My NixOS configuration

dotfiles nix-dotfiles nix-flake nixos-configuration

Find a file

Felix Schröter 3e52c2b922 fix(vpn): disable IPv6 for nginx Tailscale Mullvad exit nodes currently don't support IPv6 and this is causing issues with nginx (proxy pass) requests timing out and high CPU load. Until Mullvad exit nodes support IPv6, we'll just disable IPv6 for nginx.		2025-02-14 00:21:30 +01:00
.forgejo/workflows	build(forgejo-ci): disable home-pc build for now	2025-01-19 17:25:53 +01:00
desktop	chore: upgrade to NixOS 24.11	2024-12-08 16:09:48 +01:00
hardware	style: reformat with nixfmt-rfc-style	2024-05-26 17:37:08 +02:00
home	feat(mullvad-browser): configure search engines	2025-02-13 23:41:16 +01:00
hosts	feat(home-server): remove boards.felschr.com	2025-02-13 23:24:59 +01:00
lib	style: reformat with nixfmt-rfc-style	2024-05-26 17:37:08 +02:00
modules	style: reformat with nixfmt-rfc-style	2024-05-26 17:37:08 +02:00
pkgs	style: reformat with nixfmt-rfc-style	2024-05-26 17:37:08 +02:00
scripts	feat(scripts): add script for Tailscale Lock signing of Mullvad nodes	2025-02-14 00:16:19 +01:00
secrets	chore(secrets): delete unused forgejo runner token	2025-02-13 23:23:16 +01:00
services	feat(restic): extend ignore patterns	2025-02-13 23:33:31 +01:00
system	fix(vpn): disable IPv6 for nginx	2025-02-14 00:21:30 +01:00
templates	style: reformat with nixfmt-rfc-style	2024-05-26 17:37:08 +02:00
virtualisation	chore: upgrade to NixOS 24.11	2024-12-08 16:09:48 +01:00
.editorconfig	style: add .editorconfig	2020-03-21 16:54:32 +01:00
.env.example	chore: add restic variables to .env.example	2022-05-12 11:45:10 +02:00
.envrc	chore: add restic secrets to .env	2022-05-09 12:26:12 +02:00
.gitignore	chore: extend .gitignore	2022-08-08 23:00:01 +02:00
flake.lock	chore(flake): update inputs	2025-02-13 23:59:00 +01:00
flake.nix	chore: upgrade to NixOS 24.11	2024-12-08 16:09:48 +01:00
LICENSE	add LICENSE	2020-07-03 08:48:51 +00:00
overlays.nix	chore(flake): remove usage of flakehub again	2024-05-26 12:10:20 +02:00
README.md	docs(README): add agenix instructions	2022-10-04 11:10:43 +02:00

README.md

felschr's NixOS configuration

Installation

Clone the configuration into /etc/nixos.

On a new machine run:

scripts/setup-partitions

Then move the resulting /mnt/etc/nixos/hardware-configuration.nix to ./hardware/<config>.nix. Update the configuration according to the script output, if necessary. Btrfs mount options likely need to be added, for example. Copy the configuration from /etc/nixos to /mnt/etc/nixos.

Reference this hardware config in a nixosConfigurations.<config> section in flake.nix.

Now set up a device key that will be used by agenix. Create a new key and re-encrypt the secrets on an existing device & pull the changes.
To create a new key run:

mkdir -p /mnt/etc/secrets/initrd
ssh-keygen -t ed25519 -N "" -f /mnt/etc/secrets/initrd/ssh_host_ed25519_key

You will likely need to temporarily set age.identityPaths for the installation to succeed:

age.identityPaths = "/etc/secrets/initrd/ssh_host_ed25519_key";

To install run the following command where <config> matches outputs.nixosConfigurations.<config> in flake.nix:

nixos-install --flake '/mnt/etc/nixos#<config>'

After the installation finished, set a password for the user:

passwd <user>

Updating

Update all flake inputs:

nix flake update

Update a specific flake input:

nix flake lock --update-input <input>

Rebuilding the system

Rebuild the system:

sudo nixos-rebuild switch

Rebuild the system for a remote machine:

sudo nixos-rebuild switch --flake '/etc/nixos#<config>' --target-host user@hostname --use-remote-sudo