Modular NixOS configuration with host-specific facts, reusable feature bundles, Home Manager, and an optional private overlay.
This repository is split into two layers:
- A reusable public base for machines, users, feature bundles, and app toggles
- An optional
private/submodule for secrets, work-only services, and personal infrastructure
The public part builds without private/.
- New machine or new user: follow
docs/new-machine.md - Existing configured host:
sudo nixos-rebuild switch --flake .#$(hostname) - Optional CLI install:
nix profile install .#dot
Each machine lives in hosts/<hostname>/ and has three files:
facts.nix: identity and defaults such asusername,gitUsername,gitEmail,gpuProfile, keyboard layout, timezone, and optional SSH keysdefault.nix: feature bundles and machine-specific overrideshardware.nix: copied from/etc/nixos/hardware-configuration.nix
New hosts should start from hosts/template/.
The author's personal machines are kept separately:
hosts/laptop-82sn: personal laptophosts/ninkear: home server
Do not use laptop-82sn as a generic template unless you explicitly want the author's personal choices.
HOSTNAME="my-laptop"
git clone https://github.com/RomanVassilchenko/dotfiles ~/Documents/dotfiles
cd ~/Documents/dotfiles
cp -r hosts/template "hosts/$HOSTNAME"
cp /etc/nixos/hardware-configuration.nix "hosts/$HOSTNAME/hardware.nix"
# Edit hosts/$HOSTNAME/facts.nix
# Edit hosts/$HOSTNAME/default.nix
# Add the hostname to parts/nixos.nix -> hostNames
sudo nixos-rebuild switch --flake ".#$HOSTNAME"Detailed guide: docs/new-machine.md
Host default.nix files enable high-level bundles under features.*.
Available bundles in the public repo:
development: developer toolingdesktop: base graphical desktop supportkde: KDE Plasma desktop sessionproductivity: productivity defaults such as Bitwardencommunication: communication apps such as Telegram, Discord, and ZapZaphardware: hardware utility apps such as Solaarprinting: print supportstylix: system-wide themingwork: work-specific integrations if your private overlay provides them
App-level overrides live under features.apps.*. Current public app toggles include:
bitwardendiscordobsStudiosolaartelegramvirtManagerzapzap
Example:
{
features = {
development.enable = true;
kde.enable = true;
productivity.enable = true;
apps = {
telegram = {
enable = true;
autostart = true;
};
virtManager.enable = true;
};
};
}
.
├── flake.nix
├── parts/nixos.nix # Host registry and NixOS assembly
├── hosts/
│ ├── default/common.nix # Generic shared defaults
│ ├── template/ # Starting point for new machines
│ └── <hostname>/ # Real machines
├── features/ # Public feature bundles and app toggles
├── modules/core/ # System modules
├── modules/home/ # Home Manager modules
├── modules/drivers/ # GPU driver modules
├── config/ # App/editor configs symlinked into $HOME
└── private/ # Optional secrets and personal/work overlay
The repo exposes a dot CLI as a flake package.
nix profile install .#dot
dot rebuild --plain
dot rebuild --dry
dot rebuild-boot
dot update
dot cleanup
dot doctorServer-specific commands such as backup and remote rebuilds depend on private configuration.
This repository is organized so AI coding agents can help with day-to-day NixOS work without needing private secrets.
- Use agents to inspect modules, explain host wiring, suggest feature splits, and draft safe Nix changes.
- Keep secrets in
private/or another ignored location, and do not paste secret values into prompts. - Ask agents to run
nix eval,nix flake check --no-build, ordot rebuild --plainafter changes when practical. - Treat generated changes like normal code review: inspect diffs, keep commits focused, and verify before rebuilding important machines.
Repo-local agent resources live under .agents/ when present. They are optional helpers, not required to build the system.
private/ is optional and is auto-imported only when present.
Typical private/ content:
- agenix secrets
- work VPN and work Git configuration
- self-hosted services and infrastructure integration
- machine-specific secret material
If you only want the public configuration, skip private/ entirely.
