4.3 KiB
CLAUDE.md
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
What This Repo Is
A NixOS flake configuration managing multiple hosts (desktops, laptops, servers). All hosts share common settings via hosts/configuration_common.nix and are assembled in hosts/default.nix.
Common Commands
# Format all nix files
nix fmt
# Build a host configuration (no activation)
nixos-rebuild build --flake .#<host>
# Switch the current host
sudo nixos-rebuild switch --flake .#<host>
# Build a custom package
nix build .#<package>
# Edit an age-encrypted secret
agenix -e secrets/<path>.age
# Re-key all secrets after adding a new host key to secrets/secrets.nix
agenix -r
Architecture
Entry Points
flake.nix— defines inputs (nixpkgs stable=25.11, unstable, home-manager, agenix, lanzaboote, jovian-nixos, microvm, impermanence, noctalia) and callshosts/default.nixfornixosConfigurationshosts/default.nix— instantiates every host vialib.nixosSystem; contains themkHMhelper that wires home-manager into a host's modules list
Host Structure
Each host lives in hosts/<name>/:
default.nix— imports either../../modules/desktopor../../modules/server, sets the module options (myDesktop.*/myServer.*), and adds host-specific settingshome.nix— host-specific home-manager config (merged withhosts/home.nixfor desktops orhosts/home_server.nixfor servers)hardware-configuration.nix— generated hardware config
Shared host-level files:
hosts/configuration_common.nix— applied to every host: SSH (key-only, no root), locale, nix GC/settings, zsh, fonts, auto-upgrade flake URLhosts/home.nix— desktop home-manager basehosts/home_server.nix— server home-manager base
Module System
Two top-level NixOS modules expose all major knobs as typed options:
modules/desktop/default.nix — myDesktop.*
windowManager:"niri"(default) |"sway"|"kde"cpu:"amd"|"intel"|"none"— selects KVM kernel paramsvirtualisation.enable— podman (docker-compat) + qemu/libvirt + virt-managersyncthing.{enable,devices,folders}openrgb.{enable,motherboard}laptop.{enable,lidSwitch,hibernateDelaySec}nitrokey.enableniri.hotkeyVariant:"default"|"lifebook"git.signingKey— SSH key for commit signingextraSystemPackages
modules/server/default.nix — myServer.*
sshPort(default 2220)virtualisation.{enable,cpu}— podman only (no libvirt)fail2ban.enableautoUpgrade.enable(default true)uid,sudoRequiresPassword,extraGroups,extraSystemPackages
Service bundles are imported as lists in host default.nix:
modules/services/server/— kabtop services (gitea, nextcloud, matrix, coturn, hydra, mealie, etc.)modules/services/nas/— jupiter services (nfs, vaultwarden, syncthing, paperless)modules/services/dmz/— dmz services (gitea runner microVM)modules/services/kabtopci/— kabtopci services (hydra, gitea runner)modules/services/nasbackup/— nasbak backup jobs
Secrets (agenix)
secrets/secrets.nix declares which age public keys (users + host SSH keys) can decrypt each .age file. Add a new host: add its ssh-ed25519 host key to secrets/secrets.nix in the relevant groups, then run agenix -r to re-key.
Custom Packages & Overlays
packages/— custom packages (e.g.corosync-qdevice), imported atflake.nixleveloverlays/— nixpkgs overlays applied globally- Per-host overlays: set
nixpkgs.overlaysinside the host'sdefault.nixso only that host is affected
Disk Layouts
disko/ contains reusable disko modules: btrfs.nix, btrfs_luks.nix, nas_luks.nix — referenced during initial install.
Active Hosts
| Host | Role | WM / Notes |
|---|---|---|
| hades | Desktop | niri, AMD, Secure Boot (lanzaboote) |
| lifebook | Laptop | niri, Intel, Secure Boot |
| steamdeck | Gaming | KDE/Jovian-NixOS, Secure Boot |
| kabtop | Main server | gitea, nextcloud, matrix+bridges, coturn, hydra, mealie |
| kabtopci | CI server | hydra, nix-serve |
| jupiter | NAS | nfs, vaultwarden, syncthing, paperless |
| dmz | DMZ | gitea Actions homerunner microVM |
| nasbak | NAS backup | — |
| kubemaster-1 | K8s master | — |
See SERVICES.md for port-level service details per host.