v0.5.0
Personal NixOS and nix-darwin configurations for managing multiple machines with a unified, centralized setup.
Note: This is a personal configuration repository. While you're welcome to use it as reference, it's specifically tailored to my needs and setup.
π― Quick Start for Forkers: Edit
modules/options.nixto customise everything β username, email, git settings, desktop theme, packages, and more. Per-host overrides go inhosts/<hostname>/default.nix.
β¨ Centralized Configuration β All option defaults in modules/options.nix (single source of truth)
π DRY Principles β Zero duplication; the NixOS module system handles everything
π― Easy Customization β Change any default in one file, applies everywhere
π¦ Multi-System β Unified config for NixOS and macOS
π Unified Home Manager β Same shell, git, SSH config across all systems
π Secrets Management β Encrypted secrets with sops-nix
πΊοΈ Infrastructure Diagrams β Auto-generated topology SVGs via nix-topology
π οΈ Rust Tools β health-check, flake-bump, gen-diff maintenance utilities
- macmini β Apple Silicon Mac Mini (M2, 16 GB) β Main daily driver
- laptop β Dell Inspiron 3501 with KDE Plasma 6 β Secondary workstation
- server β Minimal headless server β Bluesky PDS, Forgejo, Nextcloud, Immich, Jellyfin, Cloudflare tunnel + hardened security
All options are declared with typed defaults in modules/options.nix.
Every system module reads values via config.myConfig.*;
home-manager modules use osConfig.myConfig.*. No custom
abstraction layer β it's plain NixOS module system.
To change a value for all hosts:
# modules/options.nix
timeZone = mkOption {
type = str;
default = "Europe/London"; # β change here
};To override for one host:
# hosts/laptop/default.nix
myConfig.gaming.enable = true;
myConfig.isDesktop = true;See lib/USAGE.md for patterns used in modules.
- NixOS: Install NixOS on your system
- macOS: Install Nix via the Determinate Nix Installer
mkdir -p ~/.config
curl -L \
https://github.com/ewanc26/nix/archive/refs/heads/main.tar.gz \
| tar -xz -C ~/.config
mv ~/.config/nix-main ~/.config/nix-config
cd ~/.config/nix-configNixOS:
sudo nixos-rebuild switch --flake .#laptop
sudo nixos-rebuild switch --flake .#servermacOS (first time):
sudo nix run nix-darwin -- switch --flake .#macminimacOS (subsequent):
sudo darwin-rebuild switch --flake .#macminiUses nix-topology to automatically
generate SVG diagrams of the infrastructure from the NixOS configurations.
Physical connections and networks that can't be inferred automatically are
defined in topology.nix.
Render the diagrams (must run on Linux β SSH to the server or use a remote builder):
# On the server:
ssh server
nix build ~/.config/nix-config#topology.x86_64-linux.config.output
# Or from macOS with the server as a remote builder:
nix build .#topology.x86_64-linux.config.output \
--builders 'ssh://server x86_64-linux'This produces two diagrams:
main.svgβ physical host/interface layoutnetwork.svgβ network-centric view showing which hosts share which networks
Updating topology:
Edit topology.nix to reflect physical changes (new cables, new networks, etc.).
Service and interface information is extracted automatically from the NixOS configs.
All defaults live in modules/options.nix β one option block per domain.
# Examples of what to edit
nano modules/options.nix # Username, timezone, packages, themes, etc.
nano hosts/laptop/default.nix # Enable gaming, desktop mode, etc.
nano hosts/server/default.nix # Enable server services
nano topology.nix # Physical network connections
nano settings/darwin/default.nix # macOS Dock, Finder, trackpad
nano settings/plasma/default.nix # KDE Plasma layout and behaviourSee docs/settings.md for the full guide and
docs/settings-config.md for the
complete option reference.
health-checknix flake update
# or selectively
flake-bump# Runs automatically weekly (configured in modules/common.nix)
cleanupUses sops-nix with age encryption.
- Secrets are encrypted with age using the host's SSH ed25519 host key
- Encrypted files in
secrets/are safe to commit - The key inventory and creation rules are in
.sops.yaml - Decrypted at activation via
/etc/ssh/ssh_host_ed25519_key
See docs/secrets.md for full details.
See docs/hosts.md. Quick summary:
- Create
hosts/YOUR-HOSTNAME/default.nix - Generate hardware config:
nixos-generate-config --show-hardware-config - Add entry to
flake.nixβnixosConfigurations - Add the host's interfaces/connections to
topology.nix - Build:
sudo nixos-rebuild switch --flake .#YOUR-HOSTNAME
| Input | Version |
|---|---|
| nixpkgs | nixos-25.11 |
| home-manager | release-25.11 |
| nix-darwin | nix-darwin-25.11 |
| sops-nix | latest |
| nix-topology | latest |
| plasma-manager | latest |
| catppuccin | latest |
| nix-vscode-extensions | latest |
| mac-app-util | latest |
- zsh with identical aliases, history, and key bindings on all systems
- SSH client configuration unified (connection multiplexing, agent integration)
- Git settings consistent across NixOS and macOS
- Starship prompt looks the same everywhere
- Ghostty terminal configured identically on Linux and macOS
- macOS: SSH keys loaded at login via LaunchAgent (
ssh-add --apple-load-keychain) - Linux desktop: SSH keys loaded at login via systemd + ksshaskpass/KWallet
- Server: No agent needed β SSH connections go into it, not out
- KDE Plasma settings only apply on Linux desktop
- Homebrew only on macOS
lib/USAGE.mdβ module patterns for developersdocs/settings.mdβ how configuration works (start here)docs/settings-config.mdβ full option referencedocs/REFERENCE.mdβ quick-reference command card
docs/hosts.mdβ hosts documentation indexdocs/hosts-overview.mdβ complete comparison of all three hostsdocs/hosts-modification.mdβ how to modify and add hostsdocs/hosts-laptop.mdβ Dell Inspiron 3501 (NixOS + KDE Plasma 6)docs/hosts-server.mdβ headless server setupdocs/hosts-macmini.mdβ macOS with nix-darwindocs/TAILSCALE-SSH.mdβ inter-host SSH over Tailscale
docs/settings.mdβ settings overviewdocs/settings-structure.mdβ why the config is modulardocs/secrets.mdβ secrets management