Darkness9724/nixos-config
Darkness9724/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
NixOS sucks for desktop usage. Nuff said.
75 commits 1 branch 0 tags 294 KiB
Find a file
Exact
Maxim Mikhailov a10db3cb67
 Add nixpkgs-patcher 
Use it to apply a patch that fixes a bcachefs subvolume mounting issue
which occurs when the X-mount.subdir= option is used.

Also make a slight change to argument passing.

Signed-off-by: Maxim Mikhailov <darkness9724@gmail.com>
2025-10-21 19:30:28 +02:00
hosts Add nixpkgs-patcher 2025-10-21 19:30:28 +02:00
modules Add lsfg-vk module 2025-09-27 19:08:25 +02:00
overlays Add server configuration 2025-10-11 12:50:08 +02:00
pkgs Enable ccache to speed up builds 2025-10-11 11:48:27 +02:00
secrets Add server configuration 2025-10-11 12:50:08 +02:00
templates/lualatex Format nix files 2025-09-27 15:56:36 +02:00
.editorconfig Convert tabs to spaces 2023-08-23 19:25:02 +02:00
.gitignore Global upgrade to NixOS unstable 2025-08-31 08:17:38 +02:00
.sops.yaml Add server configuration 2025-10-11 12:50:08 +02:00
flake.lock Add nixpkgs-patcher 2025-10-21 19:30:28 +02:00
flake.nix Add nixpkgs-patcher 2025-10-21 19:30:28 +02:00
LICENSE Add LICENSE 2023-08-20 10:48:19 +02:00
README.md Fix hashedPassword warn & remove separate wireguard.yaml 2025-10-11 11:40:10 +02:00

README.md

This repository provides a KISS NixOS flake configuration. No over 9000 nested modules, no complex overlays, and no dozens of host configurations.

Powered by Lix!

Usage

Remote

$ nixos-rebuild switch --flake git+https://gitlab.com/Darkness9724/nix-config --sudo

Local clone

$ git clone https://gitlab.com/Darkness9724/nix-config
$ cd nix-config
$ nixos-rebuild switch --flake . --sudo

Secret management

This section is more of a reminder to myself — since Ive already managed to forget once how to properly setup each of these methods.

At the moment, we use two approaches to organizing secret storage:

  1. The classic one, using sops-nix. It works well when we can access a secret through nix options that take a file input, use LoadCredentials, or even EnvironmentFile. However, its completely unsuitable when we need to hide the fact that certain nix expressions are being used (for example, hiding a static public IP).

  2. The hacky one, using a hidden git repository accessible only over SSH. Its much more flexible since it allows us to hide literally anything — a nix module, an expression, or even a plain file containing a list of porn sites. But I wouldnt actually call it hacky (and would probably use only this approach — I mean, why bother with sops-nix then?) if it werent for one serious drawback: flake inputs are not lazy at all — nix always tries to copy them into /nix/store, even if theyre unused or unavailable (for instance, when an SSH key is missing). This prevents fully automating deployment of the configuration on machines that dont have access to the hidden repository. Therefore, if someone else wants to use this flake, theyll need to remove or comment out inputs.private.

Now, about how each method is set up:

  1. Since I already had my own long-standing GPG key — generated long before NixOS even was given a try — I decided to use it, since sops-nix allows that. To do this, the public and private keys specified in .sops.yaml need to be transferred to the new machine and imported with /var/lib/sops specified as GNUPGHOME.

  2. On a fresh machine, its enough to simply set

    programs.git.enable = true;

    then run

    $ ssh-keygen -t ed25519

Packages

This repo also includes custom packages you can run, like nix run .#zink-run.