Features | Roles | Images | CLI | Related
slighly overengineered NixOS configuration flake for multiple hosts
Why do I not use some popular libraries?
Nix-specific features:
- Completely reproducible, pure evaluation
- Dotfiles managed using wrappers implemented from basic nixpkgs functions
- Symlinks in ~ managed using hjem
- Secrets managed using sops-nix
- Secure boot using lanzaboote
- Impermanence using ZFS snapshots and bind mounts, without the library.
- Package management using lix
- Role-based modules
- Variables system for device-specific configuration
- Flake helper CLI
- Flake-enabled installation images
Desktop features:
- 100% wayland, no xorg or xwayland
- SwayFX compositor
- Waybar top panel with several useful modules
- Eww widgets for bottom dock, dashboard, calendar, etc
- Rofi menu for launchers, clipboard history, workspace switchers, etc
- Brave browser with tight policies to ensure security and protect user privacy
- Sandboxing with Bubblewrap and xdg-dbus-proxy.
- NVF-powered neovim configuration
- Theming and colors with colors
- Declarative browser homepage with homepage
- Declarative wallpapers with wallpapers
- XKCD lockscreen wallpapers with xkcd-wall
- Automatic behavior changes when outside trusted & reliable networks with Roaming Mode
Services features:
- Unbound dns server
- NGINX web server & reverse proxy
- ACME for Let's Encrypt certificates
- SearXNG search engine
- Vaultwarden password manager
- i2pd I2P router
- Jellyfin media server
Comprehensive features list:
| Category | Stack |
|---|---|
| distro | NixOS |
| packages | nixos-unstable |
| package manager | lix |
| kernel | linux |
| shell | bash |
| entropy | jitterentropy |
| malloc | graphene-hardened |
| bootloader | systemd-boot, uboot |
| secure boot | lanzaboote |
| filesystem | zfs |
| impermanence | zfs(8) mount(8) |
| drive health | smartmontools |
| ~ symlinks | hjem |
| dotfiles | nixpkgs wrappers |
| auditing | auditd |
| secrets | sops, sops-nix |
| usb policy | usbguard |
| sandboxing | bubblewrap, xdg-dbus-proxy |
| firewall | nf_tables |
| mac randomization | macchanger |
| anonymity | i2pd |
| networking | wpa_supplicant |
| dns | unbound |
| secure shell | sshd, fail2ban |
| display server | wayland |
| compositor | swayfx, cage |
| bar | waybar |
| widgets | eww |
| launcher | rofi |
| notifications | dunst |
| terminal emulator | foot |
| file manager | thunar |
| audio | pipewire, pavucontrol, playerctl |
| media player | mpv |
| pdf reader | zathura |
| images | swayimg, imagemagick |
| vector graphics editor | inkscape |
| screenshots | grimshot, grim, slurp |
| clipboard | cliphist |
| browser | brave |
| web server | nginx |
| certificates | acme |
| homepage | homepage |
| search engine | searxng |
| media server | jellyfin |
| bittorrent | qbittorrent-nox |
| passwords | vaultwarden |
| text editor | neovim, mousepad |
| version control | git |
| development | rust, python, go, haskell |
| virtualization | qemu, virt-manager, distrobox, p
8E18
odman |
| cpu optimizations | auto-cpufreq |
| resource monitor | btop, htop |
| themes, icons, cursors, fonts | colors |
| wallpapers | wallpapers, xkcd-wall |
| terminal misc | cava, fortune |
This flake uses role-based configuration.
| Role | Description | Documentation |
|---|---|---|
| Laptop | Personal laptop configuration. | Requirements - Setup - Usage |
| Server | Headless home-server configuration. | Requirements - Setup - Usage |
Some previous roles have been moved to separate repos, see Related.
Three images: GNOME, Minimal and SD are included (for installation, recovery, etc.)
These images have an ideal environment for bootstrapping and installing this flake.
It is also possible to further configure these images for specific installation setups. Modules for remote installation over a wireless network are also provided.
See Images Documentation for more details.
Routine tasks such as updating the flake, switching configurations,
garbage-collecting, and editing variables & secrets are handled through the
bespoke unified nixos(1) wrapper CLI.
Manpage:
man nixosSee CLI Documentation for the full command reference and workflow examples.
Here are some of my other repos that are related to my NixOS tooling:
- neovim, Neovim configuration flake (ft. nvf)
- neovim-nixvim, Neovim configuration flake (ft. nixvim)
- colors, Colorscheme flake
- wallpapers, Expose wallpapers as Nix expressions
- homepage, A pure Nix static homepage generator
- droid, nix-on-droid configuration
- pattern, Atomic, image-based systems with A/B updates, provisioned using Nix
- flag, A pattern for my VMs
- nate, MATE desktop for my NixOS needs
- coffee, A very minimal openbox configuration
Some of these repos were previously part of this repo, but separated due to being out-of-scope (eg, pattern).
Others are still in-scope, but are maintained separately for simplicity (eg, wallpapers).