experimenting nix infrastructure
https://experimenting.website
- Nix 84.2%
- CSS 12.8%
- Scheme 1.3%
- Shell 0.7%
- Python 0.7%
- Other 0.2%
| aspect | ||
| dotfile | ||
| flake | ||
| package | ||
| puter | ||
| secret | ||
| user | ||
| .gitignore | ||
| .sops.yaml | ||
| AGENTS.md | ||
| flake.lock | ||
| flake.nix | ||
| justfile | ||
| README.md | ||
EXPERIMENTING
Infrastructure
My programming skill has always been googoogaagaa...
So I like to squash commit in published repo for my peace of mind hehehe
How it fits together
flake.nixgenerated byflake-fileflake/system/defines flake inputs, systems, and wiring.aspect/reusable NixOS and Home Manager aspects.puter/hosts, computers, machines.user/user aspects and user-owned metadata.package/local package definitions exposed throughpkgs.local.dotfile/live dotfiles linked with localsymlink-scannerflake.resource/gitignored notes, boilerplates, reference material.secret/SOPS-encrypted data.private/gitignored local-only config used during impure evaluation.zzz-sleep/parked or unused machine configs.
Common commands
Evaluate a host without building:
nix flake check --impure
My preferred way to rebuild system:
nh os boot ./ -H <hostname> --impure
For rebuild the VPS:
deploy .#<hostname> --impure
Regenerateflake.nix
nix run ./#write-flake --impure
Gotchas
- Use
--impurefor most repo evaluation. Some config imports gitignored files fromprivate/throughbuiltins.getEnv "PWD". - Run evaluation commands from the repo root unless you are intentionally testing path behavior.
abort-on-warn = trueis enabled, so Nix warnings can become hard failures.secret/secret.yamlis encrypted, but still avoid documenting secret values.