No description
| home | ||
| hosts | ||
| modules | ||
| scripts | ||
| secrets | ||
| .gitattributes | ||
| .gitignore | ||
| flake.lock | ||
| flake.nix | ||
| README.md | ||
🌈 My NixOS configuration and setup
A modular, reproducible, and secure NixOS configuration for homeservers, workstations, WSL, and Nix-on-Droid.
📌 Overview
This repository contains my NixOS and Home Manager configurations for various environments, including:
- Native NixOS (Desktops, Servers)
- WSL (Windows Subsystem for Linux)
- Nix-on-Droid (Android devices)
- Home Manager (Nix on other GNU/Linux distributions)
The setup is modular, reproducible, and secure, with support for GitCrypt for secrets management.
📂 Structure
| Directory/File | Description |
|---|---|
home/ |
Home Manager configurations and user-specific settings |
hosts/ |
Host-specific configurations (e.g., mikrobi/, puffy/) |
modules/ |
Reusable NixOS modules (hardware, profiles, services, system) |
scripts/ |
Utility scripts for setup and maintenance |
secrets/ |
Sensitive data and configuration (encrypted with GitCrypt) |
🔧 Modules
Hardware
| Module | Description |
|---|---|
| AMD GPU | CoreCTRL, Vulkan Tools, and GPU undervolting |
| LED control | Control LED colors |
Profiles
| Module | Description |
|---|---|
| Development | Thonny, Android Studio (unstable) |
| Gaming | Lutris, Steam, Wine |
| GNOME | GNOME desktop environment with Dracula theme |
| GUI Extras | Additional GUI applications |
| GUI | Minimal GUI applications |
| Niri + Noctalia Shell | Niri + Noctalia with Dracula theme |
| Security | Nmap, Wireshark, and auditing tools |
| Work | Citrix Client, Alpaca Proxy |
Services
| Module | Description |
|---|---|
| Generative AI/LLM | ComfyUI, Mimic (TTS), Ollama, Open-WebUI, oterm |
| Printing | Printer and scanner setup |
| Prometheus | Prometheus exporter for Grafana monitoring |
| SSH | SSH remote login configuration |
| Virtualization | GNOME Boxes, UEFI fix, QEMU |
System
| Module | Description |
|---|---|
| Hibernation | Hibernate on power button, sleep then hibernate on lid close |
| Kernels | Default, desktop, and server kernel settings |
| Plymouth | Plymouth graphical boot process settings |
| Secure Boot | Secure Boot configuration |
Home Manager
| Module | Description |
|---|---|
| Ghostty | Customized Ghostty terminal configuration |
| Librewolf | Customized Librewolf browser configuration |
| NeoVim | Customized NeoVim configuration |
| VSCodium | Customized VSCodium configuration |
🔐 Gitcrypt
GitCrypt is used to encrypt sensitive files (e.g., secrets/variables.json).
Setup
-
Make sure
gitandgit-cryptis installed:
nix-shell -p git git-crypt
- Get key as base64
git-crypt export-key -|base64 -w0
- Save key
Unlock the repository
stty -echo;head -n1|base64 -d|git crypt unlock -;stty echo
- Sample config file variables.json
💻 Native NixOS
- Clone repo
git clone https://git.kbnetcloud.de/riza/nixos.git ~/git/nixos
cd ~/git/nixos
- Decrypt git-crypt
- Setup disk
- ⚠️ Warning: The disksetup scripts will delete all partitions on
nvme0n1,sdaorvda - One btrfs volume with subvolumes for
rootfs,homeandnix - Physical volumes (nvme, sda) encrypted via cryptsetup
- Virtual volumes (vda) unencrypted
- GPT-based configuration for modern UEFI systems using systemd-boot
- MBR-based configuration for legacy BIOS systems using the GRUB bootloader
- Swap via
zram
scripts/disksetup_gpt.sh
# Or
scripts/disksetup_mbr.sh
- Generate Hardware configuration
nixos-generate-config --root /mnt --show-hardware-config > hosts/<host>/hardware-configuration.nix
- Check if btrfs mountpoints have
"compress=zstd"parameter or add it manually
- Start installation for
<hostname>. Password is defined in the secrets json:
nixos-install --flake .#<hostname> --no-root-password
Maintenance
nhis being used to maintain NixOS- Update with
u - Reconfiguration with
r - Cleanup with
c - Push to git with
p - Pull from git with
pu
🪟 WSL
- Follow NixOS installation on WSL from https://github.com/nix-community/NixOS-WSL
- Clone repo
git clone https://git.kbnetcloud.de/riza/nixos.git ~/git/nixos
cd ~/git/nixos
-
Decrypt git-crypt
-
Update Nix channels
nix-channel --update
- Switch to new configuration
nixos-rebuild switch --flake .#<hostname> --impure
- Restart Nixos
wsl -t nixos
Maintenance
- Use
nhfor maintenance (same commands as Native NixOS).
📱 Nix-on-droid
- Install app from F-droid
- Enable Flake install and let installation configure base system
- Add
openssh,gitandgit-cryptpackages in package section of.config/nix-on-droid/nix-on-droid.nix - Rebuild to install additional packages
- Clone repo
git clone https://git.kbnetcloud.de/riza/nixos.git git/nixos
-
Decrypt git-crypt
-
Switch to new config
nix-on-droid switch -F ~/git/nixos/
Maintenance
nix-on-droidto maintain nix-on-droid- Reconfiguration with
r [--dry-run] - Pull from git with
pu
🏠 Home-manager
Requirements: Any GNU/Linux with native package installed:
- Gnome Desktop Environment or
- Niri and Noctalia-shell
- Ghostty
- SELinux disabled/permissive
- Install nix packet manager
sh <(curl --proto '=https' --tlsv1.2 -L https://nixos.org/nix/install) --daemon
- Enable flake feature
mkdir -p ~/.config/nix
echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf
- Clone repo
git clone https://git.kbnetcloud.de/riza/nixos.git ~/git/nixos
cd ~/git/nixos
- Decrypt git-crypt
- Switch to home-manager shell
nix-shell -p home-manager
- Activate initial configuration
home-manager switch --flake ~/git/nixos/#hm
Maintenance
home-managerto maintain nix environment- Reconfiguration with
r [--dry-run] - Cleanup with
c - Pull from git with
pu
📜 License
This project is licensed under the MIT License.