sifrOS is an opinionated but modular framework for NixOS, tailored to my use case. The goal is to create a reusable configuration for all my computer systems. This repository is modular, you should be able to set your username by setting a single option.
- Secure by default
- The system is configured to be secured by default, enabling firewall and hardening system and kernel settings.
- We aim with security through simplicity by using a minimal set of software per module.
- Firefox is configured to use uBlock Origin by default, and enable anti-fingerprinting settings, DuckDuckGo by default.
- Properly configured desktop environment
- Gnome only for now.
- Modular
- Components are separated by modules, and the configuration is available as Flakes.
- User information can be set as an option, username is not hardcoded.
- Clean
- The system follows a common theme and branding.
- A minimal boot screen, login menu, and desktop.
$HOMEis mostly de-cluttered, and XDG user directories (e.g. Desktop, Downloads) are simplified.
Systems managed by this flake.
| Name | System | CPU | RAM | GPU | Role | OS | State |
|---|---|---|---|---|---|---|---|
serow |
ThinkPad T590 | i7-8565U | 16GB | Intel UHD 8th Gen | 💻️ | ❄️ | ✅ |
tahr |
ThinkPad P1 Gen3 | i9-10885H | 32GB | NVIDIA Quadro T2000 | 💻️ | ❄️ | ✅ |
takin |
MacBook Pro | M2 Max | 64GB | M2 Max | 💻️ | | 🚧 |
goral |
VMWare Fusion | M2 Max | 64GB | M2 Max | 💻️ | ❄️ | ✅ |
duisk |
Vultr VPS | vCPU | 4GB | None | ☁️ | ❄️ | ✅ |
argali |
RPi 4B | BCM2711 | 8GB | None | ☁️ | ❄️ | ✅ |
boerbok |
Star64 | SiFive | 8GB | None | ☁️ | ❄️ | 🚧 |
There are two options:
- Gnome: For a fully featured, stacking, desktop environment.
- Sway: For a minimal, tiling, window manager & compositor.
To build Raspberry Pi 4 image:
nix build .#argali
- Use the regular NixOS installer image from nixos.org, install normally.
- Clone this repository and
cdinto it. - Copy over
/etc/nixos/hardware-configuration.nixtohardware/<hostname>.nix. - Copy over
/etc/nixos/configuration.nixtohosts/<hostname>.nix. - Make sure these two filenames match.
- Edit
flake.nixand add your system definition (copy an existing as a template). - Edit
hosts/<hostname>.nix, includesifrconfigurations. See other hosts for example.- Remove everything, including comments, stateVersion, and the import for hardware config.
- Only keep the
boot.loaderconfiguration. - Look at other hosts, should be a minimal file.
- For the first build, better to use
bootoption:sudo nixos-rebuild boot --flake .#<hostname>. Then reboot the system.
To rebuild, run the following in the repository directory:
doas nixos-rebuild switch --flake .#goral
These commands should be run after installing Nix, and cloning this repository. The commands should be run while in this repository.
First time run:
nix --extra-experimental-features 'flakes nix-command' run nix-darwin -- switch --flake .#takin
Then (without sudo):
darwin-rebuild switch --flake .#takin
- Disko for disk configuration
- Raspberry Pi image