Personal NixOS flake configuration for a security workstation with impermanence, Secure Boot, and full disk encryption.
- Impermanence: Root filesystem wiped on boot via BTRFS snapshots
- Secure Boot: Lanzaboote for UEFI Secure Boot
- Full Disk Encryption: LUKS + LVM
- Secrets Management: SOPS-nix with age encryption
- Desktop: Hyprland (Wayland) with Stylix theming (Tokyo Night)
- Security Tools: Wireshark, Burp Suite, Caido, Nmap, forensics tools
- Editors: Neovim/LazyVim, Emacs/Doom, Helix, VSCode
# Clone repository
git clone https://github.com/yourusername/dotfiles.git ~/workspace/dotfiles
cd ~/workspace/dotfiles
# Customize userConfig in flake.nix (username, email, theme)
# Set up SOPS age key and secrets (see CLAUDE.md for details)
# Update hardware-configuration.nix for your system
# Build and activate
sudo nixos-rebuild switch --flake .#bamboo# Rebuild system
sudo nixos-rebuild switch --flake .#bamboo
# Update all dependencies
nix flake update
# Update specific input
nix flake lock --update-input nixpkgs
# Check configuration
nix flake checkUses Colemak-DH movement keys:
SUPER + Return- Terminal (Alacritty)SUPER + D- App launcher (Walker)SUPER + B- Browser (Firefox)SUPER + Q- Close windowSUPER + M/N/E/I- Move focus left/down/up/rightSUPER + L- Lock screen
Full keybindings in home/default.nix:313-385.
- CLAUDE.md - Comprehensive architecture and development guide
- NixOS Manual - https://nixos.org/manual/nixos/stable/
- Home Manager - https://nix-community.github.io/home-manager/
- Impermanence - https://github.com/nix-community/impermanence
- SOPS-nix - https://github.com/Mic92/sops-nix
- Hyprland - https://wiki.hyprland.org/
flake.nix # Main configuration entry point
system.nix # Core system (boot, users, networking)
persistence.nix # Impermanence declarations
password-manager.nix # Password manager module
home/default.nix # User environment & packages
Personal configuration - use at your own risk.