Personal NixOS and Home Manager configuration with support for multiple machines and private secrets management.
This is a flake-based NixOS configuration repository that manages both system-level (NixOS) and user-level (Home Manager) configurations. It supports multiple machines and includes custom modules, packages, and overlays.
-
Flake-based configuration - Modern Nix flakes for reproducible builds
-
Multi-machine support - Separate configurations for
hyperion(server) andtitan(workstation) -
Home Manager integration - User environment management across NixOS and non-NixOS systems
-
Secrets management - Uses SOPS-nix for encrypted secrets
-
Custom packages - Custom derivations in
pkgs/directory -
Modular architecture - Reusable NixOS and Home Manager modules
-
Binary caches - Pre-configured Cachix caches for faster builds
-
Multiple desktop environments - Support for GNOME, KDE, i3/Xfce
. ├── flake.nix # Main flake configuration ├── flake.lock # Lock file for flake inputs ├── nixos/ # NixOS system configurations │ ├── common.nix # Common NixOS settings │ ├── hyperion/ # Server configuration │ └── titan/ # Workstation configuration ├── home-manager/ # Home Manager configurations │ └── sylvain/ # User configurations │ └── x86_64-linux/ # Per-host user configs ├── modules/ # Custom modules │ ├── nixos/ # NixOS modules (boot, cloud, docker, etc.) │ └── home-manager/ # Home Manager modules (dev tools, shell, etc.) ├── pkgs/ # Custom package derivations ├── overlays/ # Nixpkgs overlays ├── lib/ # Helper functions for flake ├── templates/ # Nix templates (devshell, etc.) ├── shell.nix # Development shell └── nixpkgs.nix # Nixpkgs configuration
-
NixOS installed or Nix package manager on another Linux distribution
-
Git installed
-
(Optional) GitHub Personal Access Token for private repository access
# Enter a shell with git available
nix-shell -p git
# Clone the repository
git clone https://github.com/scarisey/nixos-dotfiles.git
cd nixos-dotfiles
# Activate flakes feature
nix-shell
# Enable trusted users for binary caches (replace 'sylvain' with your username)
echo "trusted-users = root sylvain" | sudo tee -a /etc/nix/nix.conf && sudo pkill nix-daemon
# Build and activate NixOS configuration (replace 'hostname' with your machine name)
sudo nixos-rebuild switch --flake .#hostname
# Build and activate Home Manager configuration
nix run . -- switch --flake .
# OR if home-manager is already in PATH:
home-manager switch --flake .For Home Manager on other Linux distributions:
# Clone and enter the repository
git clone https://github.com/scarisey/nixos-dotfiles.git
cd nixos-dotfiles
nix-shell
# Build Home Manager configuration
home-manager switch --flake .To set zsh as the default shell:
echo "$HOME/.nix-profile/bin/zsh" | sudo tee -a /etc/shells
chsh -s "$HOME/.nix-profile/bin/zsh"# Fork on GitHub, then clone your fork
git clone https://github.com/YOURUSERNAME/nixos-dotfiles.git
cd nixos-dotfilesEdit flake.nix and update:
-
Private repositories: Change
private-vaultandprivate-modulesURLs to your own (or remove them) - check this repository as an example. -
Cachix caches: Update or remove the
scarisey-public.cachix.orgcache
Edit nixos/common.nix:
-
Username: Replace
sylvainwith your username (lines 26, 42) -
Timezone: Update
time.timeZone(line 30) -
Locale: Update
i18n.defaultLocale(line 33) -
Keyboard layout: Update
console.keyMap(line 35) -
SSH keys: Replace with your own SSH public keys (lines 47-50)
Edit home-manager/sylvain/common.nix:
-
Username and home directory: Update to match your system (lines 25-26)
# Create a new host configuration directory
mkdir -p nixos/mymachine
# Generate hardware configuration
sudo nixos-generate-config --show-hardware-config > nixos/mymachine/hardware.nix
# Create configuration.nix
cat > nixos/mymachine/configuration.nix << 'EOF'
{ config, pkgs, ... }:
{
imports = [
../common.nix
./hardware.nix
];
networking.hostName = "mymachine";
# Add machine-specific configuration here
system.stateVersion = "25.05";
}
EOFThe repository uses a specific structure: home-manager/USERNAME/SYSTEM/HOSTNAME/home.nix
# Create your user's home configuration
mkdir -p home-manager/youruser/x86_64-linux/mymachine
cat > home-manager/youruser/x86_64-linux/mymachine/home.nix << 'EOF'
{ config, pkgs, ... }:
{
imports = [
../../common.nix
];
# Machine-specific home configuration
home.stateVersion = "23.05";
}
EOF
# Create common.nix for your user
cat > home-manager/youruser/common.nix << 'EOF'
{ outputs, inputs, config, ... }:
{
imports = builtins.attrValues outputs.homeManagerModules
++ [ inputs.sops-nix.homeManagerModules.sops ];
nixpkgs.config = {
allowUnfree = true;
allowUnfreePredicate = _: true;
};
programs.home-manager.enable = true;
home.username = "youruser";
home.homeDirectory = "/home/youruser";
systemd.user.startServices = "sd-switch";
home.stateVersion = "23.05";
}
EOFIf you don’t have private repositories, remove these imports from flake.nix:
# Remove from inputs:
private-vault = { ... };
private-modules = { ... };And remove references in:
-
nixos/common.nix: Removeinputs.private-modules.nixosModules.privateModules -
home-manager/sylvain/common.nix: Remove SOPS secrets configuration or adapt to your needs
This configuration uses SOPS with age for managing secrets.
mkdir -p ~/.config/sops/age
age-keygen -o ~/.config/sops/age/keys.txtKeep your public key (starts with age1…) for the next step.
You can follow some of the steps below, or take inspiration from this repository as an example.
# Create a new private repository on GitHub
# Clone it locally
git clone https://github.com/YOURUSERNAME/vault.git
cd vault
# Create .sops.yaml configuration
cat > .sops.yaml << 'EOF'
keys:
- &user1 age1your_public_key_here
creation_rules:
- path_regex: secrets.yaml$
key_groups:
- age:
- *user1
EOF
# Create secrets file
sops secrets.yamlIn flake.nix, change:
private-vault = {
url = "github:YOURUSERNAME/vault";
};Current configurations:
-
hyperion: Home server with Docker, Immich, Audiobookshelf, Samba, VPN server, etc.
-
titan: Desktop workstation with KDE/GNOME/i3
-
bootanimation.nix- Plymouth boot animation -
cloud.nix- Cloud provider settings -
distrobox.nix- Distrobox container support -
docker.nix- Docker and container runtime -
gnome.nix- GNOME desktop environment -
i3.nix- i3 window manager -
kde.nix- KDE Plasma desktop -
network.nix- Network configuration -
qemu.nix- QEMU/KVM virtualization -
vpn.nix- VPN client configuration
-
android.nix- Android development tools -
autoUpdate.nix- Auto-update configuration -
devtools.nix- Development tools and IDEs -
ghostty/- Ghostty terminal configuration -
git/- Git configuration -
gnome.nix- GNOME user settings -
gui.nix- GUI applications -
i3Xfce/- i3 + Xfce configuration -
kde/- KDE user settings -
myshell.nix- Shell environment (zsh, starship) -
nvim/- Neovim configuration -
quickemu.nix- Quick VM management -
restic.nix- Restic backup configuration -
ssh/- SSH configuration -
tmux/- Tmux configuration -
vim/- Vim configuration
Custom packages are defined in pkgs/:
-
adoc- AsciiDoc tools -
antora- Documentation site generator -
glab-tools- GitLab CLI tools -
graalvm-21- GraalVM JDK -
msgconvert- Email converter -
And more…
The repository includes templates for common use cases:
-
devshell- Development shell for running non-Nix software
Use with:
nix flake init -t github:scarisey/nixos-dotfiles#devshellPre-configured binary caches for faster builds:
-
ghostty.cachix.org- Ghostty terminal builds -
nix-community.cachix.org- Community packages -
scarisey-public.cachix.org- Custom packages
These are automatically configured when you use this flake.
# Update all inputs
nix flake update
# Update specific input
nix flake lock --update-input nixpkgs
# Rebuild after update
sudo nixos-rebuild switch --flake .#hostname
home-manager switch --flake .If you see errors about private-vault or private-modules, you need to either:
-
Create your own private repositories and update the URLs in
flake.nix -
Remove the private inputs and all references to them
Ensure:
-
Age key exists at
~/.config/sops/age/keys.txt -
Your public key is added to
.sops.yamlin the vault repository -
Secrets file has been updated with
sops updatekeys secrets.yaml
This is a personal dotfiles repository, but feel free to:
-
Open issues for questions
-
Submit PRs for bug fixes
-
Fork and adapt for your own use