Welcome to my personal infrastructure repository. This is a fully declarative, reproducible system configuration powered by NixOS and Nix Flakes.
You might notice files containing -----BEGIN AGE ENCRYPTED FILE-----.
These are **NOT** private keys. They are encrypted ciphertext.
This repository uses SOPS with age encryption to manage secrets securely via GitOps practices.
- ~.sops.yaml~: sops configuration file. It defines the creation rules and maps files to the public keys used for encryption. It contains no secret data itself.
- ~secrets.yaml~: Contains the actual secrets encrypted with AES256_GCM. Decryption requires a specific private key stored offline (not in this repo).
This configuration targets multiple operating systems using a unified flake.
- NixOS (`sff-icient`): Main Linux workstation. Config in `hosts/nixos`.
- macOS (`macos`): MacBook environment managed by `nix-darwin`. Config in `hosts/macos`.
- Integrates with Homebrew for GUI apps and casks.
- Usage: `update` alias (runs `nix-darwin switch`).
User configuration is split to maximize code reuse:
- `home/shared.nix`: Core packages, dotfiles, and shell config shared across all systems.
- `home/nixos/`: Linux-specific settings (Gnome, media players, unfree packages).
- `home/macos/`: macOS-specific hacks, aliases, and dependencies.
To bootstrap a new machine:
./install-macos.sh(Or manually via `nix run –extra-experimental-features “nix-command flakes” nix-darwin – switch –flake .#macos`)
Routine update:
updateRoutine update:
sudo nixos-rebuild switch --flake .#sff-icient