A modular and extensible NixOS configuration system using a custom star-based architecture. This repository contains my personal NixOS configurations for multiple machines and deployments.
.
βββ asterisms/ # High-level configuration combinations
βββ constellations/ # Machine-specific configurations
β βββ aquarius/ # Server configuration
β βββ cassiopeia/ # Desktop configuration
β βββ ursamajor/ # ISO configuration
βββ lib/ # Helper functions and core modules
βββ rockets/ # Development shells
βββ secrets/ # Encrypted secrets (using sops-nix)
βββ stars/ # Modular configuration units
- Stars: Individual configuration modules that can be composed together
- Asterisms: Predefined combinations of stars for specific use cases
- Constellations: Complete system configurations for specific machines
- Rockets: Development environments for specific tasks
- Secrets: Encrypted configuration secrets managed with sops-nix
- NixOS or Nix with flakes enabled
- Git
- (Optional) sops for secret management
- Clone the repository:
git clone https://github.com/airone01/dotfiles2 ~/.config/nixos-
Review and modify the configuration:
- Choose or create a constellation in
constellations/ - Modify
flake.nixto include your system - Adjust hardware configuration as needed
- Choose or create a constellation in
-
Deploy the configuration:
# For an existing system
nixos-rebuild switch --flake .#hostname
# For a new installation
nixos-install --flake .#hostnameThe repository includes development shells for various tasks:
# For commit message linting
nix develop .#commitlint
# For Tauri development
nix develop .#tauriStars are the fundamental building blocks of this configuration. Each star is a self-contained NixOS module that can be composed with others.
# Example star structure
stars/
βββ gui/ # GUI-related configurations
β βββ gnome.nix
β βββ hyprland.nix
βββ cli/ # CLI tool configurations
β βββ nvim/
βββ core/ # Core system configurations
βββ sound.nixThe flake.nix provides:
- nixosConfigurations: System configurations for each machine
- packages: Installable packages and ISO images
- devShells: Development environments
Secrets are managed using sops-nix with age encryption:
- Secrets are stored in
secrets/ - Keys are configured in
.sops.yaml - Each constellation can access only its required secrets
This is my flake and it's mainly personal but contributions are welcome if you have spare time. Here's how you can help:
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Make your changes
- Run the following checks:
# Format code nix fmt # Verify builds nix flake check
- Commit your changes (following commitlint conventions)
- Push to your branch
- Open a Pull Request
This repository uses conventional commits. Each commit message should be structured as:
type(scope): description
[optional body]
[optional footer]
Types: feat, fix, docs, style, refactor, perf, test, build, ci, chore
Scopes: See .commitlintrc.yml for valid scopes
| Category | Task | Priority | Status |
|---|---|---|---|
| Documentation | Add installation guides for each constellation | High | π‘ Pending |
| Documentation | Add architecture diagrams | Medium | π΄ Not Started |
| Documentation | Create contribution guidelines | Medium | π΄ Not Started |
| Testing | Add GitHub Actions workflows | High | π΄ Not Started |
| Testing | Implement basic system tests | Medium | π΄ Not Started |
| Testing | Add Nix formatting checks | High | π΄ Not Started |
| Security | Implement firewall configuration | High | π΄ Not Started |
| Security | Add fail2ban configuration | Medium | π΄ Not Started |
| Security | Configure automatic security updates | High | π΄ Not Started |
| Security | Implement SSH hardening | High | π΄ Not Started |
| Backup | Add restic/borgbackup configuration | High | π΄ Not Started |
| Monitoring | Set up Prometheus + Grafana | Medium | π΄ Not Started |
| Updates | Configure automatic system updates | Medium | π΄ Not Started |
| Infrastructure | Add Hydra instance | Low | π΄ Not Started |
| Infrastructure | Add TeamCity instance | Low | π΄ Not Started |
| Infrastructure | Add Attic binary cache | Medium | π΄ Not Started |
| Infrastructure | Add Mastodon instance | Low | π΄ Not Started |
| Infrastructure | Add Matrix instance | Low | π΄ Not Started |
| Infrastructure | Add Lemmy instance | Low | π΄ Not Started |
| Infrastructure | Add Invidious instance | Low | π΄ Not Started |
| Infrastructure | Add SearXNG instance | Medium | π΄ Not Started |
| Infrastructure | Add Gitea instance | Medium | π΄ Not Started |
| Infrastructure | Add Jellyfin instance | Low | π΄ Not Started |
| Infrastructure | Add Vaultwarden instance | Low | π΄ Not Started |
| Infrastructure | Add Home Assistant instance | Low | π΄ Not Started |
| Infrastructure | Add Paperless-ngx instance | Low | π΄ Not Started |
| Infrastructure | Add Syncthing instance | Low | π΄ Not Started |
| Infrastructure | Add Calibre-Web instance | Low | π΄ Not Started |
| Infrastructure | Add Photoprism instance | Low | π΄ Not Started |
| Architecture | Figuring all of this out | High | π£ Always going on |
Legend:
- π’ Complete
- π‘ In Progress/Partial
- π΄ Not Started
- π£ Special
commitlint: For commit message lintingtauri: For Tauri application development (I use it for JS/TS as well)
# Rebuild the current system
./rebuild.sh <hostname>
# Build an ISO image
nix build .#ursamajor-install-iso
# Enter development shell
nix develop .#<shell-name>- Purpose: Home server
- Services: Caddy, planned hosting for various services
- Status: Active
- Purpose: Desktop workstation
- Features: GNOME desktop, development tools
- Status: Active
- Purpose: Installation ISO
- Features: Basic system for testing and installation
- Status: In Development
This project is open source and available under the Apache v2 license.
- NixOS for the amazing Linux distribution
- All the fantastic Nix community members who share their configurations
- NotAShelf for inspiration
- Contributors to all the tools and packages used in this configuration
