alyraffauf/nixcfg
1
0
Fork 0
mirror of https://github.com/alyraffauf/nixcfg.git synced 2026-06-04 06:57:18 +00:00
Code Issues Projects Releases Packages Wiki Activity
Multi-host NixOS, Darwin, and home-manager deployments with Nix.
4,456 commits 1 branch 3 tags 126 MiB
  • Nix 92.2%
  • Shell 5.2%
  • Python 2.6%
Find a file
Exact
github-actions[bot] 6e276879d8 flake.lock: Update 
Flake lock file updates:

• Updated input 'cosmic-manager':
    'github:HeitorAugustoLN/cosmic-manager/819d4d2' (2025-12-15)
  → 'github:HeitorAugustoLN/cosmic-manager/1630bbf' (2026-05-30)
• Updated input 'disko':
    'github:nix-community/disko/caa775c' (2026-05-29)
  → 'github:nix-community/disko/115e521' (2026-06-01)
• Updated input 'home-manager':
    'github:nix-community/home-manager/b179bde' (2026-05-25)
  → 'github:nix-community/home-manager/e28654b' (2026-06-02)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/ec942ba' (2026-05-28)
  → 'github:NixOS/nixpkgs/b51242d' (2026-05-31)
• Updated input 'treefmt-nix':
    'github:numtide/treefmt-nix/790751f' (2026-04-08)
  → 'github:numtide/treefmt-nix/db94781' (2026-05-31)
2026-06-02 22:25:53 -04:00
.github/workflows hosts: drop pacifidlog 2026-05-30 10:18:16 -04:00
_img _img: add cosmic sc 2025-10-30 11:46:45 -04:00
homes home: drop specific hm cfgs 2026-05-29 20:17:53 -04:00
hosts rustboro/README: update specs 2026-06-01 22:21:45 -04:00
keys rekeys 2026-05-29 23:17:59 -04:00
modules nixos/profiles/wifi: disable wifi powersave 2026-06-01 21:46:16 -04:00
secrets secrets: upd tailscale 2026-05-29 23:21:39 -04:00
.envrc envrc: set DIRENV_WARN_TIMEOUT=0 2025-07-24 22:31:17 -04:00
.gitignore Revert "gitignore: remove editor cfgs" 2025-07-24 23:52:27 -04:00
.justfile agenix -> sops 2026-05-29 13:05:17 -04:00
.prettierignore flake/actions: init auto-generation of github workflows 2025-07-25 18:57:29 -04:00
.sops.yaml rekeys 2026-05-29 23:17:59 -04:00
flake.lock flake.lock: Update 2026-06-02 22:25:53 -04:00
flake.nix trim unnecessary overlays and modules 2026-05-29 14:31:07 -04:00
LICENSE.md hosts: add READMEs (#50) 2024-07-20 19:41:51 -04:00
README.md agenix -> sops 2026-05-29 13:05:17 -04:00

README.md

❄️ nixcfg

Welcome to my nixcfg!

This repository contains my Darwin, NixOS and home-manager configurations, along with whatever custom modules and packages they require. Hopefully, it's as useful to you as it is to me!

Features

  • Declarative System & Dotfiles: Fully declarative management of my macOS (Darwin) + Linux installations and user environments (dotfiles, packages) using Flakes, NixOS, nix-darwin, and home-manager.
  • Secure Boot & Encryption: Encrypted boot drives with Secure Boot via lanzaboote and automatic LUKS decryption using TPM.
  • Secrets Management: Encrypted secrets stored in-repo using sops-nix with age keys derived from SSH host/user keys.
  • Comprehensive Hardware Support: Meticulously crafted configurations for my (sometimes unique) devices, including custom audio enhancements (Pipewire filter chains) and device-specific power optimizations.
  • Robust Networking: Secure and flexible networking with Tailscale (it's WireGuard), declarative WiFi profiles, and NFS/Samba shares.
  • Productivity & Development: Pre-configured tools for development (Git, Helix, VS Code, Zed), shell enhancements (fastfetch, oh-my-posh, zsh), etc.

🔗 Related Flakes

  • cute.haus: Homelab cluster previously located in this repository.
  • flake: Fully featured flake template for NixOS, nix-darwin, home-manager configurations, and software projects.
  • fontix: Home-manager modules for setting consistent fonts and sizing across applications.
  • safari: Shell configuration, also previously in this repository.
  • secrets: Legacy encrypted secrets storage (migrated to sops-nix, kept for reference).
  • snippets: Reusable Nix snippets used across multiple repositories.

📂 Repository Structure

.
├── flake.nix                # Main entry point
├── homes/                   # home-manager configurations
├── hosts/                   # NixOS and Darwin host configurations
├── keys/                    # SSH public keys for age/sops encryption
├── modules/                 # Modular configurations
│   ├── darwin/              # macOS-specific modules
│   ├── home/                # home-manager modules
│   ├── flake/               # Organized flake components
│   │   ├── darwin.nix       # macOS-specific configurations
│   │   ├── home-manager.nix # Home-manager configurations
│   │   ├── nixos.nix        # NixOS-specific configurations
│   │   └── ...              # Other flake components
│   ├── nixos/               # NixOS-specific modules
│   └── snippets/            # Reusable configuration snippets
├── overlays/                # Custom Nixpkgs overlays
└── secrets/                 # sops-encrypted YAML secrets
    └── syncthing/           # Per-host Syncthing certificates

Secrets workflow

Secrets are encrypted with sops using age keys derived from SSH host/user keys. Recipients are managed in .sops.yaml.

# First-time setup: derive your age key from your SSH key
just sops-bootstrap

# Edit an existing secret
just sops-edit tailscale.yaml
just sops-edit syncthing/fallarbor.yaml

# After adding/removing a key in keys/, re-encrypt all secrets
just sops-rekey

NixOS and nix-darwin hosts decrypt system secrets automatically at activation using the host SSH key (/etc/ssh/ssh_host_ed25519_key). Home-manager decrypts user secrets using ~/.ssh/id_ed25519 (set up by just sops-bootstrap).

🤝 Contributing

While this is a personal project, Im open to feedback or suggestions.
Feel free to open an issue or share ideas that could improve this setup!

📜 License

This repository is licensed under the GNU General Public License.

Stargazers Over Time

Stargazers over time