zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity
714 Commits 7 Branches 0 Tags
869b6af7f7a9f16fb46f6dbebdfeeabe6141ffd7
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Zuckerberg 869b6af7f7 Block sandbox access to local network 
Add nftables forward rules to prevent sandboxed workspaces from
reaching RFC1918 private addresses while allowing public internet
and the host gateway (for DNS/NAT).
2026-02-09 20:16:02 -08:00
.gitea/workflows
Update to NixOS 24.05
2024-06-02 21:12:07 -06:00
common
Block sandbox access to local network
2026-02-09 20:16:02 -08:00
home
Add claude-code to personal machines
2026-02-07 22:37:35 -08:00
lib
Add Incus container support to sandboxed workspaces
2026-02-08 15:16:40 -08:00
machines
Disable tailscaleAuth for now because it doesn't work with tailscale's ACL tagged group
2026-02-09 19:57:20 -08:00
overlays
Use upstream pykms and Actual Budget. Move Actual to s0. Add automated backups for Actual.
2025-03-29 18:36:13 -07:00
patches
Update nixpkgs
2026-01-11 14:25:03 -08:00
secrets
Update digitalocean key
2026-01-14 19:32:21 -08:00
skills/create-workspace
Add sandboxed-workspace module for isolated dev environments
2026-02-07 22:43:08 -08:00
.gitignore
Add .gitignore
2022-05-20 16:37:33 -04:00
CLAUDE.md
Add Incus container support to sandboxed workspaces
2026-02-08 15:16:40 -08:00
flake.lock
Add use flake for fresh claude code
2026-02-09 18:04:09 -08:00
flake.nix
Add use flake for fresh claude code
2026-02-09 18:04:09 -08:00
LICENSE
Add LICENSE
2021-05-21 13:01:02 +00:00
Makefile
Add activate deploy command
2026-01-24 14:58:40 -08:00
new_machine.md
Update install steps
2023-04-19 21:17:45 -06:00
README.md
If machine role is personal set de.enable = true; automatically
2025-03-28 20:16:26 -07:00
TODO.md
update TODOs
2023-04-23 10:16:54 -06:00

README.md

My NixOS configurations

Source Layout

  • /common - common configuration imported into all /machines
    • /boot - config related to bootloaders, cpu microcode, and unlocking LUKS root disks over tor
    • /network - config for tailscale, and NixOS container with automatic vpn tunneling via PIA
    • /pc - config that a graphical PC should have. Have the personal role set in the machine's properties.nix to enable everthing.
    • /server - config that creates new nixos services or extends existing ones to meet my needs
  • /machines - all my NixOS machines along with their machine unique configuration for hardware and services
    • /kexec - a special machine for generating minimal kexec images. Does not import /common
  • /secrets - encrypted shared secrets unlocked through /machines ssh host keys
Reference in New Issue View Git Blame Copy Permalink
Description
My NixOS configurations
Readme MIT 46 MiB
Languages
Nix 92.5%
Shell 6.9%
Makefile 0.6%