Skip to main content
Core modules provide the foundational configuration for your home environment. These modules handle identity, secrets, shells, and essential tools.

Git Configuration

The Git module manages your Git identity, signing configuration, and multi-identity workflows.

Options

core.git.userName
string
required
The Git username to use for commits.
core.git.userName = "john";
core.git.userEmail
string
required
The Git email address to use for commits.
core.git.userEmail = "[email protected]";
core.git.projectsDir
path
default:"~/Documents/Projects"
The directory where Git projects are stored. Used for multi-identity configuration.
core.git.projectsDir = "/run/media/john_doe/Projects";
core.git.extraIdentities
attrset
default:"{}"
Additional Git identities for different contexts (work, school, etc.). Each identity has its own signing key and is activated based on project directory.
core.git.extraIdentities = {
  work = {
    directory = "Work";
    name = "john_work";
    email = "[email protected]";
    signingKey = "ssh-ed25519 AAAA...";
  };
  school = {
    directory = "School";
    name = "john_school";
    email = "[email protected]";
    signingKey = "ssh-ed25519 AAAA...";
  };
};
Projects in ~/Documents/Projects/Work/ will automatically use the work identity.

Features

  • SSH Signing - Commits are signed with SSH keys by default
  • Delta Integration - Beautiful diff viewing with line numbers and side-by-side display
  • Smart Defaults - Histogram diff algorithm, auto-setup remote, pull rebase
  • Conflict Resolution - zdiff3 merge conflict style and rerere enabled
  • Multi-Identity Support - Different identities per project directory

Example Configuration

core.git = {
  userName = "soriphoono";
  userEmail = "[email protected]";
  projectsDir = config.home.homeDirectory + "/Projects";
  
  extraIdentities.work = {
    directory = "Work";
    name = "soriphoono-work";
    email = "[email protected]";
    signingKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5...";
  };
};

GitOps

Automate Home Manager configuration updates by syncing from a Git repository on a schedule.

Options

core.gitops.enable
boolean
default:"false"
Enable Home Manager GitOps synchronization.
core.gitops.enable = true;
core.gitops.repo
string
required
Git repository URL to fetch updates from.
core.gitops.repo = "https://github.com/user/homelab.git";
core.gitops.branch
string
default:"main"
Branch to pull from.
core.gitops.branch = "production";
core.gitops.interval
string
default:"15m"
Interval between syncs (systemd timer format).
core.gitops.interval = "30m";

Behavior

When enabled, a systemd user timer runs every interval and:
  1. Fetches latest changes from the Git repository
  2. Performs a hard reset to origin/<branch>
  3. Runs nh home switch to apply the configuration
The flake is expected to be located at ~/Documents/Projects/homelab.

Example

core.gitops = {
  enable = true;
  repo = "[email protected]:myuser/homelab.git";
  branch = "main";
  interval = "10m";
};

Secrets Management

Manage encrypted secrets using SOPS and age encryption.

Options

core.secrets.enable
boolean
default:"false"
Enable secrets management.
core.secrets.enable = true;
core.secrets.defaultSopsFile
path
required
Default SOPS file containing encrypted secrets.
core.secrets.defaultSopsFile = ./secrets.yaml;
core.secrets.ageKeyFile
path
default:"~/.config/sops/age/keys.txt"
Path to the age key file for decryption.On NixOS, this is automatically provisioned. On non-NixOS systems, you must ensure this file exists.
core.secrets.ageKeyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
core.secrets.environment.enable
boolean
default:"false"
Enable environment variable secrets in dotenv format.
core.secrets.environment.enable = true;
core.secrets.environment.sopsFile
path
SOPS file containing environment secrets.
core.secrets.environment.sopsFile = ./env-secrets.yaml;

Example

core.secrets = {
  enable = true;
  defaultSopsFile = ./secrets.yaml;
  ageKeyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
};

Shell Configuration

Configure Fish shell, Starship prompt, and Fastfetch system information display.

Options

core.shells.shellAliases
attrset
default:"{}"
Shell command aliases applied to all shells.
core.shells.shellAliases = {
  g = "git";
  k = "kubectl";
  ls = "eza";
};
core.shells.sessionVariables
attrset
default:"{}"
Environment variables to set for the user.
core.shells.sessionVariables = {
  EDITOR = "nvim";
  VISUAL = "nvim";
};
core.shells.fish.enable
boolean
default:"false"
Enable Fish shell configuration.
core.shells.fish.enable = true;
core.shells.fish.generateCompletions
boolean
default:"false"
Generate Fish shell completions.
core.shells.fish.generateCompletions = true;
core.shells.fish.shellInit
string
default:""
Extra commands to run on Fish shell initialization.
core.shells.fish.shellInit = "fastfetch";

Included Tools

  • Fish Shell - Modern, user-friendly shell with syntax highlighting
  • Starship - Minimal, blazing-fast prompt with Git status and context
  • Fastfetch - System information display with custom logo
  • Direnv - Automatic environment loading for projects
  • Eza - Modern ls replacement with Git integration
  • Btop - System resource monitor

Example

core.shells = {
  fish.enable = true;
  
  shellAliases = {
    g = "git";
    gc = "git commit";
    gp = "git push";
  };
  
  sessionVariables = {
    EDITOR = "nvim";
  };
};

SSH Management

Manage SSH keys, agent configuration, and integration with secrets.

Options

core.ssh.publicKey
string
default:"null"
Primary SSH public key for authentication and Git signing.
core.ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5...";
core.ssh.extraSSHKeys
attrset
default:"{}"
Additional SSH keys for different contexts. The private keys are provisioned from secrets.
core.ssh.extraSSHKeys = {
  work = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5...";
  school = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5...";
};

Features

  • Automatic Key Deployment - Public keys deployed to ~/.ssh/
  • Secrets Integration - Private keys provisioned from SOPS secrets
  • SSH Agent - Automatically started if not provided by the system
  • SSH Config Management - Handles OpenSSH permission requirements
  • Multi-Key Support - Multiple identity files for different services

Example

core = {
  secrets.enable = true;
  
  ssh = {
    publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ...";
    
    extraSSHKeys = {
      work = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID...";
    };
  };
};
Private keys should be stored in your secrets file: 
ssh:
  primary_key: |
    -----BEGIN OPENSSH PRIVATE KEY-----
    ...
    -----END OPENSSH PRIVATE KEY-----
  work_key: |
    -----BEGIN OPENSSH PRIVATE KEY-----
    ...
    -----END OPENSSH PRIVATE KEY-----

Health Checks

Validate environment configuration and warn about potential issues.

Options

core.checks.enable
boolean
default:"true"
Enable environment health checks.
core.checks.enable = true;
core.checks.checkAgeKey
boolean
default:"true"
Check if the age key file exists when secrets are enabled.
core.checks.checkAgeKey = true;

Checks Performed

  • Age Key Existence - Warns if secrets are enabled but the age key file is missing
  • Git Configuration - Ensures Git username and email are set
More checks may be added in future versions.

Default Packages

Core modules automatically install essential utilities:
  • Compression - p7zip, unrar
  • Fonts - Carlito, Liberation, Nerd Fonts (Aurulent Sans Mono, Sauce Code Pro)
  • Home Manager - Self-management and nh (Nix helper) for system operations

NH Configuration

The nh tool is configured for convenient Nix operations: 
programs.nh = {
  enable = true;
  clean = {
    enable = true;
    extraArgs = "--keep-since 5d";
  };
};
This automatically cleans old generations older than 5 days.

Build docs developers (and LLMs) love

Get started for freeTalk to us