Personal Settings and Tools all setup through NixOS + Home Manager

My personal NixOS settings and tools

NixOS Installer ISO

To build the iso, run:

docker run --rm -it -v $(pwd):/workspace -w /workspace nixos/nix sh -c "nix build --extra-experimental-features 'nix-command flakes' .#nixosConfigurations.installer.config.system.build.isoImage && cp result/iso/*.iso ."

The installer will guide through the process and at the end the machine should be ready to roll.

OS + Home manager

Apps like Neovim and Fish come already pre-configured from home-manager. All plugins and configurations are pre installed.

Secrets Management

Secrets are managed using sops-nix with a hybrid age + GPG setup:

• Age keys: Per-machine keys for automatic decryption at login
• GPG (YubiKey): Master key for bootstrapping new machines

First-time setup on a new machine

1. Clone the dotfiles repository
2. Plug in the YubiKey
3. Run the setup script:

   nix-shell -p age sops yq-go --run "fish ~/.dotfiles/home/secrets/sops-setup.fish"

4. The script will:
   • Generate a new age key for this machine
   • Update .sops.yaml with the new key
   • Re-encrypt secrets

Adding new secrets

1. Edit the secrets file:

   sops ~/.dotfiles/home/secrets/env.yaml

2. Add the new secret key to home/secrets.nix
3. Add the environment variable to the template in home/secrets.nix
4. Rebuild