Declarative, reproducible configuration for all my NixOS systems Covers workstation/gaming, laptop, and homelab/server use cases.
This repository manages multiple NixOS systems using a shared modular configuration. It's designed to be secure, composable, and automated using modern Nix tooling.
- Laptop ("neon"): Portable KVM/Swiss-Army Knife
- Homelab Server ("lithium"): Identity, Backups, Forgejo, Jellyfin
- Workstation / Gaming ("titanium"): Dev and Gaming /w Steam/Proton
- Secrets managed via
sops-nix - Deployable with
nixos-rebuild(and soondeploy-rsornixos-anywhere)
---
title: How it all fits together
---
graph TD
subgraph Entrypoint
flake
mkSystem
end
subgraph System Configuration
hosts
hosts_conf
hosts_hardware
end
subgraph User Configuration
users_default
users_home
end
subgraph Shared Modules
nixos_mods
home_mods
end
flake["flake.nix"] --> mkSystem["lib/mkSystem"]
mkSystem --> hosts["hosts/{hostname}/default.nix"]
mkSystem --> users_default["users/{username}/default.nix"]
mkSystem -.->|if file exists| users_home["users/{username}/home.nix"]
hosts --> nixos_mods@{ shape: docs, label: "modules/nixos/*"}
hosts --> hosts_conf["configuration.nix"]
hosts --> hosts_hardware["hardware.nix"]
users_home --> home_mods@{ shape: docs, label: "modules/home/*"}
With home-manager included as an input to the flake, and pulled into the hosts along with their users, this will automatically apply updates to both the system and user environments.
# This will show what the flake has to offer.
nix flake show
# Build a VM to test config
nixos-rebuild build-vm --flake .#hostname
# Preview and apply changes on a nixOS system
nixos-rebuild dry-run --flake .#hostname
sudo nixos-rebuild switch --flake .#hostname
# Preview and apply changes on a macOS system
darwin-rebuild dry-run --flake .#hostname
darwin-rebuild switch --flake .#hostname
# Generate an Install ISO
nix build .#nixosConfigurations.installIso.config.system.build.images.iso
# Verify the ISO contents
sudo mount -o loop result/iso/nixos-*.iso mnt
ls mnt
umount mnt- Reproducibility: All systems can be rebuilt from this repo
- Modularity: Every services is a reusable module
- Security: Minimal trust, secrets managed explicitly
- Composability: Roles + services enable rapid provisioning
├── flake.nix # sets inputs, imports lib functions, wires hosts and users
├── lib # functions to build flake outputs
├── hosts
│ ├── <hostname>
│ │ ├── configuration.nix # imports from ../../modules/nixos
│ │ ├── hardware.nix # host specific hardware configuration
│ │ └── default.nix # entrypoint for host configuration
├── users
│ ├── <username>
│ │ ├── default.nix # entrypoint for user configuration
│ │ └── home.nix # imports from ../../modules/home/
├── modules # Reusable NixOS and Home-Manager Modules
│ ├── nixos # host configuration modules
│ └── home # home-manager modules
├── overlays # Custom Nixpkgs overlays that modify existing pacakges.
└── pkgs # Custom Nix packages (not in nixpkgs)
- @shazow and https://github.com/shazow/nixfiles/
- [@ryan4yin] and the contributors and co-authors of nixos-and-flakes-book
- [@Mic92] for https://github.com/Mic92/sops-nix and https://blog.thalheim.io/
- Various GitHub Projects found with searches similar to this
- https://nix.dev/ and https://search.nixos.org/
- https://edolstra.github.io/pubs/phd-thesis.pdf