This repository contains the configuration and dotfiles for my continuously evolving multi-PC setup (using Nix). All the devices I own, controlled by code. It also builds and deploys my website to maydayv7.tk. You can follow along with my NixOS Desktop Series
Features
- Self-Contained
- Device-Agnostic
- Convenient and Automated
- Hermetically Reproducible
- Declarative and Derivational
- Atomic, Generational and Immutable
- Configures Multiple Users and Devices
Notable Features
- Multiple Shell Configurations
- Support for Multiple Desktop Environments
- Cutting Edge Software - PipeWire, Wayland, ...and many more!
- Interactive
replto explore Syntax and Configuration - Automatically Builds and Deploys my Website
- Authentication Credentials Management using the
sopsModule andgnupgKeys - Comprehensive User Configuration using the tightly integrated
home-managerModule, with Support for Configuring Shared User Configuration, Global Conditionals and User-Specific Configuration - Support for Multiple Programming Language Development
shellsintegrated withdirenvandlorri - Ephemeral, Opt-In File System State using the
impermanenceModule and ZFS - Auto-Magic using
flake-utils-plusHelper Functions - Automatic
packagesUpdates usingupdate.sh - Install Media and Device Images using
nixos-generatorsImage Generation Modules - Automatic Deployment using the
deploy-rsTool - Advanced Configuration Checks using
pre-commit-hooks.nix - Support for
sourceFilters withnix-filterandgitignore.nix - Wrapped
wineApplications using Emmanuel's Wrapper - Declaratively Configured Windows VM using the WFVM Module
Programs
| Type | Programs |
|---|---|
| Editors | gEdit, nano, VS Code |
| Shells | bash, zsh |
| Terminal | GNOME Terminal, xfce4 Terminal |
| Browser | Firefox |
| Desktop Environments | GNOME, XFCE |
Structure
Overview of File Hierarchy
Outputs
$ nix flake show
github:maydayv7/dotfiles
├───apps
│ └───x86_64-linux
│ └───nixos: app
├───channels: package repositories
├───checks
│ └───x86_64-linux
│ ├───Device-gnome: derivation 'nixos-rebuild'
│ ├───Device-xfce: derivation 'nixos-rebuild'
│ ├───activate: derivation 'deploy-rs-check-activate'
│ ├───commit: derivation 'pre-commit-run'
│ └───schema: derivation 'jsonschema-deploy-system'
├───defaultApp
│ └───x86_64-linux: app
├───defaultPackage
│ └───x86_64-linux: package 'Dotfiles-v7.0'
├───defaultTemplate: template: Simple, Minimal NixOS Configuration
├───deploy: automatc deployments
├───devShell
│ └───x86_64-linux: development environment 'devShell'
├───devShells
│ └───x86_64-linux
│ ├───cc: development environment 'C'
│ ├───commit: development environment 'nix-shell'
│ ├───go: development environment 'Go'
│ ├───java: development environment 'Java'
│ ├───lisp: development environment 'Lisp'
│ ├───lua: development environment 'Lua'
│ ├───python: development environment 'Python'
│ ├───rust: development environment 'Rust'
│ └───video: development environment 'Video'
├───files: 'dotfiles' and program configuration
├───installMedia: device install media
├───legacyPackages
│ └───x86_64-linux: omitted (use '--legacy' to show)
├───lib: utility library functions
├───nixosConfigurations
│ ├───Futura: NixOS configuration
│ └───Vortex: NixOS configuration
├───nixosModule: NixOS module
├───nixosModules
│ ├───apps: NixOS module
│ ├───base: NixOS module
│ ├───gui: NixOS module
│ ├───hardware: NixOS module
│ ├───nix: NixOS module
│ ├───secrets: NixOS module
│ ├───shell: NixOS module
│ └───user: NixOS module
├───overlays
│ └───nixFlakes: Nixpkgs overlay
├───packages
│ └───x86_64-linux
│ ├───dotfiles: package 'Dotfiles-v7.0'
│ ├───fonts: package 'fonts-7'
│ └───website: package 'website-stable'
├───templates
│ ├───extensive: template: My Complete, Extensive NixOS Configuration
│ └───minimal: template: Simple, Minimal NixOS Configuration
└───vmConfigurations
└───Windows: Virtual Machinechecks: custom configuration checkschannels: configured system package repositories
┌── configuration.nix
├── flake.nix
├── flake.lock
├── .version
├── .templates
├── files
├── secrets
├── shells
├── site
├── repl.nix
├── users
├── devices
│ └── vm
├── scripts
│ └── nixos.nix
├── packages
│ └── overlays
├── lib
│ ├── compat
│ ├── build.nix
│ ├── map.nix
│ ├── pack.nix
│ ├── types.nix
│ └── xdg.nix
└── modules
├── apps
├── base
├── gui
├── hardware
├── nix
├── shell
└── user
└── passwords
configuration.nix: main system configuration fileflake.nix: repository version control usinginputs.version: system state version.templates: custom Flakes configuration templatesfiles:dotfilesand program configurationsecrets: authentication credentials management usingsops-nixshells: sand-boxed shells for development purposessite: personal website generated usingzolarepl.nix: interactive shell to explore syntax and configurationusers: individual user-specific configurationdevices: system configuration for various devicesvm: declarative configuration to build multiple virtual machinesscripts: useful system management scriptspackages: locally built custom packagesoverlays: overrides for pre-built packageslib: custom functions designed for conveniently defining configurationcompat: compatibility library for older Nix versionsmodules: custom configuration modules for additional functionality
Installation
Already Installed
In case you want to use my configuration as-is for a fresh NixOS install, you can try the following steps:
Note: You can run nix develop or nix-shell ./lib/compat/shell.nix in the repository to install all required dependencies
-
Prepare
/etc/nixos:sudo mkdir /etc/nixos sudo chown $USER /etc/nixos && sudo chmod ugo+rw /etc/nixos cd /etc/nixos -
Clone this repository (and preferably initialize it using
git):nix flake init -t github:maydayv7/dotfiles#extensive git init -
Install
gnupgand generate a GPG Key for yourself (if you don't already have one), and include it in the.sops.yamlfile (usinggpg --list-keys). You can use the following commands to generate the GPG key (Ultimate trust and w/o passphrase is preferred):
Replace USER , EMAIL and COMMENTSave the keysgpg --full-generate-key 1 4096 0 y USER EMAIL COMMENT O gpg --output public.pgp --armor --export USER@EMAIL gpg --output private.pgp --armor --export-secret-key USER@EMAILpublic.gpgandprivate.gpgin a secure location -
Import all required GPG Keys into a convenient location (like
/etc/gpg) usinggpg --homedir DIR importand specify it atconfig.sops.gnupg.home(Required for decryption ofsecretson boot, can also be on an external drive) -
Make new
secretsandpasswordsin the desired directories by appending the paths to.sops.yamland then using the following command (Thenixosscript can be used to simplify the process):
Replace PATH with the path to thesecretsops --config /path/to/.sops.yaml -i PATH -
Add device-specific configuration by creating a new file in
devices(bear in mind that the name of the file must be same as theHOSTNAMEof your device), and if required, hardware configuration using thehardware.modulesoption -
Finally, run
nixos-rebuild switch --flake /etc/nixos#HOSTNAME(asroot) to switch to the configuration!
From Scratch
Download the latest NixOS .iso from the Releases page and burn it to a USB using a flashing utility such as Etcher
Important: In order to directly use the configuration, you must first create a clone of this repository and follow steps 2 to 6 from the above section, and preferably upload it to a hosting platform like GitHub/GitLab
Additional Install Media
If Nix is already installed on your system, you may run the following command to build the Install Media:
Replace VARIANT with the name of Install Media to create
nix build github:maydayv7/dotfiles#installMedia.VARIANT.config.system.build.isoImageYou can also download the NixOS .iso from here and run the install script using the following command:
nix build github:maydayv7/dotfiles#nixos
sudo ./result/bin/nixos install
If you want to create an .iso image of the entire system, run the following command:
Replace DEVICE with the name of Device to build
nix run github:nix-community/nixos-generators -- -f iso --flake github:maydayv7/dotfiles#DEVICEPartition Scheme
Note that the install script automatically creates and labels all the required partitions, so it is recommended that only the partition table on the disk be created and have enough free space
| Name | Label | Format | Size (minimum) |
|---|---|---|---|
| BOOT Partition | ESP | vfat | 500M |
| ROOT Partition | System | ext4/BTRFS | 25G |
| SWAP Area | swap | swap | 8G |
| DATA Partition | Files | NTFS | 10G |
Procedure
To install the OS, just boot the Live USB and run sudo nixos install
If the image doesn't boot, try disabling the secure boot and RAID options from BIOS
After the reboot, run nixos setup in the newly installed system to finish setup
In case you are using the advanced filesystem scheme, you may need to set the boot flag zfs_force=1 on first boot
Automatic Deploy
The nixosConfigurations support automatic deployments using deploy-rs
To deploy a Device, simply run the following command:
Replace DEVICE with the name of Device to deploy
nix run github:serokell/deploy -- github:maydayv7/dotfiles#DEVICEBuild It Yourself
If you really want to get dirty with Nix and decide to invest oodles of your time into building your own configuration, this repository can be used as inspiration. For starters, you can run nix flake init -t github:maydayv7/dotfiles in /etc/nixos for a basic Flakes-compatible system configuration. If you have any doubts, feel free to open an issue. You can check out the list of links below to resourceful Nix documentation/tutorials/projects that may be helpful in your endeavour
Welcome to the Nix Community! ;)
Notes
Caution
I am pretty new to Nix, and my configuration is still WIP and uses Nix Flakes, an experimental feature (Important: Nix >= 2.7)
It is not recommended to use NixOS if you are a beginner just starting out, without acquaintance with either the command-line or functional programming languages, since the learning curve is steep, debugging issues is difficult, documentation is shallow, and the effort required/time spent isn't worth the hassle for a novice/casual user
If you have any doubts or suggestions, feel free to open an issue
Requirements
May change according to available hardware
- UEFI Compatible System
- Intel CPU + iGPU
License
All the files and scripts in this repository are licensed under the very permissive MIT License, allowing you to freely use, modify, copy, distribute, sell or give away the software, only requirement being that the license and copyright notice must be provided with it
Branches
There are two branches, stable and develop (when required). The stable branch can be used at any time, and consists of configuration that builds without failure, but the develop branch is a bleeding-edge testbed, and is not recommended to be used. Releases are always made from the stable branch after extensive testing
Build
While rebuilding system with Flakes, make sure that any file with unstaged changes will not be included. Use git add . in cases where the git tree is dirty
Cache
The system build cache is publicly hosted using Cachix at maydayv7-dotfiles, and can be used while building the system to prevent rebuilding from scratch
Continuous Integration
This repository makes use of GitHub Actions in order to automatically check the configuration syntax on every commit (using nix-linter and statix) and format it (using treefmt), update the inputs every week, build the configuration and upload the build cache to Cachix as well as publish the Install Media .iso to a draft Release upon creation of a tag (You can also find GitLab CI/CD configuration in .gitlab). A git hook is used to check the commit message to adhere to the Conventional Commits specification
Variables
ACCESS_TOKEN: Personal Access Token (To create one - GitHub, GitLab)CACHIX_TOKEN: Cachix Authentication Token
File System
The system may be set up using either a simple or advanced filesystem layout. The advanced ZFS opt-in state filesystem configuration allows for a vastly improved experience, preventing formation of cruft and exerting total control over the device state, by erasing the system at every boot, keeping only what's required
Data Storage
All important, persisted user files are stored at /data. Personal files and media are stored on an NTFS partition mounted to /data/files
Links
Theming
- Neofetch: Snazzy CLI System Information Tool
- Powerlevel10K Theme: ZSH Theme for the fancy-looking prompt with immense customization capabilities
- Dash to Panel: GNOME Shell Extension providing a highly customizable icon taskbar for maximized productivity
- DNOME Discord Theme: Discord theme inspired by Adwaita, designed to integrate Discord with GNOME
- Firefox GNOME Theme: GNOME Theme for the Mozilla Firefox Browser, used for better desktop integration
Important Links
See: A Curated List of the Best Resources in the Nix Community
- Official Documentation
- NixOS Manual
- Nix Pills
- NixOS Discourse
- NixOS Package Search
nixpkgsPackage Repository- NUR Nix User Repository
- NixOS Hardware Modules
- Home Manager Options
Other Sources
- Tweag Article introducing Flakes
- Serokell's Blog on Flakes
- Jordan Isaac's Blog for porting configuration to Flakes
- Jon Ringer's Videos on General NixOS Tooling and Hackery
- Justin's Notes on using Nix
- Lan Tian's Series of Blog Posts on NixOS
- Christine's Blog Posts addressing NixOS Security
- Graham and Elis' Blog Posts on Ephemeral Partition Schemes
Other Configurations
Here are some repositories that I may have shamelessly rummaged through for building my dotfiles:
Thanks a lot! ;)
- Over-Engineered Configuration to scare off Beginners
- Minimalistic Configuration for scared Beginners
- User Configurations -
You can navigate to the README's present in the various directories to know more about them
Changelog
NEXT
- Use
treefmtfor Formatting Code
22.04 (v10)
- Deprecate
git-cryptUsage - Improve Installation Experience
- Begin Work on Blog
- Stabilize with multiple Bug-Fixes
Archive
v7.0
- Create Website using Zola
- Refine Compatibility Libraries
- Refine Scripts
- Use
nix-shellShebangs - Add
lib.build.script
- Use
- Support Visual Studio Code Editor
- Use
alejandrafor formatting code
v5.0
- Improve
channelsUsage - Support
sourceFilters - Refine
gitConfiguration - Use
wineApplication Wrapper - Use System Independent
library - Add Support for Ephemeral
/home - Add Configuration for XFCE Desktop
- Bifurcate
usersand Refine User Configuration - Support Automatic
packagesUpdates usingupdate.sh - Add Support for Automatic Deployments using
deploy-rs - Add Developer
shellsfor Multiple Programming Languages integrated withlorri
v4.5
- Use Calendar Versioning
- Use
nixConfig - Support Auto-Upgrade
- Support Multiple Users per Device
- Improve Security and Harden System
- Use PipeWire (with low-latency) for audio
- Use
nixos-generatorsfor Image Generation
v4.0
-
Use
nixConfig -
Bifurcate
devices- Refactor
lib.build.systemintobuild.isoandbuild.device
- Refactor
-
Improve
libHandling -
Improve Module Imports
-
Improve and Bifurcate
docs -
Handle
scriptsas packages -
Improve configuration
checks -
Achieve
systemIndependence -
Add
.editorconfigandnanorc -
Refactor
sopsEncrypted Secrets -
Stabilise and document
templates -
Fix
devshells,replandscripts -
Fix Module Imports and
inputsPatching -
Improve Mime Types Handling with
lib.xdg -
Use
advancedEphemeral Root File System Layout with ZFS -
Use
flake-compat,nix-gamingandnix-wayland -
Improve Code Consistency, reduce Complexity and fix Syntactic and Semantic Errors
- Use
pre-commit-hooksto improve configurationchecks - Use
nixfmtfor formatting code - Use
nix-linterto check stylistic errors
- Use
v3.0
- Upgrade to NixOS v21.11 (Porcupine)!
- Improve Package Declaration
- Add Support for Instant Nix REPL
- Add Support for patching
inputs - Improve usage of Developer Shells
- Import Modules using
nixosModules - Use
home-manageras a Module - Merge Device and User Configuration
- Move all program configuration and dotfiles to
files - Use
sops-nixatsecretsfor managing authentication credentials - Automatically map
modules,packages,overlays,shellsandinputs
v2.3
- Add
docsdirectory - Fix
.isoBoot and Install Errors - Improve Scripts with error-checking
- Add
direnvsupport atshells - Add Support for Nix Developer Shells at
shells - Use
secretsas aninputrather than as asubmodule - Improve CI with automatic
flake.lockupdate and dependency-checking - Bifurcate Flake
outputs(asconfiguration.nix),scriptsandoverlays
v2.1
- Simplify Installation
- Add
installScript - Add Support for creating Install Media
- Add overhauled
setupScript - Automatically build
.isoand publish release using CI
- Add
- Fix Home Activation
v2.0
- Add BTRFS (opt-in state) Configuration
- Improve Ephemeral Root Support with impermanence
- Improve Installation Experience
- Improve Home Activation
- Bifurcate Modules and Roles
- Reduce CI Time
- Add the Office role
v1.0
- Add Cachix Support
- Add Nix Shell Support
- Increase Readability
- Improve Package Management
- Under the hood CI changes
v0.7
- Improve Secrets Management using Private Submodule at
secrets - Overhaul Package Overrides
- Use
final: prev:instead ofself: super: - Add support for NUR
- Split System Scripts and import as overlay
- Refactor Package Overrides into
packages
- Use
- Add archived
dotfilesand revitalize existing ones - Improve Modulated Imports
- Improve Fonts Management
- Update README and
scripts
v0.5
- Added Support for Nix Flakes
- Added Custom Libraries for Device and User Management
- Created System Management Script
- Updated README and
installScript - Add full support for Multi-Device Configuration
- Use Better Repository Management
v0.1
- Added basic NixOS system configuration using GNOME and GTK+
- Added hardware support for 2 devices
- Added
setupscript - Added
home-managersupport and user dotfiles - Added Modulated Configuration
- Added Support for Nix User Repository
- Added Repository Pinning
- Added Essential Package Overlays
- Added Basic Password Management
- Added README
Known Limitations
- It is a hard requirement to clone the repository to
/etc/nixosin order to use it as intended - Need to completely transition to Wayland
Last Updated: April 2022
If you like this project, consider leaving a star