Contains NixOS configurations for the following targets:
How to target a host:
cd ~/nixos-config
sudo nixos-rebuild switch --flake .#nixos-orion && sudo shutdown -h now
Change nixos-orion to the host you want to target. See the nix flake for details.
How to clean up and remove old generations:
sudo nix-env --list-generations --profile /nix/var/nix/profiles/system
#or
sudo nixos-rebuild list-generations
sudo nix-env --delete-generations --profile /nix/var/nix/profiles/system +2
cd [to the nixos-config directory]
sudo nixos-rebuild boot --flake .
If nixos-rebuild hangs/crashes:
sudo nix-store --gc
nix-collect-garbage -d
sudo nix-store --verify --check-contents --repair
nix flake update --commit-lock-file
sudo nixos-rebuild boot --flake .
Don't forget to stage, commit or stash your changes before running nix flake update.
How to fix malformed database image:
cd /nix/var/nix/db
sudo nix-shell -p sqlite
#nix-shell
sudo sqlite3 db.sqlite ".backup 'db.bak.sqlite' "
sudo sqlite3 db.sqlite
#SQLite
sqlite> .output db.sql
sqlite> .dump
#nix-shell
sudo sqlite3 db.new.sqlite < db.sql
sudo mv db.new.sqlite db.sqlite
Here, custom functions & helper methods can be found. Ankarhem's function gets SSH keys from a public GitHub profile.
Modules intended to be used with Home Manager (home.nix).
The module contains the fish shell configurations. It includes the fuzzy finder plugin and smart abbreviations for common git commands. The shell suggests commands based on history and completions, in color. Read more at fishshell.com.
The module contains the git configuration. Change userName, userEmail and user.signingkey.
# Check if OpenPGP is set up with a signing key on your YubiKey and copy it.
gpg --card-statusThe module contains the gpg configuration. Add your own public keys and set the trust level.
The module enables SSH and contains references to the private keys for authentication and GitHub specific configuration.
# Check if FIDO2 is enabled
ykman info
Read more on how to set up your YubiKey:
Using a YubiKey is assumed. The name on your private keys should correspond to the configured identity files.
In Windows; ensure that you have an SSH key.
# Search your FIDO credentials for existing SSH keys
ykman fido credentials list -c | ConvertFrom-Csv | Select-Object credential_id, rp_id, user_name, user_display_name | Format-Table -AutoSizeIf you don't have an SSH key, you can create a new key-pair with this command:
ssh-keygen -t ed25519-sk -O resident -O application=ssh:github.com -O verify-required -C "YubiKey 5C NFC 12345678"Logged in to your NixOS host and with the YubiKey connected: Go to your home ssh folder and recreate the SSH keys:
cd ~/.ssh/
ssh-keygen -K
If the public key is uploaded to GitHub you can test your connection like this:
ssh -T [email protected]
Read more:
Modules intended to be used by system configurations ({host}/configuration.nix).
A module to configure NFS shares. fileshare.nix is setting up common shares at the private NAS
fileshare.se.
firewall.nix is a module used to open up the correct firewall ports for Spotify.
Sleep and Hibernation is creating problems so a common pattern used is to disable those functions.
A systemd service enables Wake on LAN with magic package on the network interface. The ethtool command is triggered during system boot.
The reboot-to-windows.sh script uses the bootctl tool to set Windows as the next UEFI boot entry, then reboots the
system. Since the latest NixOS generation is the default, this script is useful for remotely cold booting into Windows,
for example, after using Wake On LAN.
Here, SOPS secrets are stored, sorted by host.
This repository is set up to work with JetBrains Junie and Claude Code with the Model Context Protocol (MCP).
- The project-level MCP registry lives at:
.junie/mcp/mcp.json- It defines a server named
nixosthat is started with:mcp-nixos - It defines a server named
context7that is started with:context7 - It defines a server named
nuget-mcp-serverthat is started with:mcp-nuget
- It defines a server named