| status | created | updated | type | lifecycle |
|---|---|---|---|---|
active |
2025-12-18 |
2025-12-18 |
reference |
persistent |
This is a personal NixOS configuration. Security updates are applied via:
- NixOS unstable channel (rolling updates)
- Weekly
nix flake updatevia automated maintenance
| Component | Version | Supported |
|---|---|---|
| NixOS | 25.11 (unstable) | Yes |
| Flake inputs | Latest | Yes |
If you discover a security issue in this configuration:
- Do not open a public issue for security vulnerabilities
- Email the maintainer directly or use GitHub's private vulnerability reporting
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 1 week
- Fix (if applicable): Depends on severity
- NixOS system configuration (declarative, reproducible)
- Home Manager user configuration
- Fish shell aliases and abbreviations
- Development environment setup
- Secrets, passwords, or API keys
- SSH keys or certificates
- Personal data or credentials
- No hardcoded secrets - All sensitive data via environment variables or external secret managers
- Declarative configuration - Full system state tracked in git
- Reproducible builds - Nix ensures build reproducibility
- Minimal attack surface - Only necessary packages installed
- Regular updates - Automated weekly flake updates
Dependencies are managed through Nix flakes with locked versions in flake.lock. Security updates are applied via:
nix flake update # Updates all inputs
./rebuild-nixos # Applies changes with safety checks- GitHub Issues: For non-security bugs and feature requests
- Private: Use GitHub's security advisory feature for vulnerabilities