A structured, traditional-channel NixOS config for one or more machines. No flakes required — easy to understand, easy to migrate to flakes later.
.nix-config/
├── flake.nix
├── flake.lock
├── hosts/
│ ├── desktop/
│ │ ├── configuration.nix ← machine entry point
│ │ └── hardware-configuration.nix ← auto-generated, machine-specific
│ └── notebook/ ← add later, same pattern
│ ├── configuration.nix
│ └── hardware-configuration.nix
│
├── modules/ ← shared, reusable config pieces
│ ├── user/ ← config pieces loaded by home-manager
│ │ ├── sublime.nix ← sublime4-text configuraiton
│ │ ├── trilium.nix ← trilium-desktop configuraiton
│ │ ├── zen.nix ← zen browser configuraiton
│ │ ├── zsh.nix ← zsh configuraiton
│ │ └── neovim.nix ← neovim configuraiton
│ ├── apps.nix ← applications (GUI machines only)
│ ├── base.nix ← locale, fonts, nix settings (ALL machines)
│ ├── desktop-kde.nix ← KDE Plasma 6 + SDDM (GUI machines only)
│ ├── git.nix ← git + GitHub CLI
│ ├── kde.nix ← kde configuration user specific
│ ├── shell.nix ← zsh system-level + env vars
│ ├── apps.nix ← thunderbird configuration
│ └── wireguard.nix ← wireguard configuration
│
├── home/
│ └── default.nix ← home-manager: dotfiles, per-user config
│
└── assets/
└── wallpaper/ ← wallpapers
└── forest.jpg
Download the ISO from https://nixos.org/download and boot it.
# Example for a single-disk UEFI system (adjust device names!):
sudo fdisk /dev/sda # or gdisk for GPT
# Create: 1 GiB EFI partition (type EFI), rest Linux filesystem
sudo mkfs.fat -F 32 /dev/sda1
sudo mkfs.ext4 /dev/sda2 # or btrfs — see note below
sudo mount /dev/sda2 /mnt
sudo mkdir -p /mnt/boot
sudo mount /dev/sda1 /mnt/bootBtrfs tip: If you want snapshots (great with NixOS), format with
mkfs.btrfsand create subvolumes@and@home. Many guides online.
sudo nixos-generate-config --root /mntThis creates /mnt/etc/nixos/hardware-configuration.nix and a stub
configuration.nix. Keep the hardware file, discard the stub.
sudo nix-shell -p git git-crypt gnupg
git clone <your-repo-url> /mnt/etc/nixos/nixTo decrypt the encrypted files the GPG key has to be imported
# Import the key
gpg --import /path/to/gpg-private.asc
# In the GPG prompt, trust the key
gpg> trust
# Choose 5 (ultimate trust)
gpg> quit
# Securely delete the key file
shred -u /path/to/gpg-private.ascUnlock the cloned git repo
# Unlock
git-crypt unlock
# When prompted enter the password for the GPG keycp /mnt/etc/nixos/hardware-configuration.nix \
/mnt/etc/nixos/nix/hosts/desktop/# NixOS (should already be set if using the installer):
sudo nix-channel --add https://nixos.org/channels/nixos-25.11 nixos
sudo nix-channel --update
# home-manager (must match NixOS release):
sudo nix-channel --add https://github.com/nix-community/home-manager/archive/release-25.11.tar.gz home-manager
sudo nix-channel --updatesudo ln -sf /etc/nixos/nix/hosts/desktop/configuration.nix /etc/nixos/configuration.nixBefore rebuilding, open the files and change:
| File | What to change |
|---|---|
hosts/desktop/configuration.nix |
hostname, GPU section, username |
home/default.nix |
username |
sudo nixos-install
sudo rebootWhen changing or adding files, check if they are commited encrypted
# Check the status of the files
git-crypt status
# If some files that should get encrypted are not show as that force the encryption
git-crypt status -f
# Add new or changed files
git add <changes-done>
# Commit change
git commit -m "Message"
# Push
git push origin main