A modular and extensible NixOS configuration system using a custom star-based architecture. This repository contains my personal NixOS configurations for multiple machines and deployments, managed with a comprehensive task runner.
- π Modular "star" system for composable configurations
- π οΈ Comprehensive task runner using Just
- π Secret management with sops-nix
- π Development shells for various tasks
- π¦ Multiple machine configurations
- π Automated formatting and checks
- πΎ ISO generation capabilities
- π Direnv support
.
βββ asterisms/ # High-level configuration combinations
βββ constellations/ # Machine-specific configurations
β βββ aquarius/ # Server configuration
β βββ cassiopeia/ # Desktop configuration
β βββ ursamajor/ # ISO configuration
βββ lib/ # Helper functions and core modules
βββ rockets/ # Development shells
βββ secrets/ # Encrypted secrets (using sops-nix)
βββ stars/ # Modular configuration units
- Stars: Individual configuration modules that can be composed together
- Asterisms: Predefined combinations of stars for specific use cases
- Constellations: Complete system configurations for specific machines
- Rockets: Development environments for specific tasks
- Secrets: Encrypted configuration secrets managed with sops-nix
- NixOS or Nix with flakes enabled
- Git
justcommand runner- (Optional) sops for secret management
- Install the
justcommand runner:
nix-env -iA nixpkgs.just- Bootstrap a new system:
just bootstrap <hostname>This will:
- Set up the nix channels
- Install required tools
- Clone the repository
- Prepare the system for configuration
- Generate SOPS key (if using secrets):
just sops-key-
Review and modify the configuration:
- Choose or create a constellation in
constellations/ - Modify
flake.nixto include your system - Adjust hardware configuration as needed
- Choose or create a constellation in
-
Deploy the configuration:
just switch <hostname># Build and switch to configuration
just switch <hostname>
# Test configuration without applying
just test <hostname>
# Build ISO image
just iso [system] [format]
# Clean old generations
just clean [days]# Format nix files
just fmt
# Check formatting
just fmt-check
# Run flake checks
just check
# Enter development shell
just develop [shell-name]
# Show changes to nix files
just show-diff# Update all flake inputs
just update
# Update specific input
just update-input <input-name>commitlint: For commit message lintingdefault: Contains tools to program in this repo
Stars are the fundamental building blocks of this configuration. Each star is a self-contained NixOS module that can be composed with others.
# Example star structure
stars/
βββ gui/ # GUI-related configurations
β βββ gnome.nix
β βββ hyprland.nix
βββ cli/ # CLI tool configurations
β βββ nvim/
βββ core/ # Core system configurations
βββ sound.nixThe flake.nix provides:
- nixosConfigurations: System configurations for each machine
- packages: Installable packages and ISO images
- devShells: Development environments
Secrets are managed using sops-nix with age encryption:
- Secrets are stored in
secrets/ - Keys are configured in
.sops.yaml - Each constellation can access only its required secrets
- Generate keys with
just sops-key
- Status: Abandonned
- Purpose: Desktop workstation
- Features: GNOME desktop, development tools
- Status: Active
- Purpose: Home server
- Services: Traefik, planned hosting for various services
- Status: Active
- Purpose: Installation ISO
- Features: Basic system for testing and installation
- Status: In Development
This repository uses conventional commits. Each commit message should be structured as:
<type>(<scope>)[!]: <description>
[body]
[BREAKING CHANGE: ][footer]
Types: feat, fix, docs, style, refactor, perf, test, build, ci, chore
Scopes: See .commitlintrc.yml for valid scopes
| Category | Task | Priority | Status |
|---|---|---|---|
| Documentation | Add installation guides for each constellation | High | π‘ Pending |
| Testing | Add GitHub Actions workflows | High | π’ Complete |
| Testing | Implement basic system tests | Medium | π΄ Not Started |
| Testing | Add Nix formatting checks | High | π’ Complete |
| Security | Implement firewall configuration | High | π΄ Not Started |
| Security | Add fail2ban configuration | Medium | π΄ Not Started |
| Security | Configure automatic security updates | High | π΄ Not Started |
| Security | Implement SSH hardening | High | π΄ Not Started |
| Backup | Add restic/borgbackup configuration | High | π΄ Not Started |
| Monitoring | Set up Prometheus + Grafana | Medium | π΄ Not Started |
| Infrastructure | Add Hydra instance | Low | π’ Complete |
| Infrastructure | Add TeamCity instance | Low | π΄ Not Started |
| Infrastructure | Add Attic binary cache | Medium | π΄ Not Started |
| Infrastructure | Add Mastodon frontend | Low | π’ Complete |
| Infrastructure | Add Lemmy instance | Low | π΄ Not Started |
| Infrastructure | Add Invidious instance | Low | π΄ Not Started |
| Infrastructure | Add SearXNG instance | Medium | π΄ Not Started |
| Infrastructure | Add Gitea instance | Medium | π’ Complete |
| Infrastructure | Add Jellyfin instance | Low | π΄ Not Started |
| Infrastructure | Add Vaultwarden instance | Low | π΄ Not Started |
| Infrastructure | Add Home Assistant instance | Low | π΄ Not Started |
| Infrastructure | Add Paperless-ngx instance | Low | π΄ Not Started |
| Infrastructure | Add Syncthing instance | Low | π΄ Not Started |
| Infrastructure | Add Calibre-Web instance | Low | π΄ Not Started |
| Infrastructure | Add Photoprism instance | Low | π΄ Not Started |
| Architecture | Task runner implementation | High | π’ Complete |
| Architecture | Figuring all of this out | High | π£ Always going on |
Legend:
- π’ Complete
- π‘ In Progress/Partial
- π΄ Not Started
- π£ Special
This project is open source and available under the Apache v2 license.
- NixOS for the amazing Linux distribution
- All the fantastic Nix community members who share their configurations
- NotAShelf for inspiration
- casey/just for the fantastic command runner
- Contributors to all the tools and packages used in this configuration