- Nix 78.2%
- Shell 16.1%
- Lua 3.5%
- Just 1.4%
- CSS 0.8%
f7ba3a03f8
All checks were successful
nix-ci / build-fennel (push) Successful in 13s
nix-ci / build-fly (push) Successful in 32s
nix-ci / build-leek (push) Successful in 13s
nix-ci / build-moth (push) Successful in 35s
nix-ci / build-paprika (push) Successful in 12s
nix-ci / build-smgt-dev (push) Successful in 15s
nix-ci / build-yam (push) Successful in 38s
nix-ci / pr-diff-fennel (push) Has been skipped
nix-ci / pr-diff-fly (push) Has been skipped
nix-ci / pr-diff-leek (push) Has been skipped
nix-ci / pr-diff-moth (push) Has been skipped
nix-ci / pr-diff-paprika (push) Has been skipped
nix-ci / pr-diff-smgt-dev (push) Has been skipped
nix-ci / pr-diff-yam (push) Has been skipped
## Summary - Updated flake inputs: `nixpkgs,home-manager,catppuccin`. - Base branch: `main`. - Hosts with closure changes: fennel fly leek paprika yam ## nvd diff ### fennel ``` <<< result-base-fennel >>> result-update-fennel Version changes: [U.] #1 initrd-linux 6.12.85 -> 6.12.87 [U.] #2 linux 6.12.85, 6.12.85-modules x2, 6.12.85-modules-shrunk -> 6.12.87, 6.12.87-modules x2, 6.12.87-modules-shrunk [U.] #3 nixos-system-fennel 25.11.20260505.0c88e1f -> 25.11.20260510.8fd9daa [U.] #4 zoxide 0.9.8 -> 0.9.9 Closure size: 1294 -> 1294 (36 paths added, 36 paths removed, delta +0, disk usage +31.9KiB). ``` ### fly ``` <<< result-base-fly >>> result-update-fly Version changes: [U*] #1 forgejo-runner 12.9.0 -> 12.10.1 [U.] #2 initrd-linux 6.12.85 -> 6.12.87 [U.] #3 linux 6.12.85, 6.12.85-modules x2, 6.12.85-modules-shrunk -> 6.12.87, 6.12.87-modules x2, 6.12.87-modules-shrunk [U.] #4 nixos-system-fly 25.11.20260505.0c88e1f -> 25.11.20260510.8fd9daa [C.] #5 udev-rules <none> x2 -> <none> [U.] #6 zoxide 0.9.8 -> 0.9.9 Removed packages: [R.] #1 extra-utils <none> [R.] #2 initrd-fsinfo <none> [R.] #3 keymap <none> [R.] #4 link-units <none> [R.] #5 stage 1-init.sh [R.] #6 udhcp-script <none> Closure size: 2415 -> 2408 (42 paths added, 49 paths removed, delta -7, disk usage -36.0MiB). ``` ### leek ``` <<< result-base-leek >>> result-update-leek Version changes: [U.] #1 initrd-linux 6.12.85 -> 6.12.87 [U.] #2 linux 6.12.85, 6.12.85-modules x2, 6.12.85-modules-shrunk -> 6.12.87, 6.12.87-modules x2, 6.12.87-modules-shrunk [U.] #3 nixos-system-leek 25.11.20260505.0c88e1f -> 25.11.20260510.8fd9daa [U.] #4 zoxide 0.9.8 -> 0.9.9 Closure size: 1329 -> 1329 (36 paths added, 36 paths removed, delta +0, disk usage +30.7KiB). ``` ### paprika ``` <<< result-base-paprika >>> result-update-paprika Version changes: [U.] #1 initrd-linux 6.12.85 -> 6.12.87 [U.] #2 linux 6.12.85, 6.12.85-modules x2, 6.12.85-modules-shrunk -> 6.12.87, 6.12.87-modules x2, 6.12.87-modules-shrunk [U.] #3 nixos-system-paprika 25.11.20260505.0c88e1f -> 25.11.20260510.8fd9daa [U.] #4 zoxide 0.9.8 -> 0.9.9 Added packages: [A.] #1 initrd-fsinfo <none> Closure size: 1284 -> 1285 (37 paths added, 36 paths removed, delta +1, disk usage +33.7KiB). ``` ### yam ``` <<< result-base-yam >>> result-update-yam Version changes: [U.] #1 apache-httpd 2.4.66 -> 2.4.67 [U*] #2 firefox 150.0.1 -> 150.0.2 [U.] #3 firefox-unwrapped 150.0.1 -> 150.0.2 [U.] #4 initrd-linux 7.0.3 -> 7.0.5 [U.] #5 linux 7.0.3, 7.0.3-modules x2, 7.0.3-modules-shrunk -> 7.0.5, 7.0.5-modules x2, 7.0.5-modules-shrunk [U.] #6 nixos-system-yam 25.11.20260505.0c88e1f -> 25.11.20260510.8fd9daa [U.] #7 zoxide 0.9.8 -> 0.9.9 Added packages: [A.] #1 initrd-shadow <none> [A.] #2 initrd-shells <none> [A.] #3 unit-systemd-tmpfiles-setup-sysroot.service <none> Closure size: 3366 -> 3369 (61 paths added, 58 paths removed, delta +3, disk usage +46.4KiB). ``` Co-authored-by: forgejo-actions[bot] <forgejo-actions[bot]@0xee.cc> Reviewed-on: #20 |
||
|---|---|---|
| .forgejo/workflows | ||
| bin | ||
| config/terraform | ||
| home | ||
| lib | ||
| machines | ||
| modules | ||
| scripts | ||
| .envrc | ||
| .gitignore | ||
| AGENTS.md | ||
| flake.lock | ||
| flake.nix | ||
| iso.nix | ||
| justfile | ||
| proxmox.md | ||
| README.md | ||
Nix
Home-manager standalone
home-manager build --flake .#[system name]
home-manager switch --flake .#[system name]
NixOS
Installation on hardware
Build ISO
# Inside the nix/ directory
export NIX_PATH=nixos-config=$PWD/iso.nix:nixpkgs=channel:nixos-25.11
nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage
This will result in a ISO with settings from the iso.nix file. After the
build is done you can write the ISO image to a USB stick or similar. The build
command will output the Nix store path and it will also be available in
./result/iso/.
Boot and provision
Boot the ISO on the new system, find the host name and provision the device using nixos-anywhere.
First create a configuration for the system in machines/[name]/default.nix.
Then add the system to flake.nix. After that is done you can provision the device.
We also generate the hardware configuration for the system.
# Example with disk encryption and sops
# --disk-encryption-keys [target host key location] [current host key location]
nix run github:nix-community/nixos-anywhere -- \
--flake .#[system name]\
--disk-encryption-keys /tmp/secret.key <(cat /secret/password) \
--generate-hardware-config nixos-generate-config machines/[system name]/hardware-configuration.nix \
--copy-host-keys \
--target-host simon@[ip address]
# Example without disk encryption
nix run github:nix-community/nixos-anywhere -- \
--flake .#[system name]\
--generate-hardware-config nixos-generate-config machines/[system name]/hardware-configuration.nix \
--target-host simon@[ip address]
Reboot the system.
Making changes to a system
Update a remote system.
nix run nixpkgs#nixos-rebuild -- \
--target-host simon@[hostname] \
--sudo \
switch \
--flake .#[system name]
Update a local system
sudo nixos-rebuild switch --flake .#[systemname]
SOPS
Create age identity for your system:
mkdir -p $HOME/.config/sops/age/
read -s SSH_TO_AGE_PASSPHRASE; export SSH_TO_AGE_PASSPHRASE
nix run nixpkgs#ssh-to-age -- \
-private-key \
-i $HOME/.ssh/id_ed25519 \
-o $HOME/.config/sops/age/keys.txt
Display system age recipient (public key) for you system:
age-keygen -y $HOME/.config/sops/age/keys.txt
Get target host age recipient:
cat /etc/ssh/ssh_host_ed25519_key.pub | nix run nixpkgs#ssh-to-age
Configure sops:
nvim .sops.yaml
Edit secret file:
nix run nixpkgs#sops secrets/example.yaml
Investigate
Housekeeping
Remove old generations
When you make changes to your system, Nix creates a new system Generation. All of the changes to the system since the previous generation are stored there. Old generations can add up and will not be removed automatically by default. You can see your generations with:
$ nix-env --list-generations
To keep just your current generation and the two older than it:
$ nix-env --delete-generations +3
To remove all but your current generation:
$ nix-env --delete-generations old
Generation trimmer script
For a smart interactive script which can handle all the normally available profile types across NixOS and be more conservative and safe than the built-in Nix generations deletion commands, see NixOS Generations Trimmer.
Garbage collection
As you work with your system (installs, uninstalls, upgrades), files in the Nix store are not automatically removed, even when no longer needed. Nix instead has a garbage collector which must be run periodically (you could set up, e.g., a cron to do this).
$ nix-collect-garbage
This is safe so long as everything you need is listed in an existing generation or garbage collector root (gcroot).
If you are sure you only need your current generation, this will delete all old generations and then do garbage collection:
$ nix-collect-garbage -d
On NixOS, you can enable a service to automatically do daily garbage collection:
/etc/nixos/configuration.nix
nix.gc.automatic = true;
FAQ
HELP cache is down and I can't remove it!
If a substitute is down and you can't remove it from your configuration since it
uses the substitute you can run your build with --option build-use-substitutes false
nix run nixpkgs#nixos-rebuild -- \
--sudo \
switch \
--option build-use-substitutes false \
--flake .#yam