zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity
706 Commits 7 Branches 0 Tags
87db330e5bf79a86a4227a1816d5b63463fe6209
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Zuckerberg 87db330e5b Add sandboxed-workspace module for isolated dev environments 
Provides isolated development environments using either VMs (microvm.nix)
or containers (systemd-nspawn) with a unified configuration interface.

Features:
- Unified options with required type field ("vm" or "container")
- Shared base configuration for networking, SSH, users, packages
- Automatic SSH host key generation and persistence
- Shell aliases for workspace management (start/stop/status/ssh)
- Automatic /etc/hosts entries for workspace hostnames
- restartIfChanged support for both VMs and containers
- Passwordless doas in workspaces

Container backend:
- Uses hostBridge for proper bridge networking with /24 subnet
- systemd-networkd for IP configuration
- systemd-resolved for DNS

VM backend:
- TAP interface with deterministic MAC addresses
- virtiofs shares for workspace directories
- vsock CID generation
2026-02-07 22:43:08 -08:00
.gitea/workflows
Update to NixOS 24.05
2024-06-02 21:12:07 -06:00
common
Add sandboxed-workspace module for isolated dev environments
2026-02-07 22:43:08 -08:00
home
Add claude-code to personal machines
2026-02-07 22:37:35 -08:00
lib
Add basic nix utilities
2023-10-20 20:13:08 -06:00
machines
Add sandboxed-workspace module for isolated dev environments
2026-02-07 22:43:08 -08:00
overlays
Use upstream pykms and Actual Budget. Move Actual to s0. Add automated backups for Actual.
2025-03-29 18:36:13 -07:00
patches
Update nixpkgs
2026-01-11 14:25:03 -08:00
secrets
Update digitalocean key
2026-01-14 19:32:21 -08:00
skills/create-workspace
Add sandboxed-workspace module for isolated dev environments
2026-02-07 22:43:08 -08:00
.gitignore
Add .gitignore
2022-05-20 16:37:33 -04:00
CLAUDE.md
Add CLAUDE.md with project conventions
2026-02-07 22:36:11 -08:00
flake.lock
Add sandboxed-workspace module for isolated dev environments
2026-02-07 22:43:08 -08:00
flake.nix
Add sandboxed-workspace module for isolated dev environments
2026-02-07 22:43:08 -08:00
LICENSE
Add LICENSE
2021-05-21 13:01:02 +00:00
Makefile
Add activate deploy command
2026-01-24 14:58:40 -08:00
new_machine.md
Update install steps
2023-04-19 21:17:45 -06:00
README.md
If machine role is personal set de.enable = true; automatically
2025-03-28 20:16:26 -07:00
TODO.md
update TODOs
2023-04-23 10:16:54 -06:00

README.md

My NixOS configurations

Source Layout

  • /common - common configuration imported into all /machines
    • /boot - config related to bootloaders, cpu microcode, and unlocking LUKS root disks over tor
    • /network - config for tailscale, and NixOS container with automatic vpn tunneling via PIA
    • /pc - config that a graphical PC should have. Have the personal role set in the machine's properties.nix to enable everthing.
    • /server - config that creates new nixos services or extends existing ones to meet my needs
  • /machines - all my NixOS machines along with their machine unique configuration for hardware and services
    • /kexec - a special machine for generating minimal kexec images. Does not import /common
  • /secrets - encrypted shared secrets unlocked through /machines ssh host keys
Reference in New Issue View Git Blame Copy Permalink
Description
My NixOS configurations
Readme MIT 46 MiB
Languages
Nix 92.5%
Shell 6.9%
Makefile 0.6%