Nix / NixOS config

Psst: I can help write Nix at your company. Get in touch.

Overview

Hey, you made it! Welcome. 🤓

This is my personal NixOS configuration, which I use on my personal computers and servers. It's a work in progress, but it's already pretty cool. I'm sharing it here in case it's useful to others.

Structure

• hosts/<host>: per‑host configs (NixOS and macOS).
• modules/: reusable modules (services/, programs/, roles/, common/).
• flake.nix: flake inputs/outputs; Makefile: convenience targets.

Dev environment

• Enable direnv with direnv allow (see .envrc).
• Enter dev shell: nix develop (provides nixpkgs-fmt, statix, deadnix, nil, pre-commit).
• Common commands: make fmt, make lint (non-bloquant), make lint-ci (strict), make build, make check.

Bootstrap New Computer

For MacOS, install Nix package manager and dependencies

xcode-select --install

sh <(curl -L https://nixos.org/nix/install) --daemon

make switch

Update dependencies

nix flake update

Secrets Management (agenix)

Secrets are encrypted with agenix using age encryption.

Edit a secret

nix develop
agenix -e secrets/ssh-config.age

Re-encrypt all secrets (after adding a key to secrets.nix)

nix develop
agenix -r

Apply changes after editing secrets

make switch
sudo launchctl kickstart system/org.nixos.activate-agenix  # macOS only

Add a new secret

1. Add the secret definition in secrets.nix
2. Create and encrypt: agenix -e secrets/my-secret.age
3. Reference it in your module with age.secrets.my-secret.file