NixOS Infrastructure as Code using the Dendritic Pattern, an organic configuration growth pattern with automatic module discovery. Powered by flake-parts.
All Nix files are flake-parts modules and are automatically imported via import-tree. Files prefixed with _ are omitted. No literal path imports are used, so files can be moved and nested freely.
This project uses a custom build script, build.sh, for validation and deployment:
./build.sh # validate and deploy
./build.sh --boot # install for next boot only
./build.sh --update # refresh metadata + update flake inputs
./build.sh --offline # Offline buildThe script runs a validation pipeline (format, pre-commit hooks, flake check) before deployment.
It refuses to run on a dirty worktree by default; use --allow-dirty to override.
--update intentionally allows dirty worktrees and does not auto-commit flake.lock.
Development commands:
| Command | Description |
|---|---|
nix develop |
Enter dev shell |
nix fmt |
Format files |
nix develop -c pre-commit run --all-files --hook-stage manual |
Run all hooks |
This repo uses a dual-module approach: NixOS modules install packages, HM modules configure them. To avoid duplicate installation, HM modules set package = null when supported.
See the App Modules Style Guide for details.
Secrets are managed with sops-nix. Encrypted payloads live in secrets/, a private git submodule, and are declared via sops.secrets.
See the sops documentation for usage instructions.
These root inputs pin shared dependencies used through .follows declarations. systems keeps the canonical nix-systems input name even though dependency inputs also follow it. Remove any dedupe_* input once no .follows declaration references it.
| Input | Followed By |
|---|---|
dedupe_flake-compat |
make-shell.inputs.flake-compat |
dedupe_flake-utils |
claude-desktop-linux-flake.inputs.flake-utils |
dedupe_nur |
stylix.inputs.nur |
systems |
dedupe_flake-utils.inputs.systems, stylix.inputs.systems |
The following files are defined in Nix and generated via mightyiam/files using nix develop -c write-files:
.actrc.githooks/post-checkout.gitignore.gitleaks.toml.sops.yamlREADME.md