Darkone NixOS Framework

• The official documentation
• The french readme with a todo list

A multi-user, multi-services & multi-host configuration

• 🔥 Declarative, reproducible, immutable.
• 🚀 Ready-to-use modules.
• ❄️ Simple main configuration.
• 🧩 Consistent structure.
• 🌎 A full network.

This project is constantly evolving according to my needs. If you'd like to be informed about upcoming stable versions, please let me know on GitHub or by subscribing to my YouTube channel (FR). Thank you!

Main features

	Feature	Description
⚙️	Automated install	Fully automated host install / update with nixos-anywhere, disko & colmena
👤	User profiles	User profiles and modules with Home Manager (admin, gamer, beginner...)
🖥️	Host profiles	Host profiles (servers, containers, network nodes, workstations...)
🌐	Tailnet VPN	Full-mesh VPN with headscale + tailscale, independent subnets
🛡️	Ad-Free web	Secure, ad-free internet with AdguardHome and effective firewall
🧩	Single Sign On	SSO strategy with Kanidm: one identity for (almost) all services
🤗	Smart services	Immich, Nextcloud, Forgejo, Vaultwarden, Mattermost, Jellyfin, etc.
💻	Clean Gnome	NixOS hosts with streamlined GNOME UI + stable and useful apps
💾	3-2-1 Backups	Robust, simplified, and widespread backups with Restic
🏠	Homepage	Automated homepage -> quick access to all configured services

Under the hood

	Specificity	Description
❄️	Declarative & Immutable	Fully reproducible configuration based on Nix / NixOS and its ecosystem
🔑	Enhanced security	Simple and reliable security strategy powered by sops-nix
📦	High-level modules	High-level NixOS modules, easy to enable and configure
📐	Consistent architecture	Extensible and scalable architecture, consistent and customizable
✴️	Reverse proxy	Services distributed across network servers through Caddy proxies
🛜	Auto-networking	Zero-conf network plumbing (DNS, DHCP, firewall...) with dnsmasq

SSO status

• OAuth2 = supports OAuth2 / OIDC
• Native = no plugin or external component required; can be configured directly
• PKCE = supports PKCE
• Declarative = all settings can be declared in NixOS
• OK = works on my configuration

Application	OAuth2	Native	PKCE	Declarative	OK	Comments
Outline	✅	✅	✅	✅	✅	Works perfectly
Mealie	✅	✅	✅	✅	✅	Works perfectly
Vaultwarden	✅	✅	✅	✅	✅	Fill the right e-mail first
Matrix Synapse	✅	✅	✅	✅	✅	Works Fine (+Element +Coturn)
Immich	✅	✅	✅	⚠️	✅	Non-declarative configuration
Forgejo	✅	✅	✅	❌	✅	Non-declarative configuration
Nextcloud	✅	❌	❌	❌	✅	Requires a plugin, non-declarative
OAuth2 Proxy	✅	✅	✅	✅	⚠️	Multiple backends to resolve
Jellyfin	✅	❌	❔	❔	❔	Coming soon
Grafana	✅	❔	❔	❔	❔	Coming soon
AdGuard Home	❌	❌	❌	❌	❔	Via OAuth2 Proxy
Mattermost	❌	❌	❌	❌	❌	No more OAuth2 for the TEAM edition

Homepage screenshot

One configuration for a full network

Just commands

Main command for DNF administrator:

Available recipes:
    [apply]
    apply on what='switch'                         # Apply configuration using colmena [alias: a]
    apply-local what='switch'                      # Apply the local host configuration [alias: al]
    apply-verbose on what='switch'                 # Apply force with verbose options [alias: av]

    [check]
    check                                          # Recursive deadnix on nix files
    check-flake                                    # Check the main flake
    check-statix                                   # Check with statix

    [dev]
    cat host=''                                    # Clean + git Amend + apply-local (or on host) + Test
    clean                                          # format: fix + check + generate + format [alias: c]
    develop                                        # Launch a "nix develop" with zsh (dev env) [alias: d]
    fix                                            # Fix with statix
    format                                         # Recursive nixfmt on all nix files
    generate                                       # Update the nix generated files
    pull                                           # Pull common files from DNF repository
    push                                           # Push common files to DNF repository

    [install]
    build-iso arch="x86_64-linux"                  # Build DNF iso image
    configure host                                 # New host: ssh cp id, extr. hw, clean, commit, apply
    configure-admin-host                           # Framework installation on local machine (builder / admin)
    copy-hw host                                   # Extract hardware config from host
    copy-id host                                   # Copy pub key to the node (nix user must exists)
    full-install host user='nix' ip='auto'         # New host: full installation (install, configure, apply)
    install host user='nix' ip='auto' do='install' # New host: format with nixos-everywhere + disko
    install-key host                               # New host: format with nixos-everywhere + disko
    passwd user                                    # Update a user password
    passwd-default                                 # Update the default DNF password
    push-key host                                  # Push the infrastructure key to the host

    [manage]
    enter on                                       # Interactive shell to the host [alias: e]
    fix-boot on                                    # Multi-reinstall bootloader (using colmena)
    fix-zsh on                                     # Remove zshrc bkp to avoid error when replacing zshrc
    gc on                                          # Multi garbage collector (using colmena)
    halt on                                        # Multi-alt (using colmena)
    reboot on                                      # Multi-reboot (using colmena)