nixfiles

This repository on my self hosted git.

This repository on GitHub.

These are the NixOS configurations for my systems. I run nothing other than NixOS on my hardware, aside from virtual machines.

Nodes

Node	Network	Purpose
kyouko	Public	Currently the main server. Ad-hoc hetzner cloud box.
marisa	Public	Reverse proxier and wireguard interconnect. Ad-hoc BuyVM box.
daiyousei	Public	Intended kyouko replacement. Provisioned OCI Ampere box.
rinnosuke	Public	My primary nameserver. Provisioned OCI EPYC box.
shinmyoumaru	Public	My Raspberry Pi 1 Model B+. DHT22 sensors box.
yukari	Private	Home server. NAS + HTPC, does DVB stuff.
goliath	Private	Beloved workstation. Does VFIO.
koishi	Private	Main laptop.
ran	Private	CCTV netbook.
chen	Private	CCTV netbook.
medicine	None	Work-in-progress Live USB.

Profiles

See here for additional information on profiles.

Profile	Purpose
base	Base profile, always used. Root access, base16, home-manager, locale, network module, nix, packages, {,neo}vim profiles, secrets, shell and sysctl configuration.
gui	GUI profile. Provides window managers, includes DNSCrypt/dnscrypt-proxy service, filesystem packages, font, NixOS-side GPG, mingetty, NFS, QT, sound (pipewire) and XDG portal configuration.
network	Manages Wireguard Mesh.
shared	Shared systems. Provides hexchen and arc users.
vfio	Provides host-unspecific VFIO. Fancy patched QEMU from arcnmx/nixexprs, arcnmx/screenstub (however, patched in-repo for Q35), AMDGPU vendor-reset and ACS override.
hardware	Sub-profiles for my hardware are provided here. Some are reusable. Of note is the Oracle sub-profiles.
cross	Sub-profiles are provided for emulated compiling and build caching.

User Profiles

Profile	Purpose
base	base16, git, inputrc, packages, secrets, kitty terminfo, SSH, tmux, weechat, vim, xdg and zsh configuration.
dev	cookiecutters, rink, doom-emacs (although unused, forced to use PgtkGcc all fancily :3c), packages, rustfmt and (heavier on the node) vim configuration.
gui	firefox+userChrome+tst, font, kitty terminal, dnkl/foot terminal, GTK, packages, QT, ranger and xdg configuration.
media	mpv, obs, packages and syncplay configuration.
personal	arcnmx/rbw (fancier rbw), email via arcnmx/notmuch-vim, home-manager-side GPG, pass, weechat and zsh configuration.
services	User services. weechat and mpd are provided.
sway	sway, i3gopher, swayidle, swaylock-effects, screenshot tool, kittywitch/konawall-rs, mako, wofi, waybar and xkb (custom layout o:) configuration.

Services

Service	Description
dnscrypt-proxy	DNSCrypt Proxy v2, fancy DNS stuffs.
filehost	I sling things in here via SSH/SCP.
fusionpbx	FusionPBX. Fancy PBX.
gitea	Self-hosted git with mail support.
glauth	LDAP server.
jellyfin	HTPC/NAS stuff.
katsplash	A splash screen for some hosts.
kattv-ingest	Takes data from kattv, slings to RTMP.
kattv	Takes data from a webcam, slings to kattv-ingest.
keycloak	Fancy identity stuffs.
knot	Knot DNS, authoritative DNS server.
logrotate	Rotates logs!
mail	nixos-mailserver.
matrix	Synapse and some appservices. Need to migrate the appservice configs in.
murmur	Mumble!
nfs	Network filesy stuff.
nginx	Our NGINX preset configs.
postgres	Database of choice.
radicale	CalDAV, integrated with the mail service.
restic	Backups!
syncplay	Watching videos with friends and lovers. Usually, lovers.
taskserver	Taskwarrior server.
transmission	Linux distros, I swear.
tvheadend	DVB-T ingest for Jellyfin and so on!
vaultwarden	Passwords!
website	Our personal website.
xmpp	Prosody.
zfs	ZFS snapshot settings.
znc	IRC bouncer!

Modules

This list will include the modules provided by kittywitch/nixexprs as “katexprs”. They are available within this repo as exprs.

Module	Domain	Description
arcnmx/nixexprs	NixOS + home-manager	I use… a lot of these. Syncplay, modprobe, base16, i3gopher, weechat, konawall, shell and probably more.
arcnmx/tf-nix	Meta + NixOS + home-manager	Deployment, secrets and terraform.
nix-community/impermanence	NixOS + home-manager	Erase your darlings.
kittywitch/anicca	NixOS + home-manager	WIP Helpful modules for impermanence.
katexprs/nftables	NixOS	Uses nftables for the NixOS firewall module.
katexprs/firewall	NixOS + home-manager	Per-“domain” (private, public) -> interface abstractions for the firewall. Easier to remember.
katexprs/network (WIP)	NixOS + home-manager	Network abstractions. Handles DNS + certs, among virtualHosts.
katexprs/fusionpbx (WIP)	NixOS	FusionPBX.
arcexprs/swaylock	home-manager	Easier abstractions for using swaylock-effects.
nixfiles/secrets	Meta + NixOS + home-manager	Helper for tf-nix’s secrets.
nixfiles/deploy	Meta + NixOS + home-manager	tf-nix deployment integration
nixfiles/network	Meta	Enables node to host config assignment & NixOS module.
nixfiles/monitoring	NixOS	Grafana, Prometheus, Loki, node-exporter, netdata, promtail, …
nixfiles/theme	home-manager	Abstractions for themes. SASS templating.

CI

CI for this repository uses arcnmx/ci, is aarch64 emulated build enabled and aims to achieve two goals:

Action	Purpose
nodes	Build and cache host closures, show state of host evaluability/buildability.
flake-cron	Automatically update the dependencies used by the repository, cache host closure build results with them.

Dependencies

Dependency	Reasoning
nix-community/home-manager	home-manager. Self-explanatory.
nix-community/NUR	Firefox extensions and such.
arcnmx/tf-nix	The deploy system used, also provides DNS, secrets and node provisioning. (Anything terraform can do.)
arcnmx/ci	The CI integration system used.
arcnmx/nixexprs	Packages and modules I heavily make use of.
nix-community/impermanence	Impermanence! Erase your darlings.
kirelagin/nix-dns	A Nix DSL for zone files. For the WIP nameserver.
kittywitch/anicca	A helper for moving to impermanence.
kittywitch/nixexprs	Packages and modules I have made.
nixos-mailserver	The mail server module I use.
nix-community/emacs-overlay	An overlay for emacs versions. Currently unused.
vlaci/nix-doom-emacs	Nixified DOOM emacs. Currently unused.

Commands

The commands here aside from the nix build command are provided through the shell. The <target> and <host> commands are runners provided through arcnmx/tf-nix.

Please use nix-shell or direnv/direnv. The shell is not compatible with nix-community/nix-direnv.

Command	Purpose
nf-update	Wraps nix flake update.
nf-actions	Updates CI integrations.
nf-test	Tests CI actions.
<target>-apply	Deploys to the provided target.
<target>-tf	Provides you a terraform shell for the provided target.
<host>-ssh	SSH into the provided host.
nix build -f . network.nodes.<host>.deploy.system	Build a system closure for the provided host.