My computing environment, in code form. Nix & Ansible for my personal computer and my server.
Go to file
Tudor Roman d3e983e0d2
ceres: paswordless sudo
don't hack me pls
2023-06-04 21:12:07 +02:00
hosts ceres: paswordless sudo 2023-06-04 21:12:07 +02:00
modules ssh: only allow key authentication 2023-06-04 21:12:07 +02:00
secrets ceres: paswordless sudo 2023-06-04 21:12:07 +02:00
users home-manager: added 1password cli (includes wsl hack) 2023-06-03 23:22:44 +02:00
.gitignore get rid of ancient gitignore 2023-02-20 22:00:28 +01:00
.gitmodules remove startpage 2017-07-08 14:42:37 +03:00 readme: fix agenix link 2023-06-04 18:00:45 +02:00
default.nix working on a rewrite 2023-01-14 20:37:45 +01:00
flake.lock Remove any trace of emacs 2023-06-04 14:24:01 +02:00
flake.nix Provide all 3 deployment tools as flake packages 2023-06-04 14:40:19 +02:00 git: commit signing with ssh key 2023-06-04 20:21:03 +02:00

Tudor's Dotfiles / Nix configuration

This is my Nix configuration, which works both for NixOS and for Nix

Acknowledgements to for heavily inspiring the layout of this config.

Warning The configuration codified here was made to be used by me and only me. While I am publishing them to help others to learn Nix and dotfile management, copying them verbatim will likely produce an unusable system.



First, provision a machine with NixOS.



  1. Clone this repo somewhere on the machine.
  2. nix run .#nixos-rebuild -- boot --flake .#<hostname> --use-remote-sudo

Remote server:

  1. nix run .#deploy-rs -- .#<hostname>

Any other Linux distro for sane people

  1. Provision a machine with a "normal" Linux distro (my personal choice is Fedora)
  2. Install Nix (my installer of choice is nix-installer).
  3. Clone this repo somewhere on the machine
  4. nix run .#home-manager -- switch --flake .#tudor

Considerations for WSL

The WSL setup assumes that you have 1Password and npiperelay installed.

You can install npiperelay with winget:

winget install npiperelay

Considerations for encrypting secrets

Secrets are encrypted and used through agenix. When provisioning a new machine, make sure to take its host public key and rekey secrets accordingly.