This repository contains NixOS and nix-darwin system configurations, using Home Manager as a module.
flake.nix: Entry point for all configurations.hosts/: Host-specific configurations (e.g.,psy-fw13/,psy-mac/).nixos/: Shared system-level modules (systemd, kernel, hardware).home-manager/: Shared user-level modules (shell, editors, GUI apps).modules/: Atomic configuration units.users/: User profiles.
packages/: Custom package definitions (e.g.,openagents-opencode).docs/: detailed documentation.
See ARCHITECTURE.md for details on the module system and
__cfg pattern.
To install a new system, use disko-install from the flake. Note: Disable
features like sops and secureboot (__cfg.secureboot.enable = false;)
initially, as they require keys generated after installation.
-
Generate hardware config:
nixos-generate-config --show-hardware-config --no-filesystems
-
Install from flake: Replace
<config>with the target host config (e.g.,qemu,psy-fw13) and<disk>with the target device.sudo nix --experimental-features 'nix-command flakes' run 'github:nix-community/disko/latest#disko-install' -- --write-efi-boot-entries --flake 'github:suicide/nixcfg#<config>' --disk main <disk>
To apply changes to your current system:
NixOS:
sudo nixos-rebuild switch --flake .#<hostname>macOS:
sudo darwin-rebuild switch --flake .#<hostname>To test config changes without persisting boot entries:
sudo nixos-rebuild test --flake .#<hostname>Secrets are managed via sops-nix. Place
your age key in ${HOME}/.config/sops/age/keys.txt.
Ensure __cfg.sops.enable = true; is set in your configuration.
Editing secrets:
nix run nixpkgs#sops -- home-manager/users/psy/secrets.yamlSee the Secure Boot Guide for detailed setup instructions using Lanzaboote.
Quick summary:
- Boot with Secure Boot disabled in firmware.
- Generate keys:
sudo sbctl create-keys - Enable in config:
__cfg.secureboot.enable = true; - Rebuild.
- Enroll keys and enable in firmware.
Export Subkeys from separate store:
gpg --homedir <pathToGpgStore> --pinentry-mode loopback --output <somePath> --export-secret-subkeys <keyID>Clean cache / nix-store:
nix-store --gcRun home-manager standalone (legacy):
nix run 'github:nix-community/home-manager' -- switch --flake .#psy@psy-fw13