Almost every NixOS tutorial I encounter, be that blog or video, says to use Flakes and Home Manager. While that definitely speaks to the value of these tools, I find myself, instinctually, wanting to avoid them. I’ve attempted to get them working multiple time, and encountered more issues than they solved, for me. I interpret this to mean my knowledge and/or use case of NixOS is not ready for me to use these tools effectively. On top of that, something about a set of files that could all be put into a single unified config appeals to me (which flakes/hm can probably do too, but hopefully to get my vibe).
My reasoning aside, this has made me curious if there is some way for me to “backport” all these configs I encounter into my set of more default style configs. The primary goal I have that lead me to this is rootless Podman and declaring my containers in the config. If anyone has any guidance or resources you could point me to it would be much appreciated.
I don't see anything in your goals that would really require flakes or home manager. Maybe the podman containers, there seem to be some sharp edges around NixOS support for podman from what I can tell.
You might not want to share your entire config but you could share snippets of what you're trying to do and isn't working.
Moving on to more concrete suggestions:
If you aren't already doing so, you should be using the option search liberally. And you should also read the code of the modules and packages, at least sometimes. Sorry, I know nixpkgs Nix can be quite obtuse, but honestly without it I don't think it's possible to really grok how NixOS works.
Secondly, a lot of people seem to think you need flakes to configure multiple systems in one repo, but you can actually also do that just fine with stable nix using the
-Iflag. It's even possible to build an arbitrary Nix expression using the (unfortunately undocumented)-fand-Aflags like flakes would.Edit: For secrets, I would recommend using agenix, mostly just because it uses SSH instead of GPG. Instead you can also put them in a separate Nix file and gitignore that, but your secrets will end up in /nix/store that way which is a vulnerability if they're important (also Flakes also break this completely).
I already use Unix pass as my password manager and have a private git server for it. Is there a nice way to get that working with secrets in my config? I know that directly goes against the suggestion of SSH vs GPG, but I’ve already got lots of data saved within that system.