# mrnossiom's NixOS and Home Manager configuration

# Options

```nix
{
	local.flags = {
		onlyCached = true; # bool; dictate if you are to compile pkgs or use cache
	};

	local.fragment."<name>".enable = true; # bool; dictate whether to enable a fragment
}
```

# Structure

- `apps`: Scripts serving dotfiles purposes
- `assets`: Media or files that don't fit in Nix files
- `home-manager`: Home Manager specific
	- `fragments`: Home Manager configuration fragments
	- `options`: Home Manager configuration flags
	- `profiles`: Base Home Manager configurations to build upon (e.g. `desktop`, `minimal`)
- `lib`: Additional custom lib and flake helpers
- `modules`: modules that fill a missing feature of NixOS or Home Manager
- `nixos`: NixOS related config
	- `hardware/<hostname>.nix`: Device-specific settings like settings generated by `nixos-generate-config`
	- `layout/<layout>.nix`: `Disko` disk layouts used by `managedDiskLayout` (e.g `luks-btrfs`)
	- `fragments`: Opinionated NixOS configuration fragments
	- `profiles/<profile>.nix`: Base system configurations to build upon (e.g. `laptop`, `installer`)
- `overlays`: Just plain Nix overlays
- `pkgs`: Custom packages either not eligible or missing from repositories
- `secrets`: `agenix` encrypted secrets
- `templates`: Quickstart files for different languages

# Quick snippets and guides for myself

## Add a new module

- Copy template and replace `<name>` with module name

	```nix
	{ config
	, lib
	, ... }:

	let
		cfg = config.local.fragment.<name>;
	in
	{
	  options.local.fragment."<name>".enable = lib.mkEnableOption ''
	    <name> related

	    Depends on:
			- [<Condition>] <dependency>: <reason>
			- ...
	  '';

	  config = lib.mkIf cfg.enable {
			assertions = [
				{ assertion = config."<dependency>"; message = "<name> module depends on <dependency>"; }
			];

			# put the rest of the config down below
		};
	}
	```

- Add the newly created file to Git.

- Add the new module to the import list in `<type>/fragments/default.nix`.

- Activate the module in the wanted profile.

## Bootstrap lightweight home-manager config

```
nix run nixpkgs#home-manager -- switch --flake .#lightweight
```

## Add a new device

- Rekey secrets with device root ssh key, and create a session age key.

## Make a backup

Pull up your favorite ArchaicBakup disc

- Set environnement variables

	`RESTIC_REPOSITORY`: `/run/media/user/discname/`
	`RESTIC_PASSWORD_FILE`: ?

- Initialize repository

	```bash
	restic init --repo /srv/restic-repo
	```

## Deploy server

```bash
nixos-anywhere --flake .#weird-row-server user@ip

nixos-rebuild switch \
	--flake .#weird-row-server \
	--target-host 2a01:4f8:c2c:76d2::1 \
	--use-remote-sudo
```

## LUKS reminders

- [Backup and Restore LUKS header](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore)

## Secure boot

- Lanzaboote
- [SystemD cryptenroll](https://wiki.archlinux.org/title/Systemd-cryptenroll)

---

Milo Moisson © 2023-2025