Skip to content

ToDo

  1. https://2026.nixcon.org ?

  2. Ixo with GNOME

  3. NUC as khany: Permanently on, with Wireguard

  4. nrs script, which does sudo nixos-rebuild switch --flake . - AFTER checking that there are no dirty un-committed nixfiles AND that they have been pushed to the remote repo.

  5. Workstation 🖥️ with pam_u2f.so for sudo with SK

  6. Workstation 0.1 (on separate drive; but first backup ToNAS)

  7. ZFS; first in VM, then on BM https://wiki.nixos.org/wiki/ZFS

  8. nix GC automatically

  9. /nix on separate partition (or LV)

  10. How to do LUKS encryption?

boot.initrd.systemd.enable = true; # Required for modern systemd-cryptsetup
security.tpm2.enable = true;

$ sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 /dev/nvme0n1p2

  1. Impermanence with preservation, see vimjoyer

  2. https://wiki.nixos.org/wiki/Secret_Service, consider https://dewaldv.com/posts/2026-03-24-proton-pass-secret-service/ ?

  3. Cloud VMs? imports = [ "${modulesPath}/virtualisation/amazon-image.nix" ] ? See e.g. this announcement.

  4. Secure Boot!!

  5. Not possible to still dual boot Fedora?

  6. Does ssh-tpm-agent still work?!

  7. Ixo solve <> key map problem (how?)

  8. Ixo powersaving

  9. Blog about my NixOS experience (similar to this)

Workstations & Laptops

  1. Fix why locale-ch keyboard layout does not work in GNOME VM ... the Settings Keyboard does show ch-de, but the keys aren't mapped correctly. Perhaps this is more of a QEMU than a GNOME thing?

  2. Antigravity, but NOT via home-manager, see https://github.com/vorburger/dotfiles/commit/21aff996ef847ddeefbde2061f984446682ba1e3

  3. Ctrl-Backspace in Fish on Console (only; works over SSH)

  4. Alt Left/Right in nano

  5. Shift Up/Down, Alt Up/Down, Ctrl PgUp/PgDown https://gemini.google.com/app/394387d4e13b598c

  6. pass, via ext. YK

  7. True Colors!! Both on Console, and when logged in remotely over ssh in tmux

  8. Try services.howdy.enable = true; security.pam.services.sudo.howdyAuth = true;

  9. Sound OK? Home Manager services.pipewire (new, 2026-04-11; update) options for configuring the PipeWire server etc. https://github.com/vorburger/nixfiles/pull/6

  10. Home Manager services.syshud (new, 2026-04-12; update) A simple system status indicator for Wayland compositors.

Nix Common

  1. Login and go straight into TMUX

  2. tmux should remember open tabs over restart

  3. Compare pstree on Nix Console and Fedora in GNOME

  4. Cache on CI

  5. zensical a https://aifiles.vorburger.ch

  6. WiFi setup baked in into installer, as it now is for ixo

  7. Use sopsnix or agenix for secrets management (instead of nixos-anywhere --extra-files). Maybe together with https://github.com/Foxboron/age-plugin-tpm ?

  8. Try https://github.com/Foxboron/ssh-tpm-agent/issues/109

  9. Try https://yazi-rs.github.io

  10. Try https://github.com/microvm-nix/microvm.nix? See https://michael.stapelberg.ch/posts/2026-02-01-coding-agent-microvm-nix/.

Upstream

  1. Upstream configurations of any services et al. which ideally shouldn't be here at all

  2. ssh-tpm-agent: keyutils

  3. How to isolate? Merely building ssh-tpm-agent locally from nixpkgs (but probably even standalone) breaks ssh on OS.

  4. Add a system service for ssh-tpm-agent

Machines

  1. VM vorburger sudo password?! None - but enable this:
security.pam.sshAgentAuth.enable = true;
security.sudo.extraConfig = ''
Defaults env_keep += SSH_AUTH_SOCK
'';

  1. VM with UEFI instead of BIOS, and systemd-boot instead of GRUB

  2. nixos-rebuild ... --specialisation XYZ for different use cases?

  3. Clan!

  4. https://docs.clan.lol/guides/nixpkgs-flake-input/
  5. https://docs.clan.lol/guides/flake-parts/

  6. https://docs.clan.lol/guides/nixos-rebuild/

  7. Replace hostfwd=tcp::2222-:22 with proper bridged networking to get real IP address?

  8. Replace StrictHostKeyChecking=no with fixed hostkey from secret vault

  9. Have both unstable and fixed nix pkgs - for different hosts

  10. Try https://nixcademy.com/posts/auto-growing-nixos-appliance-images-with-systemd-repart/

Tools

  1. https://github.com/maralorn/nix-output-monitor

  2. https://github.com/ners/nix-monitored

  3. Formatters are a mess; tools/git-hooks.nix pre-commit and fmt.nix for nix fmt don't share .treefmt.toml config?

  4. Run nix flake check in pre-commit hook

  5. Replace devshells with devShells (Nix), after all?

  6. https://github.com/nix-community/nh ?

  7. https://github.com/evanlhatch/ng ?

  8. https://github.com/vic/flake-aspects ?

Clean Up

  1. Consolidate LearningLinux 🐧 repo and dotfiles/NixOS here.

Docs

  1. Publish e.g. to nix.vorburger.ch

  2. Move https://github.com/vorburger/LearningLinux/tree/develop/nix/docs here

  3. Move https://github.com/vorburger/LearningLinux/blob/develop/nix/bookmarks.md here

  4. Pre-process MD to automagically insert links on anything that looks like a local file path

  5. Have an attribute/option in the modules/**/*.nix to link to the relevant docs/*.md

  6. Extract commands from modules/demo/hello.nix into docs/hello.md etc.

  7. Run https://docs.enola.dev/use/execmd

  8. Automagically extract TODO list to MD

Low Priority / Nice to Have

  1. How to make nix faster? Try alt. impls?

  2. https://snowfall.org ?

  3. nixos-rebuild alternatives?

  4. Suppress (quiet) devshell menu

Future

  1. Enola.dev AI for https://github.com/NixOS/nixpkgs/pulls ?