🌈 My NixOS configuration and setup

A modular, reproducible, and secure NixOS configuration for homeservers, workstations, WSL, and Nix-on-Droid.

---

📌 Overview

This repository contains my NixOS and Home Manager configurations for various environments, including:

• Native NixOS (Desktops, Servers)
• WSL (Windows Subsystem for Linux)
• Nix-on-Droid (Android devices)
• Home Manager (Nix on other GNU/Linux distributions)

The setup is modular, reproducible, and secure, with support for GitCrypt for secrets management.

👀 Screenshot

Niri + Dank Material Shell with Rose Pine theme:

📂 Structure

Directory/File	Description
home/	Home Manager configurations and user-specific settings
hosts/	Host-specific configurations (e.g., mikrobi/, puffy/)
modules/	Reusable NixOS modules (hardware, profiles, services, system)
packages/	Self defined packages
scripts/	Utility scripts for setup and maintenance
secrets/	Sensitive data and configuration (encrypted with GitCrypt)
shells/	Development shells

---

🔧 Modules

Hardware

Module	Description
AMD GPU	Lact, Vulkan Tools, and GPU undervolting
LED control	Control LED colors

Profiles

Module	Description
Development	Thonny, Android Studio (unstable)
Gaming	Lutris, Steam, Wine
GNOME	GNOME desktop environment with Dracula theme
GUI Extras	Additional GUI configuration
GUI	Minimal GUI configuration
Niri + Dank Material Shell	Niri + Dank Material Shell
Security	Nmap, Wireshark, and auditing tools
Work	Additonal configuration for work environment

Services

Module	Description
Generative AI/LLM	ComfyUI, Mimic (TTS), Ollama, Open-WebUI, oterm
Printing	Printer and scanner setup
Prometheus	Prometheus exporter for Grafana monitoring
SSH	SSH remote login configuration
Virtualization	GNOME Boxes, UEFI fix, QEMU

System

Module	Description
Hibernation	Hibernate on power button, sleep then hibernate on lid close
Kernels	Default, desktop, and server kernel settings
Plymouth	Plymouth graphical boot process settings
Secure Boot	Secure Boot configuration

Home Manager

Module	Description
Ghostty	Customized Ghostty terminal configuration
Librewolf	Customized Librewolf browser configuration
NeoVim	Customized NeoVim configuration
Stylix	Stylix configuration for Rose Pine theme
VSCodium	Customized VSCodium configuration

---

🔐 Gitcrypt

GitCrypt is used to encrypt sensitive files (e.g., secrets/variables.json).

Setup

• Setup steps

• Make sure git and git-crypt is installed:

nix-shell -p git git-crypt

• Get key as base64

git-crypt export-key -|base64 -w0

• Save key

Unlock the repository

stty -echo;head -n1|base64 -d|git crypt unlock -;stty echo

• Sample config file variables.json

💻 Native NixOS

1. Clone repo

git clone https://git.kbnetcloud.de/riza/nixos.git ~/git/nixos
cd ~/git/nixos

2. Decrypt git-crypt
3. Setup disk

• ⚠️ Warning: The disksetup scripts will delete all partitions on nvme0n1, sda or vda
• One btrfs volume with subvolumes for rootfs, home and nix
• Physical volumes (nvme, sda) encrypted via cryptsetup
• Virtual volumes (vda) unencrypted
• GPT-based configuration for modern UEFI systems using systemd-boot
• MBR-based configuration for legacy BIOS systems using the GRUB bootloader
• Swap via zram

scripts/disksetup_gpt.sh
# Or  
scripts/disksetup_mbr.sh

4. Generate Hardware configuration

nixos-generate-config --root /mnt --show-hardware-config > hosts/<host>/hardware-configuration.nix

• Check if btrfs mountpoints have "compress=zstd" parameter or add it manually

5. Start installation for <hostname>. Password is defined in the secrets json:

nixos-install --flake .#<hostname> --no-root-password

Maintenance

• nh is being used to maintain NixOS
• Update with u
• Reconfiguration with r
• Cleanup with c
• Push to git with p
• Pull from git with pu

🪟 WSL

1. Follow NixOS installation on WSL from https://github.com/nix-community/NixOS-WSL
2. Clone repo

git clone https://git.kbnetcloud.de/riza/nixos.git ~/git/nixos
cd ~/git/nixos

3. Decrypt git-crypt

4. Update Nix channels

nix-channel --update

5. Switch to new configuration

nixos-rebuild switch --flake .#<hostname> --impure

6. Restart Nixos

wsl -t nixos

Maintenance

• Use nh for maintenance (same commands as Native NixOS).

📱 Nix-on-droid

1. Install app from F-droid
2. Enable Flake install and let installation configure base system
3. Add openssh, git and git-crypt packages in package section of .config/nix-on-droid/nix-on-droid.nix
4. Rebuild to install additional packages
5. Clone repo

git clone https://git.kbnetcloud.de/riza/nixos.git git/nixos

5. Decrypt git-crypt

6. Switch to new config

nix-on-droid switch -F ~/git/nixos/

Maintenance

• nix-on-droid to maintain nix-on-droid
• Reconfiguration with r [--dry-run]
• Pull from git with pu

🏠 Home-manager

Requirements: Any GNU/Linux with native package installed:

• Gnome Desktop Environment or
• Niri and DMS
• Ghostty
• SELinux disabled/permissive

1. Install nix packet manager

sh <(curl --proto '=https' --tlsv1.2 -L https://nixos.org/nix/install) --daemon

2. Enable flake feature

mkdir -p ~/.config/nix
echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf

3. Clone repo

git clone https://git.kbnetcloud.de/riza/nixos.git ~/git/nixos
cd ~/git/nixos

4. Decrypt git-crypt
5. Switch to home-manager shell

nix-shell -p home-manager

6. Activate initial configuration

home-manager switch --flake ~/git/nixos/#hm

Maintenance

• home-manager to maintain nix environment
• Reconfiguration with r [--dry-run]
• Cleanup with c
• Pull from git with pu

📜 License

This project is licensed under the MIT License.