Мои NixOS-конфигурации: HomeLab & Personal Devices. Host-based конфигурация с использованием флейков и Sops-секретов.

nix

Nix 100%

Find a file

Kirill Samoylenkov 2830e60180 update: update development configs		2026-06-13 03:00:36 +05:00
hosts	update: update development configs	2026-06-13 03:00:36 +05:00
lib	Update project arch for hosts book and common	2026-01-26 00:24:33 +05:00
nix-secrets@a83ee336d4	update sops	2026-06-13 02:59:53 +05:00
overlays	Update config	2026-03-21 22:08:02 +05:00
.gitignore	Update .gitignore	2026-03-14 19:46:44 +05:00
.gitmodules	Add nix-secrets	2026-03-21 23:06:57 +05:00
.pre-commit-config.yaml	add: add pre-commit config	2026-05-23 23:41:57 +05:00
.sops.yaml	Initial Commit	2026-01-25 23:39:15 +05:00
flake.lock	update: update flake lock	2026-05-29 14:19:48 +05:00
flake.nix	update: migrate to niri-flake config	2026-05-10 18:52:02 +05:00
LICENSE	Add LICENSE	2026-01-28 03:47:48 +05:00
README.md	docs: format README.md	2026-05-20 21:04:39 +05:00
taplo.toml	Initial Commit	2026-01-25 23:39:15 +05:00
treefmt.toml	Initial Commit	2026-01-25 23:39:15 +05:00

README.md

NixOS Configurations

Host-based NixOS configuration for homelab and personal devices using flakes, home-manager, and sops-nix.

Hosts

fisher - Homelab server (x86_64-linux, user: guppy). Runs Nextcloud, Vaultwarden, Forgejo (with runner), Matrix, Minecraft, FreshRSS, nginx, PostgreSQL, Docker, Prometheus + Grafana.
book - Personal laptop (x86_64-linux, user: geekiot). Desktop environment with Niri compositor, Helix/Zed/VSCodium, Librewolf, Kitty, and gaming tools.

Structure

.
├── flake.nix                  # Flake entry point, host definitions
├── .sops.yaml                 # sops-nix age key configuration
├── nix-secrets/               # sops-secrets for hosts (used by custom zsh-command)
├── lib/
│   ├── make_system.nix        # System builder (NixOS + home-manager + sops)
│   └── utils/                 # Utility functions (scan_paths, etc.)
├── overlays/                  # Shared package overlays
└── hosts/
    ├── common/                # Shared configs across all hosts
    │   ├── nixos/             #   Common system modules
    │   ├── home/              #   Common home-manager modules (git, ssh, zsh, etc.)
    │   ├── data/              #   Common data (paths, defaults)
    │   └── secrets/           #   Shared encrypted secrets
    ├── book/                  # Laptop configuration
    │   ├── nixos/             #   System: core, hardware, networking, wm
    │   ├── home/              #   User: editors, browser, terminal, games
    │   ├── data/              #   Host-specific data
    │   ├─── pkgs/             #   Custom packages
    │   └── secrets/           #   Encrypted secrets
    └── fisher/                # Homelab configuration
        ├── nixos/             #   System: core, hardware, networking, services, homelab apps
        ├── home/              #   User config
        ├── data/              #   Host-specific data
        ├── pkgs/              #   Custom packages
        └── secrets/           #   Encrypted secrets

Quick Start

Prerequisites

NixOS with flakes enabled (nix.settings.experimental-features = [ "flakes" "nix-command" ])
Age key for sops-nix decryption
Your own sops-secrets dir nix-secrets/

Deployment

# Build and switch to a host configuration
sudo nixos-rebuild switch --flake .#fisher
sudo nixos-rebuild switch --flake .#book

# Or use my own zsh-command (if you've already installed the system & configure nix-secrets dir)
update

update remote fisher

Secrets

Secrets are encrypted with sops-nix using age keys.

# Edit secrets for a specific host
sops hosts/fisher/secrets/sops.yaml
sops hosts/book/secrets/sops.yaml

# Re-key after adding new keys
sops updatekeys hosts/fisher/secrets/sops.yaml

Each host has its own age key defined in .sops.yaml. Place the corresponding private key at the path specified in the host's data config.

Or place them in the nix-secrets directory to hide them in a Git submodule, as I have done. Then use the update zsh-command to update them.