Configuration files for NixOS + Home Manager.
jasmine
85dc419349
Restructures SSH trust relationships from global to host-specific configuration for better locality of concern and principle of least privilege. Changes: - Collapse nixos/common/global/ssh/ back to ssh.nix (single-file module) - Move internal host trust (fuchsia/viridian) to per-host services/ssh/ - Split BorgBase known hosts by repository (li9kg944 for fuchsia, r7ag7x1w for viridian) - Add viridian SSH server config to accept backup connections from fuchsia - Add fuchsia borgbackup passphrase for offsite backups - Configure viridian to create /srv/borg-repo/fuchsia for remote backups This enables the 3-2-1 backup strategy with fuchsia backing up to both viridian (onsite) and BorgBase (offsite) with proper SSH authentication. |
||
|---|---|---|
| assets | ||
| home-manager/sajenim | ||
| modules | ||
| nixos | ||
| overlays | ||
| pkgs | ||
| .envrc | ||
| .gitignore | ||
| .mcp.json | ||
| CLAUDE.md | ||
| flake.lock | ||
| flake.nix | ||
| justfile | ||
| LICENSE | ||
| README.md | ||
| shell.nix | ||
NixOS & Home-Manager Configuration
My NixOS and Home-Manager config files. Based upon Misterio77's starter configs.
This repo is often neglected and doesn't necesarrily follow best practices.
I recommend only using this repo for inspiration and instead use this boilerplate
Preview
Features
- Opt-in persistance with ephermeral btrfs.
- Secrets managed with agenix and rekeyed with yubikey.
- Standalone nixvim configuration for neovim.
- Custom haskell packages for xmonad & xmobar.
- Declarative minecraft server with nix-minecraft.
- Borgbackup of mutable service/container data.
- Media server with typical *arr stack.
- FQDN with private DNS for all internal services.
- Crowdsecurity for all public services.
Installation
# Prepare disks, create an EFI System partition and Linux Filesystem partition
fdisk /dev/nvme0n1
# Create our filesystems
mkfs.fat -F32 -n ESP /dev/nvme0n1p1
mkfs.btrfs -L ${hostname} /dev/nvme0n1p2
# Create our subvolumes
mount /dev/nvme0n1p2 /mnt/btrfs
btrfs subvolume create /mnt/btrfs/{root,nix,persist,swap}
umount /mnt/btrfs
# Prepare for installation
mount -o compress=zstd,subvol={root,nix,persist,swap} /dev/nvme0n1p2 /mnt/{nix,persist,swap}
mount /dev/nvme0n1p1 /mnt/boot
# Clone the configuration files and enter repo
git clone https://github.com/sajenim/dotfiles.nix.git && cd dotfiles.nix
# Install our system configuration
nixos-install --flake .#hostname
FAQ
- What is nix?
Nix is a tool that takes a unique approach to package management and system configuration. - Nix benefits
Nix is reproducible, declarative and reliable. - Why flakes?
Flakes allow you to specify your code's dependencies (e.g. remote Git repositories) in a declarative way, simply by listing them inside a flake.nix file.