nixfiles

This repository on my self hosted git.

This repository on GitHub.

These are the NixOS configurations for my systems. I run nothing other than NixOS on my hardware, aside from virtual machines.

Contents

• To-do
• Nodes
• Profiles
• User Profiles
• Services
• Modules
• CI
• Dependencies
• Commands

To-do

• Consider reworking kittywitch/nixexprs and kittywitch/nixfiles-base.
  • In-housed kittywitch/nixexprs as exprs.
  • Merged my local changes with exprs.
  • Prioritise modules reusability.
• Expand kittywitch/anicca to be a module that helps with impermanence, too.
  • Host impermanence enablement check.
  • Break anicca-migrator into interface modules.
  • Bind mount status list.
  • Bind mount start/enabler script.
• Move to using arcnmx/screenstub without any patches.
  • Check new config options, port current patch to new config options.
• Move waybar modules to using signals.
• Make waybar module for gammastep toggle.
• Investigate how to fix Yule’s PCI-E issues.
• Migrate boline to NixOS.
  • Look into ARM cross-compilation w/ nixpkgs.
  • Look into existing binary caches.
  • Write packages & services for DHT22 exporter + the socat.
• Migrate athame to OCI.
  • Look into ARM cross-compilation w/ nixpkgs.
  • Look into existing binary caches.
  • Do backups, figure out per-service backup system for state.
  • Create a replacement box before any migration on OCI.
• Look into alternatives to Yggdrasil and move to them.
• Set up IPv6 network handling for my hosts.
  • Fix network module tf-nix integrations.
  • Rinnosuke IPv6.
  • Local node IPv6 configuration.

Nodes

Node	Purpose
athame	Currently the main server. Ad-hoc hetzner cloud box.
rinnosuke	My primary nameserver. Provisioned OCI EPYC box.
beltane	Home server. NAS + HTPC, does DVB stuff.
samhain	Beloved workstation. Does VFIO.
yule	Main laptop.
ostara	CCTV netbook.

Profiles

Profile	Purpose
base	Base profile, always used. Root access, base16, home-manager, locale, network module, nix, packages, profiles, secrets, shell and sysctl configuration.
gui	GUI profile. Provides window managers, includes DNSCrypt/dnscrypt-proxy service, filesystem packages, font, NixOS-side GPG, mingetty, NFS, QT, sound (pipewire) and XDG portal configuration.
vfio	Provides host-unspecific VFIO. Fancy patched QEMU from arcnmx/nixexprs, arcnmx/screenstub (however, patched in-repo for Q35), AMDGPU vendor-reset and ACS override.
hardware	Sub-profiles for my hardware are provided here. Some are reusable.

User Profiles

Profile	Purpose
base	base16, git, inputrc, packages, rink, secrets, kitty terminfo, SSH, tmux, weechat, vim, xdg and zsh configuration.
dev	cookiecutters, doom-emacs (although unused, forced to use PgtkGcc all fancily :3c), packages, rustfmt and (heavier on the node) vim configuration.
gui	firefox+userChrome+tst, font, kitty terminal, dnkl/foot terminal, GTK, packages, QT, ranger and xdg configuration.
media	mpv, obs, packages and syncplay configuration.
personal	arcnmx/rbw (fancier rbw), email via arcnmx/notmuch-vim, home-manager-side GPG, pass, weechat and zsh configuration.
services	User services. weechat and mpd are provided.
sway	sway, i3gopher, swayidle, swaylock-effects, screenshot tool, kittywitch/konawall-rs, mako, wofi, waybar and xkb (custom layout o:) configuration.

Services

Service	Description
dnscrypt-proxy	DNSCrypt Proxy v2, fancy DNS stuffs.
filehost	I sling things in here via SSH/SCP.
fusionpbx	FusionPBX. Fancy PBX.
gitea	Self-hosted git with mail support.
jellyfin	HTPC/NAS stuff.
katsplash	A splash screen for some hosts.
kattv-ingest	Takes data from kattv, slings to RTMP.
kattv	Takes data from a webcam, slings to kattv-ingest.
knot	Knot DNS, authoritative DNS server.
logrotate	Rotates logs!
mail	nixos-mailserver.
matrix	Synapse and some appservices. Need to migrate the appservice configs in.
murmur	Mumble!
nfs	Network filesy stuff.
nginx	Our NGINX preset configs.
postgres	Database of choice.
radicale	CalDAV, integrated with the mail service.
restic	Backups!
syncplay	Watching videos with friends and lovers. Usually, lovers.
taskserver	Taskwarrior server.
transmission	Linux distros, I swear.
tvheadend	DVB-T ingest for Jellyfin and so on!
vaultwarden	Passwords!
website	Our personal website.
xmpp	Prosody.
zfs	ZFS snapshot settings.
znc	IRC bouncer!

Modules

This list will include the modules provided by kittywitch/nixexprs as “katexprs”. They are available within this repo as exprs.

Module	Domain	Description
arcnmx/nixexprs	NixOS + home-manager	I use… a lot of these. Syncplay, modprobe, base16, i3gopher, weechat, konawall, shell and probably more.
arcnmx/tf-nix	Meta + NixOS + home-manager	Deployment, secrets and terraform.
nix-community/impermanence	NixOS + home-manager	Erase your darlings.
kittywitch/anicca	NixOS + home-manager	WIP Helpful modules for impermanence.
katexprs/nftables	NixOS	Uses nftables for the NixOS firewall module.
katexprs/firewall	NixOS + home-manager	Per-“domain” (private, public) -> interface abstractions for the firewall. Easier to remember.
katexprs/network (WIP)	NixOS + home-manager	Network abstractions. Handles DNS + certs, among virtualHosts.
katexprs/fusionpbx (WIP)	NixOS	FusionPBX.
katexprs/swaylock	home-manager	Easier abstractions for using swaylock-effects.
nixfiles/secrets	Meta + NixOS + home-manager	Helper for tf-nix’s secrets.
nixfiles/deploy	Meta + NixOS + home-manager	tf-nix deployment integration
nixfiles/network	Meta	Enables node to host config assignment & NixOS module.
nixfiles/dyndns	NixOS	Dynamic DNS using glauca.digital.
nixfiles/monitoring	NixOS	Grafana, Prometheus, Loki, node-exporter, netdata, promtail, …
nixfiles/theme	home-manager	Abstractions for themes. SASS templating.
hexchen/yggdrasil	NixOS	Yggdrasil ease of use module.

CI

CI for this repository uses arcnmx/ci and aims to achieve two goals:

Action	Purpose
nodes	Build and cache host closures, show state of host evaluability/buildability.
niv-cron	Automatically update the dependencies used by the repository, cache them and host closure build results with them.

Dependencies

Dependency	Reasoning
nmattia/niv	Dependency management. Will move to flakes when stable.
nix-community/home-manager	home-manager. Self-explanatory.
nix-community/NUR	Firefox extensions and such.
arcnmx/tf-nix	The deploy system used, also provides DNS, secrets and node provisioning. (Anything terraform can do.)
arcnmx/ci	The CI integration system used.
arcnmx/nixexprs	Packages and modules I heavily make use of.
nix-community/impermanence	Impermanence! Erase your darlings.
kirelagin/nix-dns	A Nix DSL for zone files. For the WIP nameserver.
kittywitch/anicca	A helper for moving to impermanence.
kittywitch/nixexprs	Packages and modules I have made.
nixos-mailserver	The mail server module I use.
hexchen/nixfiles	Yggdrasil module. Yggdrasil nodes.
nix-community/emacs-overlay	An overlay for emacs versions. Currently unused.
vlaci/nix-doom-emacs	Nixified DOOM emacs. Currently unused.

Commands

The commands here aside from the nix build command are provided through the shell. The <target> and <host> commands are runners provided through arcnmx/tf-nix.

Please use nix-shell or direnv/direnv. The shell is not compatible with nix-community/nix-direnv.

Command	Purpose
nf-update	Fancier niv update.
nf-actions	Updates CI integrations.
nf-test	Tests CI actions.
<target>-apply	Deploys to the provided target.
<target>-tf	Provides you a terraform shell for the provided target.
<host>-ssh	SSH into the provided host.
nix build -f . network.nodes.<host>.deploy.system	Build a system closure for the provided host.