mrnossiom's NixOS, Home Manager, and servers configuration

Structure

• apps: scripts serving dotfiles purposes
• assets: media or files that don't fit in Nix files
• home-manager: Home Manager specific
  • fragments: Home Manager configuration fragments
  • profiles: base Home Manager configurations to build upon (e.g. desktop, minimal)
  • options.nix: Home Manager configuration options and flags
• hosts: per-server configuration because a profile makes no sense
• lib: additional custom lib and flake helpers
• modules: modules that fill a missing feature of NixOS or Home Manager
• nixos: NixOS related config
  • hardware/<hostname>.nix: device-specific settings like settings generated by nixos-generate-config
  • layout/<layout>.nix: Disko disk layouts used by managedDiskLayout (e.g luks-btrfs)
  • fragments: opinionated NixOS configuration fragments
  • profiles/<profile>.nix: base system configurations to build upon (e.g. laptop, installer)
  • options.nix: configuration options and flags
• overlays: just plain Nix overlays
• pkgs: Custom packages either not eligible or missing from repositories
• secrets: agenix encrypted secrets and ssh keys
• templates: quickstart files for different languages
• globals.nix: global values shared throughout the config (e.g. domains)

NixOS options

{
	local.ports."<name>" = 4242; # Shorthand
	local.ports."<name>" = {
		number = 4242;
		string = "4242"; # Read-only
		public = true; # Opens firewall depending on tcp/udp value
		tcp = true;
		udp = false;
	};
}

Home Manager options

{
	local.flags = {
		onlyCached = true; # dictate if you prefer to use cached pkgs
	};

	local.fragment."<name>".enable = true; # dictate whether to enable a fragment
}

Quick snippets and guides for myself

Add a new module

• Copy template and replace <name> with module name

   {
   	config,
   	lib,
   	...
   }:
  
   let
   	cfg = config.local.fragment.<name>;
   in
   {
     options.local.fragment."<name>".enable = lib.mkEnableOption ''
       <name> related
  
       Depends on:
   		- [<Condition>] <dependency>: <reason>
   		- ...
     '';
  
     config = lib.mkIf cfg.enable {
   		assertions = [
   			{
   				assertion = config."<dependency>".enable;
   				message = "<name> module depends on <dependency>";
   			}
   		];
  
   		# put the rest of the config here
   	};
   }

• Add the newly created file to Git.

• Add the new module to the import list in <type>/fragments/default.nix.

• Activate the module in the wanted profile.

Bootstrap lightweight home-manager config

nix run nixpkgs#home-manager -- switch --flake .#lightweight

Add a new device

• Rekey secrets with device root ssh key, and create a session age key.

Make a backup

Pull up your favorite ArchaicBackup disc

• Set environment variables

  RESTIC_REPOSITORY: /run/media/user/discname/ RESTIC_PASSWORD_FILE: ?

• Initialize repository

   restic init --repo /srv/restic-repo

Deploy server

nixos-anywhere --flake .#weird-row-server user@ip

nixos-rebuild switch \
	--flake .#weird-row-server \
	--target-host 2a01:4f8:c2c:76d2::1 \
	--use-remote-sudo

LUKS reminders

• Backup and Restore LUKS header

Secure boot

• Lanzaboote
• SystemD cryptenroll

---

Milo Moisson © 2023-2026