CrazyChaoz/NixOS-Configuration
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
This repo contains the general config for all machines I have with NixOS
14 commits 1 branch 0 tags 153 KiB
Find a file
Stefan Kempinger 8fde10cc50 Enable libvirtd and add inspection tools 
Rename group "libvirt" to "libvirtd".
Add diffoscope and nix-index to systemPackages.
Replace hplipWithPlugin with hplip.
Enable spice USB redirection and add pkgs.virtiofsd to
virtualisation.libvirtd.qemu.vhostUserPackages.
2026-01-28 15:49:03 +01:00
heimserver Enable Scrutiny, InfluxDB2 and homepage dashboard 2026-01-25 23:42:34 +01:00
kemptop Enable libvirtd and add inspection tools 2026-01-28 15:49:03 +01:00
wohnzimmer Enable OpenSSH and allow SSH access 2026-01-24 13:50:48 +01:00
flake.lock Add README and update kemptop configuration 2026-01-27 12:19:27 +01:00
flake.nix add wohnzimmer config 2026-01-23 19:27:08 +01:00
readme.md Add README and update kemptop configuration 2026-01-27 12:19:27 +01:00

readme.md

NixOS Configurations

This repo contains NixOS system configurations for multiple machines, managed via flakes.

Systems:

  • heimserver — Home server for selfhosting, home automation, and network monitoring
  • kemptop — Personal laptop/desktop focused on development and a modern desktop experience

heimserver (home server)

Home server used for:

  • Selfhosting services
  • Home automation
  • Network monitoring and DNS filtering
  • Media/photos

Role & characteristics

  • Runs as a headless, alwayson server
  • Uses static IP and acts as a central entry point into the home network
  • Uses ZFS for backup storage
  • Optimized for running containers and services, not desktop use

Notable services

  • Reverse proxy / TLS termination

    • nginx as the frontdoor for HTTP(S)
    • ACME integration for automatic TLS certificates
    • Hosts multiple domains/subdomains (e.g. main website, git, images)

  • Git hosting

    • Forgejo instance (selfhosted Git service)
    • Supports Git LFS
    • Automatic periodic dumps/backups into local backup storage

  • Photo management

    • Immich instance for photo backup & management
    • Data location backed up with Borg to ZFS storage

  • Home automation stack (via Podman containers)

    • Home Assistant
    • Matter server
    • Mosquitto MQTT broker
    • Frigate for camera/NVR functionality, with GPU acceleration

  • DNS & adblocking

    • AdGuardHome as networkwide DNS resolver and ad blocker

  • Network monitoring

    • NetFlow collector pipeline (netflow2ng) feeding into ntopng
    • ntopng for traffic analysis and network visibility
    • InfluxDB for timeseries storage
    • GeoIP update service to keep MaxMind databases current

  • Security

    • fail2ban for basic SSH/HTTP abuse prevention
    • SSH with keyonly authentication for root

System / Nix specifics

  • NVIDIA support configured, including container toolkit for GPU access from containers
  • Nix flakes and modern Nix features enabled
  • Automatic garbage collection with short retention to keep disk usage in check
  • system.configurationRevision wired to the flake revision when available
  • State pinned to NixOS 25.05 for backwards compatibility

kemptop (workstation / laptop)

Personal workstation configuration optimized for:

  • Software development
  • Graphical desktop applications
  • Virtualization and container workloads
  • Secure boot

Role & characteristics

  • Dailydriver laptop/desktop
  • Secure boot using lanzaboote + sbctl
  • Can build and run software for other architectures (e.g. aarch64-linux)
  • Better desktop/userexperience focus than the server

Desktop environment

  • COSMIC desktop as the main environment
  • Graphical login managed by the COSMIC greeter
  • Autologin configured for the main user (kemp) because of LUKS encryption
  • Audio via PipeWire
  • Flatpak enabled for additional apps
  • Printing with support for HP printers
  • mDNS/Avahi for local network service discovery
  • Fingerprint authentication integrated into login

Development & tooling

  • Full Rust toolchain and build system tooling
  • Large LaTeX/TeXLive setup for document preparation
  • Multiple IDEs/editors installed:
    • JetBrains IDEA
    • Android Studio
    • Zed
  • Container & virtualization tools:
    • Podman (with Dockercompat)
    • libvirt + virtmanager
  • Nixrelated tools:
    • Language servers for Nix
    • nix-ld configured to ease running foreign binaries
    • Extended Nix experimental features (flakes, caderivations, etc.)

Desktop applications

  • Multiple web browsers (Firefox with PipeWire support, Chrome, Tor browser)
  • Media and productivity apps (Spotify, VLC, LibreOffice, TeXStudio, etc.)
  • File management and system inspection tools (Nautilus, QDirStat, Mission Center, network scanners)
  • Theming and UX tools (e.g. adw-gtk3)

Shell & UX

  • Fish shell as primary interactive shell, autostarted from bash
  • Fish enhanced with plugins (fzf integration, git helpers, colorization, etc.)
  • System PATH and environment tuned via systemd.user.extraConfig

Power & firmware

  • Firmware updates enabled (fwupd)
  • Powertop integration for power tuning

System / Nix specifics

  • Uses the latest Linux kernel packages
  • Nix configured for multiple experimental features and flakes
  • State pinned to NixOS 25.05