I have three NixOS machines:
- carokann: personal computer (Framework laptop).
- najdorf: server where I deploy my self-hosted apps.
- grunfeld: main RaspberryPi that serves as a snapcast server and a local backup.
The hosts communicate through Tailscale.
This repo is structured with flake-parts and haumea for automatic module/profile discovery, preserving all the convenience features from the original digga setup.
nixfiles/
├── hosts/ → Host configurations
├── modules/ → Custom NixOS modules
├── hm-modules/ → Custom home-manager modules
├── profiles/ → Reusable configuration profiles
├── pkgs/ → Custom packages
├── lib/ → Custom lib functions
├── overlays/ → Additional overlays
└── shell/ → Development shell
- Wayland compositor: hyprland
- Desktop shell: Caelestia
- Editor: kakoune
- Terminal: wezterm
- Shell: fish
- Browser: zen
Here's the list of the main services deployed through their NixOS modules:
I deploy some service as Docker containers through Arion:
Important data is backed up with Restic.
Create a bootstrap ISO for a personal computer run:
$ nixos-generate --flake '.#bootstrap' --format isoThen install NixOS:
$ cd nixfiles
$ sudo disko --mode destroy,format,mount -f '.#carokann'
$ sudo mount /dev/mapper/cryptroot /mnt
$ sudo mkdir /mnt/boot
$ sudo mount /dev/nvme0n1p1 /mnt/boot
# Generate the hardware config for reference, change what you need before install
$ sudo nixos-generate-config --root /mnt --dir /home/sweenu
$ sudo nixos-install --flake '.#carokann' --root /mnt
# Enroll your fingerprint
$ sudo fprintd-enroll <username>
# Enroll TPM2 for dm-crypt
$ sudo systemd-cryptenroll --tpm2-device=auto /dev/nvme0n1p2After logging in with tailscale and enabling SSH connections (sudo tailscale set --ssh), you can backup the important files:
- ~/.ssh
- ~/.local/share/fish/fish_history
- /etc/NetworkManager/system-connections (replace interface names:
sed -i 's/wlp166s0f0/wlp192s0/' *) - All documents from ~ that you want to keep
Create a ready-to-boot SD card for a RaspberryPi, do the following:
$ nixos-generate --flake '.#grunfeld' --format sd-aarch64 --system aarch64-linux
$ unzstd -d {the output path from the command above} -o nixos-sd-image.img
$ sudo dd if=nixos-sd-image.img of=/dev/sda bs=64K status=progressDeploy the server config to a new machine:
# Add an auth key file to the tailscale module for unattended login.
# Then run:
$ nixos-anywhere --copy-host-keys --flake '.#najdorf' root@<ip-address>
# Copy the old server's host key
$ scp 'root@najdorf:/etc/ssh/ssh_host_*' root@najdorf-1:/etc/ssh/
# Stop all running services, then:
$ ssh root@najdorf 'ssh-keyscan -H najdorf-1 >> ~/.ssh/known_hosts'
$ ssh -f root@najdorf 'rsync -Aavz /opt/ root@najdorf-1:/opt > /home/sweenu/rsync.log 2>&1 &'
# Transfer Postgres database
$ ssh root@najdorf 'sudo -u postgres pg_dumpall > /root/pgdump_all.sql'
$ scp root@najdorf:/root/pgdump_all.sql root@najdorf-1:/root/
$ ssh root@najdorf-1 'sudo -u postgres psql -f /root/pgdump_all.sql'
# I made all Docker volumes bind mounts in /opt in order for this command to be enough for migrating everything important.
# Uncomment services in hosts/najdorf/default.nix and comment the tailscale-login service line.
# Remove najdorf from tailscale and change the tailscale name from najdorf-1 to najdorf.
# Change DNS records to point to the new server (on Cloudflare, change the IP scope of the API token to the new IP).
# Finally:
$ deploy '.#najdorf'
$ ssh root@najdorf docker network create traefik
# All done!sudo ssh-keygen -t ed25519 -N "" -f /etc/ssh/initrd_ssh_host_ed25519_key
- Thanks to the digga people for making my life easier when I first started to use NixOS.
- Thanks to soramanew for the amazing caelestia shell and for the hyprland config from which I took liberally.