harivansh-afk/nix
1
1
Fork 0
mirror of https://github.com/harivansh-afk/nix.git synced 2026-04-15 10:05:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
my nix config
233 commits 71 branches 0 tags 4.7 MiB
Find a file
Harivansh Rathi 7652c25521
Some checks are pending
quality / changes (push) Waiting to run
Details
quality / Flake Check (push) Blocked by required conditions
Details
quality / Nix Format Check (push) Blocked by required conditions
Details
quality / Deploy netty (push) Blocked by required conditions
Details
forgejo: strip github tokens from mirror DB urls 
Keep tokens only in bare repo git configs where git fetch uses them.
The DB remote_address (shown in UI) now stores clean URLs. The mirror
sync script re-injects tokens into git configs every cycle and strips
them from the DB for newly migrated repos.
2026-04-06 16:39:38 +00:00
.github/workflows ci: use self-hosted netty runners for flake check and format 2026-04-05 11:39:32 -04:00
assets/wallpapers wallpaper theme (#68) 2026-04-05 15:05:16 -04:00
config no more dia (#66) 2026-04-04 13:45:14 -04:00
home version 2026-04-06 09:50:43 -04:00
hosts forgejo: strip github tokens from mirror DB urls 2026-04-06 16:39:38 +00:00
lib wallpaper theme (#68) 2026-04-05 15:05:16 -04:00
modules helium darwin (#67) 2026-04-04 19:21:49 -04:00
scripts wallpaper theme (#68) 2026-04-05 15:05:16 -04:00
.gitignore nvim fix 2026-03-31 00:09:59 -04:00
flake.lock Openclaw openclaw nix (#64) 2026-04-03 20:09:33 -04:00
flake.nix Openclaw openclaw nix (#64) 2026-04-03 20:09:33 -04:00
justfile sync/search agent history (#40) 2026-04-02 21:07:10 +00:00
README.md replace pi with openclaw (#60) 2026-04-03 15:16:16 +00:00

README.md

Nix Leveraging

Single dependency graph that owns a macOs laptop and a Linux KVM. Both collapse into the same reproducible interface.

The darwin host composes nix-darwin, home-manager, and nix-homebrew. The netty host composes nixosSystem, disko, and home-manager.

Global username, per-host metadata and feature flags are encoded as data so leaf modules never need ad hoc platform checks.

The machine surface is split into core, extras, and fonts.

claude-code-nix, neovim-nightly, disko, and nix-homebrew are pinned in the flake

Home Manager is the userland control plane. Rust, Go, Node, Python, AWS, and some other tools are routed into XDG-compliant paths. SSH and GPG permissions are locked down on every activation.

A migration module handles the cutover from legacy symlinks so nothing is left to clean up manually.

A single palette drives colors for Ghostty, tmux, fzf, zsh syntax highlighting, bat, and delta. A generated theme script hot-swaps light and dark across all of them.

Tool configs are repo-owned rather than scattered across $HOME. Global agent skills are installed declaratively using skills.sh and only resync when the manifest hash changes.

Secrets live in Bitwarden and are rendered at activation time using cli Deployment is just switch for the laptop and just switch-netty for the server.

All PRs auto-merge on creation if tests pass

The KVM has a declarative service bundle:

  • netty exposes 3 tcp ports (22:ssh, 80:http, 443:https)
  • services only listen on 127.0.0.1 (runs behind nginx with ACME)
  • Self hosts Forgejo mirroring to GitHub (git.harivan.sh)
  • Self hosts VaultWarden
  • betterNAS control-plane and node agent (api.betternas.com)
  • OpenClaw gateway behind nginx (netty.harivan.sh)