hmajid2301/nixicle
1
0
Fork 0
mirror of https://gitlab.com/hmajid2301/nixicle.git synced 2026-06-18 03:25:46 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
My NixOS flake.
825 commits 2 branches 7 tags 84 MiB
  • TypeScript 36.2%
  • Nix 35.6%
  • Lua 14.1%
  • CSS 13.7%
  • Tree-sitter Query 0.4%
Find a file
Exact
Haseeb Majid d5094a6f17
 chore(config): update secrets, ssh, nfs, vps, and impermanence configs
2026-06-01 22:06:40 +01:00
docs/images feat!: Migrate to den and nix-wrapper-modules 2026-04-08 22:46:04 +01:00
hosts chore(config): update secrets, ssh, nfs, vps, and impermanence configs 2026-06-01 22:06:40 +01:00
iso/graphical fix: Build issues with the new den config 2026-04-12 08:00:39 +01:00
lib refactor(lib): pass flake inputs to package callPackages 2026-06-01 22:05:31 +01:00
modules chore(config): update secrets, ssh, nfs, vps, and impermanence configs 2026-06-01 22:06:40 +01:00
packages feat: remove unused modules and packages 2026-06-01 22:06:19 +01:00
tasks chore(sops): update secrets and CI configuration 2026-01-10 20:30:13 +00:00
topology fix: Build issues with the new den config 2026-04-12 08:00:39 +01:00
.envrc feat: generate ISO from Flake 2023-09-14 22:15:36 +00:00
.gitignore feat!: Migrate to den and nix-wrapper-modules 2026-04-08 22:46:04 +01:00
.gitlab-ci.yml chore(config): update flake automation and checks 2026-05-15 10:50:38 +01:00
.sops.yaml chore(system): update boot, neovim, profiles, niri and secrets config 2026-05-15 10:51:16 +01:00
flake.lock chore(flake): update inputs and lockfile 2026-06-01 22:03:35 +01:00
flake.nix chore(flake): update inputs and lockfile 2026-06-01 22:03:35 +01:00
LICENSE.md feat: Initial Commit 2022-07-25 20:19:19 +01:00
README.md refactor: update host configs, boot, niri, overlays, and README 2026-05-06 20:27:37 +01:00
renovate.json5 chore: add renovate configuration 2026-01-31 11:46:58 +00:00
Taskfile.yml chore(config): update flake automation and checks 2026-05-15 10:50:38 +01:00

README.md


Nixicle

⚠️ This config repo is constantly changing, Let me know if you see something that can be improved or done better 😄 .

💽 Usage

Install

To install NixOS on any of my devices I now use nixos-anywhere. You will need to be able to SSH to the target machine from where this command will be run. Load nix installer ISO if no OS on the device. You need to copy ssh keys onto the target machine mkdir -p ~/.ssh && curl https://github.com/hmajid2301.keys > ~/.ssh/authorized_keys in my case I can copy them from GitHub.

git clone git@github.com:hmajid2301/nixicle.git ~/nixicle/
cd nixcile

nix develop

nixos-anywhere --flake '.#workstation' nixos@192.168.1.8 # Replace with your IP

After building it you can copy the ISO from the result folder to your USB. Then run nix_installer, which will then ask you which host you would like to install.

Building

To build my config for a specific host you can do something like:

git clone git@github.com:hmajid2301/nixicle.git ~/nixicle/
cd nixicle

nix develop

# To build system configuration (uses hostname to build flake)
nh os switch

# To build user configuration (uses hostname and username to build flake)
nh home switch

# Build ISO in result/ folder
nix build .#iso-graphical

# Deploy my to remote server i.e. Home Lab (using SSH)
deploy .#ms01 --hostname ms01 --ssh-user nixos --skip-checks

# Build Home Lab diagram using nix-topology
nix build .#topology.config.output

# Build docker image used in ci
nix build .#containers-ci

# Run neovim
nix run .#homeConfigurations."haseeb@workstation".config.nixCats.out.packages.nixCats

# Build docker image used in ci
nix build .#containers-ci

🚀 Features

Some features of my config:

  • Structured to allow multiple NixOS configurations, including desktop, laptop and homelab
  • Custom live ISO for installing NixOS
  • Styling with stylix
  • Opt-in persistance through impermanence + blank snapshot
  • Encrypted BTRFS partition
  • Secure Boot with lanzaboote
  • sops-nix for secrets management
  • Different environments like niri, hyprland and gnome
  • Custom Neovim setup declaratively using NixCats
  • Homelab all configured in nix.

🖼️ Showcase

Desktop

terminal notifications wallpaper monkeytype

Neovim

Telescope Editor Go Code CMP

Manual Steps

AI

Manually installed packages now yet via nix

claude code and opencode

pi coding agent

🔐 OpenBao Setup

After deploying the system, OpenBao requires manual setup for AppRole authentication:

  1. Get Admin Token
# Login with admin credentials (password is in SOPS secrets.yaml)
curl -X POST http://127.0.0.1:8200/v1/auth/userpass/login/admin \
  -H "Content-Type: application/json" \
  -d '{"password":"<OPENBAO_ADMIN_PASSWORD>"}' | jq -r '.auth.client_token'
  1. Run Terraform
cd infra/tf
mv backend.tf backend.tf.disabled  # Disable remote backend
tofu init

# Create terraform.tfvars with admin token
cat > terraform.tfvars << EOF
openbao_address = "http://127.0.0.1:8200"
openbao_token = "<admin-token-from-step-1>"
# ... add other required variables
EOF

# Apply Spindle AppRole resources
tofu apply -target=vault_auth_backend.approle \
  -target=vault_mount.spindle \
  -target=vault_policy.spindle \
  -target=vault_approle_auth_backend_role.spindle \
  -target=vault_approle_auth_backend_role_secret_id.spindle
  1. Add Credentials to SOPS
# Get the credentials from Terraform
tofu output spindle_role_id
tofu output -raw spindle_secret_id

# Add to modules/nixos/services/secrets.yaml
sops modules/nixos/services/secrets.yaml
# Add: spindle_role_id and spindle_secret_id
  1. Update Configuration & Rebuild

Update modules/nixos/services/openbao/proxy.nix to use SOPS secrets, then rebuild:

nh os switch

Appendix

Inspired By