harivansh-afk/nix
1
1
Fork 0
mirror of https://github.com/harivansh-afk/nix.git synced 2026-04-18 11:02:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
nix/README.md
Harivansh Rathi 00338266e0
Some checks are pending
quality / changes (push) Waiting to run
Details
quality / Flake Check (push) Blocked by required conditions
Details
quality / Nix Format Check (push) Blocked by required conditions
Details
quality / Deploy netty (push) Blocked by required conditions
Details
feat: self-host delta at delta.harivan.sh 
Add delta systemd service on port 3300 with nginx reverse proxy,
ACME SSL, and WebAuthn/OAuth env config. Also update README with
current service list.
2026-04-16 02:30:13 +00:00

40 lines
1.7 KiB
Markdown
Raw Blame History

# Nix Leveraging
Single dependency graph that owns a macOs laptop and a Linux KVM.
Both collapse into the same reproducible interface.
The darwin host composes nix-darwin, home-manager, and nix-homebrew.
The netty host composes nixosSystem, disko, and home-manager.
Global username, per-host metadata and feature flags are encoded as data so leaf modules never need ad hoc platform checks.
The machine surface is split into core, extras, and fonts.
claude-code-nix, neovim-nightly, disko, and nix-homebrew are pinned in the flake
Home Manager is the userland control plane.
Rust, Go, Node, Python, AWS, and some other tools are routed into XDG-compliant paths.
SSH and GPG permissions are locked down on every activation.
A migration module handles the cutover from legacy symlinks so nothing is left to clean up manually.
A single palette drives colors for Ghostty, tmux, fzf, zsh syntax highlighting, bat, and delta.
A generated theme script hot-swaps light and dark across all of them.
Tool configs are repo-owned rather than scattered across $HOME.
Global agent skills are installed declaratively using skills.sh and only resync when the manifest hash changes.
Secrets live in Bitwarden and are rendered at activation time using cli
Deployment is `just switch` for the laptop and `just switch-netty` for the server.
All PRs auto-merge
The KVM has a declarative service bundle:
- netty exposes 3 tcp ports (22:ssh, 80:http, 443:https)
- services only listen on 127.0.0.1 (runs behind nginx with ACME)
- Self hosts Forgejo mirroring to GitHub (git.harivan.sh)
- Diff-kit (diffs.harivan.sh)
- Self hosts VaultWarden
- betterNAS control-plane and node agent (api.betternas.com)
- Hermes agent (netty.harivan.sh)
- Delta (delta.harivan.sh)
Reference in a new issue View git blame Copy permalink