNAME/default.nix
and other host-specific nix modules (e.g.disko.nix
,hardware.nix
, andhome.nix
). - Add host to
nixosConfigurations
inflake.nix
. - (OPTIONAL) Generate a
cert.pem
,key.pem
, and device ID for Syncthing withsyncthing -generate=$HOSTNAME
. Find the device ID in the generatedconfig.xml
and add it tonixosModules/services/syncthing/default.nix
, encrypt the cert and key with agenix, and set them as appropriate in the host configuration. - Install NixOS from this flake. Secrets will not be available on first boot.
- Copy the new system's public SSH key (
/etc/ssh/ssh_host_ed25519_key.pub
) to the host configuration (host/$HOSTNAME/ssh.pub
). - Add the new public key to
secrets/secrets.nix
and rekey all secrets withagenix --rekey
. - Rebuild the new system from git. Secrets will be automatically decrypted and immediately available in
/run/agenix/
. - (OPTIONAL) Generate a new user SSH key and add it to
nixosModules/users/default.nix
in order to enable passwordless logins to other hosts.