|
|
||
|---|---|---|
| .forgejo/workflows | ||
| apps | ||
| configurations | ||
| devShells | ||
| homeManagerModules | ||
| inputs | ||
| lib | ||
| modules | ||
| nixFastChecks | ||
| overlays | ||
| packages | ||
| results | ||
| scopedPackages | ||
| .gitattributes | ||
| .gitignore | ||
| _outputs.nix | ||
| flake.lock | ||
| flake.nix | ||
| justfile | ||
| LICENSE.md | ||
| README.md | ||
My NixOS configs
AGS
You might find it weird that most of my config is written in TypeScript. That's because all my desktops run AGS for UI. Click on this to see my configuration.
I'm also a victim of Stockholm syndrome at this point and make my scripts in TypeScript because it's the scripting language I am most comfortable with.
About
General
This repo is the complete configuration of machines I own running NixOS or Nix and any other related smaller projects exposed by a Nix Flake.
Its main directory structure is based on a flake's outputs.
I try to follow a few rules to better organise my Nix code:
- Every main subdirectory only has an optional
default.nixand subfolders for each of its attributes. - Inside a subdirectory, if there is non nix code, it will be in a
configfolder. - Every module should not do anything if imported. An enable option should be toggled for it to have any effect.
- Any nix file that represents a module should be named
default.nix(a nix file which is imported directly can be called anything else alongsidedefault.nix)
Flake Location
This git repo will always be located at $FLAKE (config.environment.variables.FLAKE)
and symlinked to /etc/nixos to have everything where NixOS tools
expect things to be.
ie.
sudo rm -r /etc/nixos
echo "$FLAKE" # /home/matt/.nix
sudo ln -sf /home/matt/.nix /etc/nixos
Subdirectories
| Output / Directory | Description |
|---|---|
apps |
Misc scripts ran from the flake |
configurations |
device, ISO and nix-on-droid configurations |
devShells |
Development shells for a bunch of projects and languages |
homeManagerModules |
Modules made for home-manager |
inputs |
Pre-evaluated flake inputs |
lib |
Custom Nix functions made easily available |
modules |
Modules made for NixOS systems |
nixFastChecks |
Attribute set of derivations exposed by this flake |
overlays |
Nixpkgs overlays |
packages |
Some custom packages not available in nixpkgs or modified from it |
results |
Directory where I neatly keep my result symlinks from nixFastChecks |
scopedPackages |
Some custom package scopes not available in nixpkgs or modified from it |
Secrets
All my secrets are in a private git repo that makes use of
sops-nix.
I generate .sops.yaml from .sops.nix:
let
wim = "somekey";
binto = "somekey2";
in {
creation_rules = [
{
path_regex = "secrets/[^/]+\\.(yaml|json|env|ini)$";
key_groups = [
{
age = [wim binto];
}
];
}
];
}
which is then converted to .sops.yaml using
remarshal
and this shell command:
nix eval --json --file ./.sops.nix | remarshal --if json --of yaml > .sops.yaml
TLDR: I hate YAML