personal nixos flake. three hosts: kuraokami (desktop), nidhoggr (thinkpad t480), homeserver (headless).
| host | type | notes |
|---|---|---|
kuraokami |
desktop | amd gpu, lact, performance governor, openrazer |
nidhoggr |
laptop (t480) | libreboot + grub, luks, tlp, intel pstate, neovim for studying, psd |
homeserver |
headless | navidrome, searxng, cloudflared, vaultwarden |
- wm — sway + waybar + mako
- shell — zsh + alacritty
- audio — pipewire + jack, low-latency tuned
- scheduler — scx_lavd + ananicy-cachyos
- vpn — mullvad (only)
- secrets — agenix →
/etc/age/key.txt - editor — nixvim via home-manager
flake.nix inputs, nixosConfigurations
hosts/ per-host entrypoints, hardware, disko
modules/
shared/ sway-base, host-base, home-base (shared across hosts)
system/ boot, hardware, network, desktop, services
home/ waybar, sway, zsh, programs, dev
laptop/ tlp, power, keyboard, swayidle, waybar
server/ homeserver services and secrets
secrets/ *.age ciphertext + secrets.nix key map
scripts/install.sh disko-based fresh install
# rebuild
sudo nixos-rebuild switch --flake ~/nix-config/#kuraokami
# or with trace
sudo nixos-rebuild switch --flake ~/nix-config/#kuraokami --show-trace
# update inputs
nix flake update ~/nix-config
# rebuild + commit + push (zsh function)
nix-commit| where | file |
|---|---|
| system | modules/system/core/packages.nix |
| desktop apps | modules/home/desktop/packages.nix |
| user programs | modules/home/programs/packages.nix |
| dev tools | modules/home/dev/packages.nix |
| unstable | pkgs.unstable.<name> |
secrets/secrets.nix maps age keys to encrypted files. identity at /etc/age/key.txt. never commit plaintext.
see modules/system/secrets.nix and modules/server/secrets.nix.
# from nixos live iso
sudo ./scripts/install.shwipes /dev/nvme0n1 by default. review hosts/<host>/disko.nix first. paste age key when prompted.