Skip to content

arsfeld/nixos

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,415 Commits
.claude
.claude
 
 
.cursor/rules
.cursor/rules
 
 
.github/workflows
.github/workflows
 
 
.vscode
.vscode
 
 
blog
blog
 
 
common
common
 
 
docs
docs
 
 
flake-modules
flake-modules
 
 
home
home
 
 
hosts
hosts
 
 
just
just
 
 
modules
modules
 
 
overlays
overlays
 
 
packages
packages
 
 
scripts
scripts
 
 
secrets/sops
secrets/sops
 
 
tests
tests
 
 
.envrc
.envrc
 
 
.envrc.local
.envrc.local
 
 
.gitignore
.gitignore
 
 
.gitleaks.toml
.gitleaks.toml
 
 
.sops.yaml
.sops.yaml
 
 
AGENTS.md
AGENTS.md
 
 
CLAUDE.md
CLAUDE.md
 
 
GEMINI.md
GEMINI.md
 
 
HARDWARE.md
HARDWARE.md
 
 
README.md
README.md
 
 
buildMachines
buildMachines
 
 
flake.lock
flake.lock
 
 
flake.nix
flake.nix
 
 
installer-iso.nix
installer-iso.nix
 
 
justfile
justfile
 
 
kexec.nix
kexec.nix
 
 
migrate-home-to-ssd.sh
migrate-home-to-ssd.sh
 
 
mkdocs.yml
mkdocs.yml
 
 
nix-builders.conf
nix-builders.conf
 
 

Repository files navigation

NixOS Configuration

NixOS 25.11 Flakes Build

Personal NixOS configuration managing multiple machines using Nix Flakes and flake-parts.

Systems

Infrastructure

Host Role Hardware Status
storage Main server (media, databases, backups) Intel i5-1340P, 12c/16t, 32GB, ~45TB Online
basestar Public-facing services (*.arsfeld.dev) ARM Neoverse-N1, 4c, 24GB (Oracle Cloud) Online
router Network router Intel N5105, 4c, 8GB Offline
r2s Backup router + home automation Rockchip RK3328 ARM, 4c, 1GB Offline
pegasus Secondary server - Offline

Embedded

Host Role Status
octopi OctoPrint Offline
raspi3 Raspberry Pi 3 Offline

Desktops & Laptops

Host Role Hardware Status
raider Desktop (GNOME, gaming, dev) i5-12500H, RX 6650 XT, 32GB, ~4TB Online
blackbird ASUS ROG Zephyrus G14 laptop - Active

See HARDWARE.md for detailed disk and CPU specs.

Features

  • Modular Architecture - Opt-in constellation modules for services, media, backups, observability, and more
  • Auto-Discovery - Hosts and modules loaded automatically via haumea
  • Service Registry - Centralized port assignments, auth bypass, Tailscale exposure, and CORS config
  • Container Orchestration - Podman/Docker-based media stack with declarative volume and network config
  • DNS & Routing - *.arsfeld.one (internal via cloudflared), *.arsfeld.dev (public), *.bat-boa.ts.net (Tailscale)
  • Automated Deployments - Colmena (primary) with aarch64 cross-compilation, nixos-rebuild fallback
  • Secret Management - sops-nix with per-host and shared secrets
  • Binary Caching - Attic server for faster builds
  • Remote Builders - aarch64 builds via basestar host
  • Declarative Everything - Including disk partitioning (disko)
  • CI/CD - GitHub Actions builds all hosts, pushes to Attic cache, weekly flake updates

Quick Start

# Enter development shell
nix develop

# Deploy to one or more hosts
just deploy storage
just deploy storage basestar

# Build locally without deploying
just build <hostname>

# Fresh install on new hardware
just install <hostname> <target-ip>

# Format all Nix files
just fmt

Project Structure

flake.nix              # Flake entry point (nixpkgs-25.11, flake-parts)
flake-modules/         # Flake-parts modules
  lib.nix              #   Core utilities, haumea loaders, overlays
  hosts.nix            #   Auto-discovers hosts from hosts/ directories
  colmena.nix          #   Colmena deployment config
  deploy.nix           #   deploy-rs config (currently broken with Nix 2.32+)
  dev.nix              #   Development shell
  checks.nix           #   Pre-commit hooks, formatter
  images.nix           #   SD card, kexec, and installer ISO images
hosts/                 # Per-host configurations (auto-discovered)
modules/               # All NixOS modules (auto-loaded by haumea)
  constellation/       #   Opt-in feature modules
  services/            #   Service group modules (media, home apps, network)
  media/               #   Media stack (config, gateway, components)
home/                  # Home Manager configurations
packages/              # Custom Nix derivations (auto-loaded by haumea)
secrets/               # Encrypted secrets (sops/*.yaml)

Constellation Modules

Hosts compose their configuration by enabling modules via constellation.<module>.enable = true:

Module Purpose
common Base config: Nix settings, caches, SSH, Tailscale, Avahi
users User accounts, SSH keys, sudo
sops sops-nix secret management
docker / podman Container runtimes
backup Automated rustic/restic backups
gnome / cosmic / niri Desktop environments
gaming Gaming environment (Steam, etc.)
development Dev tools (Docker, Node, Python, Go, Rust)
virtualization / project-vms KVM/libvirt VMs
home-assistant Home automation
vpn-exit-nodes Tailscale exit nodes via AirVPN/Gluetun
observability-hub Central Prometheus/Loki hub
metrics-client / logs-client / netdata-client Observability agents
media-sync / tablet-sync File synchronization
opencloud / email Cloud storage, email

Tooling

Documentation

License

Personal use. Feel free to take inspiration for your own configurations.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

12 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages