NixOS is a Linux distribution with a unique package management system, Nix, offering precise control and reproducible configurations. It follows a declarative and functional programming approach, ensuring system reliability and easy rollback.
You could directly use this but it's better to extract the pieces you want in your own config. Checkout nix-starter-config for a good initial starting point for NixOS with flakes.
| Service | Description | Configuration |
|---|---|---|
| ACME | ACME server for internal TLS certificates. | acme.nix |
| AdGuard Home | Network-wide ad and tracker blocking DNS sinkhole. | adguard.nix |
| Blocklist | Manages a network-wide blocklist. | blocklist.nix |
| Firewall | Manages network traffic rules using nftables. | firewall.nix |
| Interfaces | Configures network interfaces and PPPoE. | interfaces.nix |
| ntopng | Network traffic monitoring tool. | ntopng.nix |
| Vaultwarden | Password manager (Bitwarden compatible). | vaultwarden.nix |
| WireGuard | VPN tunnel. | wireguard.nix |
| Service | Description | Configuration |
|---|---|---|
| Shiori | Bookmark manager. | archive.nix |
| Atuin | Shell history synchronization. | atuin.nix |
| Bincache | Caching for binary files. | bincache.nix |
| Radicale | CalDAV and CardDAV server. | calendar.nix |
| PostgreSQL, MinIO, pgAdmin | Database services and management. | database.nix |
| Changedetection.io | Website change detection and notification service. | detection.nix |
| Immich | Self-hosted photo and video backup solution. | immich.nix |
| Mastodon (glitch-soc) & Fedifetcher | Federated social media server. | mastodon.nix |
| Matrix Synapse | Secure, decentralized communication server. | matrix.nix |
| Jellyfin & Syncthing | Media server and file synchronization. | media.nix |
| Microbin | Self-hosted pastebin. | microbin.nix |
| Grafana, Loki, Promtail, Prometheus | Monitoring and logging stack. | monitoring.nix |
| Paperless-NGX | Document management system. | paperless.nix |
| Pingvin Share | File sharing service. | pingvin.nix |
| NFS | Network File System for sharing files. | shares.nix |
| ZFS & Syncoid | Manages ZFS filesystems and automated backups. | storage.nix |
| Service | Description | Configuration |
|---|---|---|
| Authoritative DNS | Authoritative DNS server. | authdns.nix |
| Derper | Tailscale DERP server. | derper.nix |
| Headscale | Self-hosted Tailscale control server. | headscale.nix |
| Gotify & smtp-gotify | Notification service with an SMTP bridge. | notifs.nix |
| Uptime Kuma | Service monitoring tool. | uptime.nix |
| Service | Description | Configuration |
|---|---|---|
| Authoritative DNS | Authoritative DNS server. | authdns.nix |
| Caddy | Reverse proxy and static file server. | caddy.nix |
| Derper | Tailscale DERP server. | derper.nix |
| Endlessh | SSH tarpit. | endlessh.nix |
| Pocket-ID | OIDC provider. | oidc.nix |
| Service | Description | Configuration |
|---|---|---|
| Bitcoin | Bitcoin node. | bitcoin.nix |
| Service | Description | Configuration |
|---|---|---|
| Cyberchef | The Cyber Swiss Army Knife. | cyberchef.nix |
| Home Assistant | Home automation platform. | hass.nix |
| IT-Tools | A collection of useful online tools for developers. | ittools.nix |
| NTP | Network Time Protocol daemon. | ntp.nix |
Start Ubuntu machine
users.users.martijn = {
initialHashedPassword = "$y$j9T$odaa/qh6qtG0EgcuoYg2Z0$Aji4299/VffEHOJeT71/OIvjHcDovCy.quKGuilQKo8";
};
SSHPASS=<pwd> nix run github:nix-community/nixos-anywhere -- --flake '.?submodules=1#shoryuken' --env-password root@<ip>
nix run nixpkgs#nixos-generators -- -f sd-aarch64 --flake '.?submodules=1#tenshin' --system aarch64-linux -o ~/pi.img
nix build .#nixosConfigurations.usyk.config.system.build.vm
nix repl
nix-repl> :lf /home/martijn/Nix
nix-repl> nixosConfigurations.[TAB]
borg list ssh://[email protected]/./repo
borg mount ssh://[email protected]/./repo ~/RWDir
fwupdmgr get-devices
fwupdmgr get-updates
fwupdmgr update