my nix configs
Harald Hoyer
5a5cf269dc
The single TODO.md schema is replaced by a Linear-style folder layout matching the user's existing setup at /home/harald/git/bglga/TODO: TODO/ ├── README.md # category-grouped index (top-level only) ├── GAL-1.md ├── GAL-2.md └── … Each issue file has YAML frontmatter (id, title, status, parent, labels) and a body with optional sections (Sub-issues, Acceptance criteria, Integration test hints, Comments). The status set shrinks to Todo / In Progress / Done; Branch / PR / Priority / Assignee fields are gone. Comments are date-only. @pm gains directory-walking semantics (still scoped to TODO/), bash allowlist additions for git ls-tree and ls, and a propagation rule: status flips to/from Done update the dependent index — README.md for top-level issues, or the parent file's Sub-issues line for sub-issues. The workflow's Phase 1 sanity check now verifies TODO/, TODO/README.md, and TODO/<ID>.md all exist. Phase 2 reads the issue file and flips Todo to In Progress with index propagation. Phase 9 stages everything under TODO/ as a separate atomic chore(todo) commit, sets the status to Done (or leaves In Progress for incomplete runs), and adds a date + branch + commit comment. Failure handler routes through the same directory. |
||
|---|---|---|
| .secrets | ||
| config | ||
| homes | ||
| lib | ||
| modules | ||
| overlays | ||
| packages | ||
| systems | ||
| .gitattributes | ||
| .gitignore | ||
| .sops.yaml | ||
| CLAUDE.md | ||
| flake.lock | ||
| flake.nix | ||
| README.md | ||
NixOS Configuration
A modular NixOS configuration setup for multiple systems.
Project Structure
modules/: Reusable NixOS/Darwin modulescommon.nix: Common module imports and definitionsnixos/: NixOS-specific moduleshome/: Home Manager integration for NixOSnix/: Nix package manager configurationnix-ld/: Dynamic linking supportnetwork/: Network configuration modulesresolved/: DNS resolution configuration
security/: Security-related modulesssh-host-keys/: SSH host key management
services/: Service configuration modulesbase/: Basic system configurationgui/: Graphical interface setuphomeprinter/: Home printer supportpodman/: Container runtimesecureboot/: Secure boot configuration
sgx/: Intel SGX supportaesmd_dcap/: SGX AESMD DCAP servicepccs/: SGX Provisioning Certificate Caching Service
system/: System configuration modulesauto-upgrade/: Automatic system upgradeslimits/: System resource limitszram/: ZRAM swap configuration
tools/: Common tools configurationdirenv/: Direnv integrationgit/: Git configuration
user/: User account configurationvirtualization/: Virtualization support
home/: Home Manager modulescli-apps/: Command-line applicationsgui/: GUI application configurationtools/: User tools configurationuser/: User preferences
darwin/: Darwin-specific moduleshome/,nix/,security/, etc.
systems/: Individual system configurationsx86_64-linux/: Linux systems on x86_64aarch64-linux/: Linux systems on ARMx86_64-darwin/: macOS systems on x86_64aarch64-darwin/: macOS systems on ARM
homes/: Home Manager configurations for each user/systemlib/: Helper functions and utilitiesoverlays/: Nixpkgs overlayspackages/: Custom packages
Using the Configurations
Install a system via nixos-anywhere
$ nix run github:numtide/nixos-anywhere -- \
--flake 'git+https://git.hoyer.xyz/harald/nixcfg'.#hostname \
root@hostname --no-reboot --tty -i $HOME/.ssh/id_ed25519
... enter disk password
$ ssh -t root@hostname systemd-cryptenroll /dev/luksdev --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=1,15
Update NixOS system
$ nixos-rebuild --use-remote-sudo -L --show-trace --refresh --flake git+https://git.hoyer.xyz/harald/nixcfg boot
Update macOS system
$ darwin-rebuild -L --show-trace --refresh --flake git+https://git.hoyer.xyz/harald/nixcfg switch
Update home-manager configuration
$ nix --refresh run 'git+https://git.hoyer.xyz/harald/nixcfg' -- \
switch -b backup --flake 'git+https://git.hoyer.xyz/harald/nixcfg'