Nix Config for YMRtech machines and services inspired by Misterio77's public nix-config
Find a file
2026-06-25 14:57:11 -06:00
hosts removed unnecesary things 2026-06-25 14:57:11 -06:00
secrets fixed otel auth and service 2026-05-30 11:49:01 -06:00
.sops.yaml added public age key 2026-05-23 21:54:21 -06:00
flake.lock updated flake 2026-06-25 14:35:55 -06:00
flake.nix added vpn to flake 2026-05-25 15:31:04 -06:00
nixpkgs.nix Initial commit 2026-05-23 17:50:04 -06:00
README.md added host info and links to readme 2026-05-28 11:18:41 -06:00
shell.nix Initial commit 2026-05-23 17:50:04 -06:00

built with nix

My NixOS configurations

Here's my NixOS config files. Requires Nix flakes.

Highlights:

  • Multiple NixOS configurations, including desktop, laptop, servers
  • Fully declarative self-hosted stuff
  • Deployment secrets using sops-nix
  • Mesh networked hosts with wireguard

About the installation

All my computers use a single btrfs partition, with subvolumes for /nix, /root and /home, except for my servers. They still use btrfs but the boot volumes on those are not encrypted

How to bootstrap

All you need is nix (any version). Run:

nix-shell

nixos-rebuild switch --flake .#<host> To build system configurations sops To manage secrets

Secrets

For deployment secrets (such as user passwords and server service secrets), I'm using the awesome sops-nix. All secrets are encrypted with an age key, as well as the relevant systems's SSH host keys.

On my desktop and laptop, and phone, I use self-hosted vaultwarden for managing passwords, only accessible to clients on my wireguard network

Tooling and applications I use

Most relevant user apps as daily drivers:

  • kitty
  • KDE Plasma
  • fish
  • KDE kate (IDE)
  • brave
  • bitwarden

Some of the services I host:

  • syncthing
  • uptime kuma
  • git
  • victoriametrics
  • mailserver
  • wireguard VPN

Overview of host sturctures

  • giga - daily driver Gigabyte Aero 15x laptop with RTX 3090 eGPU
  • command - Powerful desktop for running VMs and gaming (offline since late 2024 as it is in a closet in another country)
  • vpn - wireguard VPN tunnel host with adguard for DNS blocking and unbound for encrypted DNS server for all my other machines including my phone
  • public - Public facing host where most of my services live like syncthing (backups), vaultwarden (bitwarden server), forgejo (this git), uptime-kuma (infra uptime monitoring & alerting), mattermost (chat), etc
  • mail - ymrtech mailserver set up with nixos-simple-mailserver