This repository contains:
- Nix configuration (starting in
flake.nix) for:- Linux NixOS machines running on Google Cloud Platform (GCP)
- macOS machines configured with nix-darwin
- Infrastructure as Code in Pulumi using the TypeScript SDK, for provisioning the GCP virtual machines, disks, networking, etc
- NixOS is installed on GCP machines with nixos-anywhere over an SSH tunnel through Google Cloud's Identity-Aware Proxy (IAP) TCP Forwarding
- Dotfiles managed by chezmoi
- Neovim configuration using lazy.nvim and NvChad
lazy.nvimloads plugin config from~/.config/nvim/lua/plugins/*.lua(which is generated bychezmoifrom./chezmoi/dot_config/nviml/lua/plugins/*.lua)- Neovim
lazyplugin config extends any config provided by NvChad plugin config
- Neovim configuration using lazy.nvim and NvChad
In alphabetical order:
├──.sops.yaml SOPS config: age keys + encryption rules├──bun.lock Bun lockfile for reproducible JS/TS deps├──chezmoi/ Dotfiles managed by chezmoi│ ├──dot_local/│ │ └──bin/ Personal scripts│ ├──dot_cargo/ Cargo (Rust) config files│ ├──dot_claude/ Claude Code/editor integration settings│ ├──dot_config/ App configs (fish, nvim, kitty, etc.)│ │ ├──bat/ bat (better cat) config│ │ ├──fish/ Fish shell config│ │ ├──ghostty/ Ghostty terminal config│ │ ├──helix/ Helix editor config│ │ ├──htop/ htop process monitor config│ │ ├──kitty/ Kitty terminal config│ │ ├──lftp/ lftp FTP client config│ │ ├──nvim/ Neovim editor config│ │ │ ├──lua/augroups.lua Neovim autocommand groups│ │ │ ├──lua/chadrc.lua NvChad configuration│ │ │ ├──lua/lazy-config.lua Lazy.nvim plugin manager config│ │ │ ├──lua/lsp-on-attach.lua LSP client attachment handlers│ │ │ ├──lua/mappings-helpers.lua Key mapping utility functions│ │ │ ├──lua/mappings.lua Custom key bindings│ │ │ ├──lua/neovide.lua Neovide GUI client config│ │ │ ├──lua/options.lua Neovim options and settings│ │ │ ├──lua/plugins/ Plugin configurations (lazy.nvim format)│ │ │ └──lua/user-commands.lua Custom user commands│ │ ├──procs/ procs process viewer config│ │ ├──wezterm/ WezTerm terminal config│ │ └──yazi/ Yazi file manager config│ ├──dot_gitconfig Global Git configuration│ ├──dot_gitignore_global Global Git ignore patterns│ └──dot_warp/ Warp terminal themes, settings, workflows├──CLAUDE.md Guidance for AI assistants working on this repo├──flake.lock Nix flake lock (pins inputs for reproducibility)├──flake.nix Main Nix flake (NixOS + macOS configs)├──gcp/ GCP infrastructure config, NixOS installer script, and NixOS config for GCP VM instances│ ├──compute.ts VM instances, disks, schedules, snapshots│ ├──config.ts Parsing and validation ofPulumi.<hostname>.yamlfiles.│ ├──coral/ Host config for 'coral' GCP VM│ │ ├──configuration.nix NixOS config importing shared modules│ │ └──my-config.nix Host-specific overrides (hostname, user, proj)│ ├──example/ Templates for new GCP VMs│ │ ├──configuration.nix Template NixOS config│ │ └──my-config.nix Template host config with placeholders│ ├──firewall.ts Firewall rules (IAP SSH, tailscale, deny-all)│ ├──iam.ts IAM bindings for IAP and compute permissions│ ├──index.ts Pulumi entrypoint exporting all resources/outputs│ ├──install-nixos.sh NixOS install script that uses nixos-anywhere and GCP IAP SSH tunneling│ ├──monitoring.ts Logging metrics + alert policies│ └──network.ts VPC, subnets, Cloud NAT, flow logs├──GCP_USAGE.md Human guide for provisioning and operating GCP VMs├──mac/ macOS (nix-darwin) configuration│ └──cyan/ Host config for 'cyan' MacBook Pro│ ├──configuration.nix nix-darwin system configuration│ └──packages.nix macOS package selections├──mise.toml mise tasks, tool versions, env vars├──modules/ Shared NixOS modules used by hosts│ ├──core.nix Base system config + essential packages│ ├──disko-partitions.nix Disk layout (EFI, swap, ext4 root) via disko│ ├──golang.nix Golang dev environment module│ ├──nh.nix NixOS Helper (nh) + build output tooling│ ├──nix.nix Nix daemon, GC, substituters/caches│ ├──openssh-server.nix Hardened OpenSSH server configuration│ ├──security.nix Firewall, fail2ban, polkit rules│ ├──tailscale.nix Tailscale VPN configuration│ ├──user.nix User accounts, SSH keys, shell, sudo│ └──vector.nix Vector log agent → Google Cloud Logging├──package.json Package manifest for Pulumi TypeScript infrastructure code├──packages/ Custom Nix packages (Nix derivations)├──Pulumi.coral.yaml Pulumi stack config for 'coral' environment├──Pulumi.example.yaml Template Pulumi stack config for new VMs├──Pulumi.yaml Overall Pulumi project manifest├──secrets/ SOPS secrets encrypted with age│ ├──gcp_coral.yaml Secrets for 'coral' (password hashes, tailscale)│ └──gcp_example.yaml Template secrets for new VM stacks├──stylua.toml StyLua formatter config (Lua files)├──tests/ Test suites│ └──gcp/ Tests for gcp/│ └──install-nixos-test.sh bashunit tests for install-nixos.sh└──tsconfig.json TypeScript compiler configuration, used by Pulumi
Aside from this README.md, the other main docs are:
- CLAUDE.md: detailed instructions for AI coding agents to understand this repository. Humans may find it useful too
- GCP_USAGE.md: explains how to create a new Pulumi Stack and a set of GCP resources for a new GCP virtual machine running NixOS
- Currently, this repo contains config for:
- A GCP VM named
coralin gcp/coral/configuration.nix - A MacBook Pro named
cyanin mac/cyan/configuration.nix
- A GCP VM named
I tried it already and didn't like it, Specifically, I tried running NixOS in a VM in VMWare Fusion and Parallels.
Although it worked, I realized that I prefer the simplicity of using nix-darwin on macOS. There seemed to be too many bugs and workarounds needed to make Parallels Tools or VMWare Tools properly.
Home Manager adds another layer of unnecessary complexity for me. I can't remember all of the Nix options specific to Home Manager. And althought I could, I just don't want to spend unnecessary time reading through the Nix configuration in Home Manager.