Disclaimer: I have no idea what I am doing, so take all of this with a grain (massive boulder) of salt.

This is used to be a literate file using org-mode to tangle all code blocks to various *.nix files across the configuration. I am used to one, massive (partially) organized file (see my Emacs Configuration), so this seemed natural: Documentation and configuration all in one file? How nice.

Edit: This file got way too big to parse and has now been split up logically.

What this ends up being is, quite literally, the One REPO to Rule Them All: My entire computing landscape is declared right where you are looking. This is the power of Nix.

NixOS is what I would refer to as ”the endgame of systems management”. I have used various distributions of Linux in the past, and while I have no gripes with the likes of Debian, Fedora, or Arch, I have always forgotten configuration settings in the past, struggled to maintain multiple machines without drift, or had breaking changes on each and every distro.

NixOS offers the bleeding edge with the stable, allowing easy rollbacks of any issues, allowing me to continue on with work and then fix things at a later date if I have a breaking change. This is increasingly important as I host various projects and services for a broader audience and cannot deal with any downtime.

What makes this possible is:

• NixOS
• home-manager
• deploy-rs
• nixos-anywhere
• org-mode (this document)

Excited yet? Let us begin…

1. Obtain installation media for nixOS.
2. Flash .iso to flash drive using dd or similar tool:

   dd if=nixos-minimal-xx.xx.iso of=/dev/sdX bs=4M status=progress
       

3. Boot up installer and connect to internet
4. Partition your drives (example for UEFI systems):

   # Create partitions
   parted /dev/nvme0n1 -- mklabel gpt
   parted /dev/nvme0n1 -- mkpart primary 512MiB -8GiB
   parted /dev/nvme0n1 -- mkpart primary linux-swap -8GiB 100%
   parted /dev/nvme0n1 -- mkpart ESP fat32 1MiB 512MiB
   parted /dev/nvme0n1 -- set 3 esp on
   
   # Format partitions
   mkfs.ext4 -L nixos /dev/nvme0n1p1
   mkswap -L swap /dev/nvme0n1p2
   mkfs.fat -F 32 -n boot /dev/nvme0n1p3
   
   # Mount filesystems
   mount /dev/disk/by-label/nixos /mnt
   mkdir -p /mnt/boot
   mount /dev/disk/by-label/boot /mnt/boot
   swapon /dev/nvme0n1p2
       

5. Generate hardware configuration:

   nixos-generate-config --root /mnt
       

6. Clone this repository:

   cd /mnt/home
   git clone https://github.com/jblais493/nixos-config.git
       

7. Copy the generated hardware configuration:

   cp /mnt/etc/nixos/hardware-configuration.nix /mnt/home/nixos-config/hosts/YOUR_HOST/
       

8. Edit the host configuration to match your setup:

   # Edit hostname and any host-specific settings
   nano /mnt/home/nixos-config/hosts/YOUR_HOST/configuration.nix
       

9. Test the configuration:

   cd /mnt/home/nixos-config
   nix flake check
       

10. Install NixOS:

    nixos-install --flake .#YOUR_HOST
        

11. Reboot and enjoy your declarative system!

For automated server deployments, use nixos-anywhere.

Quick server setup:

# Install nixos-anywhere
nix run github:nix-community/nixos-anywhere -- \
  --flake .#YOUR_SERVER_HOST \
  root@your-server-ip

This directory contains all dotfiles for the programs and tooling I use. I previously used Stow to organize all these config files, but now use home-manager’s mkOutOfStoreSymlink to sym link and keep these files organized within this one config - simplification is beautiful. See the section on the home-manager module below.

❯ tree -d -L 2
├── btop
│   └── themes
├── doom
│   ├── lisp
│   ├── private
│   ├── snippets
│   └── themes
├── fastfetch
├── gowall
├── hypr
│   └── scripts
├── kitty
├── mpd
│   └── playlists
├── mpv
├── nvim
│   ├── lua
│   ├── scripts
│   └── snippets
├── starship
├── +STORE
│   └── dictionary
├── swaync
│   └── styles
├── tmux
│   └── plugins
├── tridactyl
├── waybar
│   ├── modules
│   └── scripts
├── wofi
├── yt-dlp
├── zathura
└── zsh

Using Nix-on-droid, you can create and manage a declarative termux environment

I use home-manager to manage all dotfiles that require customization. I don’t agree with rewriting my configs when you can just symlink them using mkOutOfStoreSymlink

Pulls in all modules for home-manager systems (desktops/workstations/laptops)

Adds in MkOutOfStore for immediate update when dotfiles are edited

Scripts to setup a new machine with directories in their correct locations.

Defines system theming for all applications

This configures extensions and settings in firefox

Basic development packages for ease of development and deployment.

Emacs configuration using DOOM emacs.

To setup doom emacs on any new machine:

git clone --depth 1 https://github.com/doomemacs/doomemacs ~/.emacs.d
~/.emacs.d/bin/doom install

# Get dotfiles into correct location
nixos-rebuild switch 

# run initial doom sync
doomsync

Imports all cli-tui utilities for daily drivers.

Tmux setup for servers/desktops

• tmux
• tmuxifier

ZSH setup. Used across all machines

• starship
• fzf
• fd
• ripgrep

I will keep the aliases in my .zshrc as it is portable across systems rather than nixifying the aliases etc.

• eza
• bat
• fd
• ripgrep-all
• zoxide
• fzf
• yazi
• tree
• zip
• unzip
• jq
• rsync
• coreutils

All git related configuration

• git
• tea
• lazygit

All git configuration is done here. No longer using .gitconfig

Neovim installed

• neovim

Networking related CLI/TUIs

Nix packages for quality of life and enhancing nixOS

Podman service - **not needed on most machines

GPG/age and password-store

system tooling

This declares all desktop modules for importing to desktop/laptops.

Hyprland setup

Kmonad setup for keyboard layout using Colemak DH and various enhancements.

Font setup, Alegreya for reading, Geist for monospace, montserrat for professional.

Piplewire, alsa, other minor audio tweaks

Bluetooth services for desktops

Setup printing availability for desktop machines.

Brave and Tor browsers.

Various desktop applications for comms, files, etc.

Login screen.

Dealing with automatic mounting of drives, creating new ISOs etc.

Setting nord theming and styles. Replace packages here for setting your own custom theme.

This sets up boot screens and adds logos with plymouth

Enables power settings and modules for laptops (we can pull this out in the future for a laptop profile)

Setting up email in mu4e in emacs, packages necessary:

Add OSRS Runelite

Defines all services running on our homelab

This will define secrets decryption for desktops

Secrets for user joshua

Secrets for homelab machine

We manage secrets with agenix.

The workflow for adding a secret is as follows:

1. Add secret to secrets.nix - specify which keys can decrypt it
2. Create the secret: agenix -e new-secret.age
3. Rekey existing secrets if you added new machines: agenix -r
4. Deploy: Your NixOS systems will automatically decrypt the secrets they have keys for

You can retrieve Machine SSH keys by running cat /etc/ssh/ssh_host_ed25519_key.pub in any Linux machine with ssh enabled.

Create an age key for each of your machines using:

age-keygen -o key.txt

and include the public key with the machine:

age-keygen -y key.txt

and add that machine to the group.

Also, add the public key to the .age-recipients file in the root directory.

I generally keep secrets at the machine level, the user “joshua” is my main user and thus has access to all keys.

Defines all machines as a flake, inputs etc. and where we deploy.