This is a NixOS system configuration managed with Nix flakes. When working on this repository, you are helping maintain a declarative, reproducible system configuration that manages multiple hosts, packages, services, and development environments.
├── flake.nix # Main flake definition - START HERE
├── flake.lock # Lock file - DO NOT manually edit
├── common.nix # Shared configuration across all hosts
├── unfree.nix # Allowed unfree packages list
├── justfile # Command aliases - USE THESE COMMANDS
├── .sops.yaml # Secrets management configuration
├── hosts/ # Host-specific configurations
│ └── <hostname>/ # Individual machine configs
├── modules/ # Reusable NixOS modules
├── pkgs/ # Custom package definitions
└── overlays/ # Package modifications/overrides
├── broken.nix # Packages switched to stable/master
└── testing.nix # Temporary patches/testing overrides
# Check configuration validity
just check
# Format all Nix files
just format
# Build and switch system
just switch
# Update flake inputs
just update
# Show available commands
just --listIMPORTANT: Always use just commands instead of raw nix commands for consistency.
- Nix Flakes: Reproducible builds and dependency management
- NixOS Modules: Composable system configuration components
- sops-nix: Encrypted secrets management (keys in
.sops.yaml) - disko: Declarative disk management
- lanzaboote: Secure boot implementation
- Multiple Nixpkgs: unstable (default), stable (24.11, 25.05), master
- System packages: Add to host config or
common.nix - Custom packages: Define in
pkgs/directory - Unfree packages: Add to
unfree.nixfirst - Broken packages: Use
overlays/broken.nixto switch branches
- Create reusable modules in
modules/ - Import modules in host configs or
common.nix - Follow NixOS module conventions (options, config, etc.)
- Each host has its own directory in
hosts/<hostname>/ - Host configs import
common.nixfor shared settings - Hardware-specific settings go in host directories
- Edit configuration files
- Run
just checkto validate syntax - Run
just formatto format code - Test with
just buildbefore switching - Apply with
just switch
- Temporary fixes: Use
overlays/testing.nix - Broken packages: Use
overlays/broken.nixto switch to stable/master - Custom versions: Define in
pkgs/directory
- Secrets are encrypted with sops-nix
- Key management defined in
.sops.yaml - Never commit plaintext secrets
- Formatting: All Nix code must be formatted with
alejandra - Module structure: Follow NixOS module conventions
- Imports: Use relative paths for local modules
- Comments: Document complex configurations
- Naming: Use descriptive names for custom packages/modules
# In appropriate module or host config
services.myservice = {
enable = true;
# service-specific options
};# In pkgs/default.nix or pkgs/<package>/default.nix
{ stdenv, fetchFromGitHub, ... }:
stdenv.mkDerivation rec {
pname = "my-package";
version = "1.0.0";
# derivation definition
}# In modules/<module-name>.nix
{ config, lib, pkgs, ... }:
with lib;
{
options = {
# define options
};
config = mkIf config.<module-name>.enable {
# implementation
};
}- Check
just checkoutput for syntax errors - Use
nix flake showto see available outputs - Check
flake.lockfor input versions - Look in
overlays/broken.nixif packages are failing to build - Secrets issues: verify
.sops.yamlconfiguration
The flake provides pre-configured development environments accessible via:
nix develop .#<shell-name>- Never manually edit
flake.lock- usejust update - Always run
just formatbefore proposing changes - Test with
just checkbefore building - Use
justcommands instead of raw nix commands - Check
unfree.nixwhen adding proprietary packages - Respect the module system - don't put everything in one file
- Consider security - use sops-nix for sensitive data
- Run
just --listto see all available commands - Check
flake.nixfor available outputs and development shells - Look at existing host configs for patterns
- Review module examples in
modules/directory