brenix/nix-config

NixOS configuration

Nix Config

Usage

Install

To remotely install NixOS onto a target system, I use nixos-anywhere.

On the target system:

1. Boot the NixOS iso

2. Configure SSH authorized keys to enable SSH into the system

   [nixos@nixos:~]$ mkdir .ssh && curl https://github.com/brenix.keys > .ssh/authorized_keys

3. Note the IP address of the system

On a separate NixOS host:

1. Pull or cd to the directory for this repository

2. Enter the dev shell

   $ nix develop

3. Run ssh-to-age to get a pubkey for SOPS

   $ ssh-keyscan $TARGET_HOST | ssh-to-age

4. Update the .sops.yaml file and add a new host to the keys and creation rules

5. Update all of the secrets in the repo to include the new key

   $ make updatekeys

6. Run nixos-anywhere to remotely install NixOS on the target system

   $ nixos-anywhere --no-reboot --flake '.#neo' nixos@192.168.1.9 # Replace with the target system IP from above

On the target system:

1. Copy the livecd ssh host keys to the persist directory

   $ sudo mkdir -p /mnt/persist/etc/ssh && sudo cp /etc/ssh/ssh_host_ed25519* /mnt/persist/etc/ssh/

Building

I use a Makefile to simplify running of some commands

NixOS

Make Target:

make nixos

CLI:

sudo nixos-rebuild switch --verbose --flake ".#hostname"

Home-Manager Only

Make Target:

make home

CLI:

home-manager switch --flake ".#username@hostname"

Bootstrap:

nix run home-manager -- switch --flake ".#username@hostname"

Darwin

Make Target:

make nixos

CLI:

darwin-rebuild switch --verbose --flake ".#macbook"

Bootstrap:

nix run darwin-rebuild -- switch --flake ".#macbook"

Features

Some features of my nix-config:

• Structured to allow multiple NixOS configurations, including desktop, laptop
• Declarative config including themes and wallpapers
• Opt-in persistance through impermanence + blank snapshot
• Encrypted btrfs partition
• sops-nix for secrets management
• Custom live media ISO, with an "automated" install script
• Supports vfio for playing games on Windows

Hosts

• neo: My primary desktop computer
• morpheus: Framework 13th gen laptop
• trinity: My spare desktop now used as a K8S server
• vm: Qemu VM for testing
• iso: Builds custom installer ISO

Applications

Type	Program
OS	NixOS
Editor	Helix
Multiplexer	Zellij
Prompt	Starship
Launcher	Rofi
Shell	Fish
Status Bar	Waybar
Terminal	Foot
Window Manager	Hyprland
Fonts	Monaco
Colorscheme	Catppuccin Mocha

Acknowledgements

• A lot of the configuration and inspiration comes from https://github.com/hmajid2301/dotfiles
• For some additional snowfall/darwin config: https://github.com/jakehamilton/config
• Originally inspired by https://github.com/Misterio77/nix-config