colin
/
nix-files
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
top-level configurations for all my NixOS machines
2,562 Commits 118 Branches 0 Tags 12 MiB
Nix 92.6%
Python 3.5%
Shell 2.1%
Rust 0.8%
Lua 0.7%
Other 0.3%
Go to file
Colin 9be5604c40 nixpkgs: 2023-06-26 -> 2023-06-27 
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/6b3d1b1cf13f407fef5e634b224d575eb7211975' (2023-06-26)
  → 'github:nixos/nixpkgs/e18dc963075ed115afb3e312b64643bf8fd4b474' (2023-06-27)
```
 		2023-06-29 00:49:09 +00:00
hosts desko: enable distccd 2023-06-28 04:16:20 +00:00
integrations/nur flake: add "check-nur" app to validate that my repo passes NUR checks 2023-06-26 01:26:13 +00:00
modules cleanup/refactor users 2023-06-28 03:46:29 +00:00
nixpatches nixpkgs: 2023-06-26 -> 2023-06-27 2023-06-29 00:49:09 +00:00
overlays cross: fix firefox-pmos-mobile cross compilation 2023-06-27 01:59:04 +00:00
pkgs linux-megous: note about stability 2023-06-28 00:20:14 +00:00
scripts install-iwd: port to static-nix-shell 2023-05-14 10:32:20 +00:00
secrets snippets: update 2023-06-14 02:30:29 +00:00
templates begin packaging for bonsai (incomplete) 2023-05-18 01:31:06 +00:00
.gitignore move secrets to a subdirectory, for improved overrides 2022-05-26 23:52:08 -07:00
.sops.yaml sops: fix key map after universal -> common rename 2023-05-16 07:19:09 +00:00
README.md README: update repo structure & link to mirrors 2023-05-10 10:15:05 +00:00
TODO.md add todo: gitea CI 2023-06-28 03:09:54 +00:00
flake.lock nixpkgs: 2023-06-26 -> 2023-06-27 2023-06-29 00:49:09 +00:00
flake.nix flake: add "check-nur" app to validate that my repo passes NUR checks 2023-06-26 01:26:13 +00:00

README.md

What's Here

this is the top-level repo from which i configure/deploy all my NixOS machines:

  • desktop
  • laptop
  • server
  • mobile phone

i enjoy a monorepo approach. this repo references nixpkgs, a couple 3rd party nix modules like sops, the sources for uninsane.org, and that's about it. custom derivations and modules (some of which i try to upstream) live directly here; even the sources for those packages is often kept here too.

Layout

  • hosts/
    • the bulk of config which isn't factored with external use in mind.
    • that is, if you were to add this repo to a flake.nix for your own use, you won't likely be depending on anything in this directory.
  • integrations/
    • code intended for consumption by external tools (e.g. the Nix User Repos)
  • modules/
    • config which is gated behind enable flags, in similar style to nixpkgs' nixos/ directory.
    • if you depend on this repo, it's most likely for something in this directory.
  • nixpatches/
    • literally, diffs i apply atop upstream nixpkgs before performing further eval.
  • overlays/
    • exposed via the overlays output in flake.nix.
    • predominantly a list of callPackage directives.
  • pkgs/
    • derivations for things not yet packaged in nixpkgs.
    • derivations for things from nixpkgs which i need to override for some reason.
    • inline code for wholly custom packages (e.g. pkgs/additional/sane-scripts/ for CLI tools that are highly specific to my setup).
  • scripts/
    • scripts which are referenced by other things in this repo.
    • these aren't generally user-facing, but they're factored out so that they can be invoked directly when i need to debug.
  • secrets/
    • encrypted keys, API tokens, anything which one or more of my machines needs read access to but shouldn't be world-readable.
    • not much to see here
  • templates/
    • exposed via the templates output in flake.nix.
    • used to instantiate short-lived environments.
    • used to auto-fill the boiler-plate portions of new packages.

Key Points of Interest

i.e. you might find value in using these in your own config:

  • modules/fs/
    • use this to statically define leafs and nodes anywhere in the filesystem, not just inside /nix/store.
    • e.g. specify that /var/www should be:
      • owned by a specific user/group
      • set to a specific mode
      • symlinked to some other path
      • populated with some statically-defined data
      • populated according to some script
      • created as a dependency of some service (e.g. nginx)
    • values defined here are applied neither at evaluation time nor at activation time.
      • rather, they become systemd services.
      • systemd manages dependencies
      • e.g. link /var/www -> /mnt/my-drive/www only after /mnt/my-drive/www appears)
    • this is akin to using Home Manager's file API -- the part which lets you statically define ~/.config files -- just with a different philosophy.
  • modules/persist/
    • my alternative to the Impermanence module.
    • this builds atop modules/fs/ to achieve things stock impermanence can't:
      • persist things to encrypted storage which is unlocked at login time (pam_mount).
      • "persist" cache directories -- to free up RAM -- but auto-wipe them on mount and encrypt them to ephemeral keys so they're unreadable post shutdown/unmount.
  • modules/programs.nix
    • like nixpkgs' programs options, but allows both system-wide or per-user deployment.
    • allows fs and persist config values to be gated behind program deployment:
      • e.g. /home/<user>/.mozilla/firefox is persisted only for users who sane.programs.firefox.enableFor.user."<user>" = true;
  • modules/users.nix
    • convenience layer atop the above modules so that you can just write fs.".config/git" instead of fs."/home/colin/.config/git"

some things in here could easily find broader use. if you would find benefit in them being factored out of my config, message me and we could work to make that happen.

Using This Repo In Your Own Config

this should be a pretty "standard" flake. just reference it, and import either

  • nixosModules.sane (for the modules)
  • overlays.pkgs (for the packages)

Mirrors

this repo exists in a few known locations:

Contact

if you want to contact me for questions, or collaborate to split something useful into a shared repo, etc, you can reach me via any method listed here.