Using NixOS Flakes The Wrong Way

Mark Taguiad
Mark Taguiad May 24, 2026 · 4 min read
Info
It’s been a while since I last updated this blog and recently I’ve been spending more time experimenting with NixOS Flakes. If you are curious about my setup, feel free to checkout my repo.
imagen

This is a poor attempt to use Flakes in NixOS-the learning curve is just steep. Will update this post once I really know what I’m doing.

Table of Contents

Enable flakes first in configuration.nix.

1nix.settings.experimental-features = [ "nix-command" "flakes" ];

Then rebuild.

1nixos-rebuild switch

Create flake structure, I’m using marilag server.

 1[root@marilag:/etc/nixos]# tree .
 2.
 3├── flake.lock
 4├── hosts
 5│   └── marilag
 6│       ├── configuration.nix
 7│       └── hardware-configuration.nix
 8└── modules
 9    ├── hardware.nix
10    ├── networking.nix
11    ├── services.nix
12    └── users.nix
13
144 directories, 8 files

Move configuration.nix and hardware-configuration.nix to /etc/nixos/hosts/marilag.

1cd /etc/nixos
2mv configuration.nix hosts/marilag 
3mv hardware-configuration.nix hosts/marilag

Create the configurations.

flake.nix

 1{
 2  description = "Marilag NixOS server";
 3
 4  inputs = {
 5    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
 6    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
 7  };
 8
 9  outputs = { nixpkgs, nixpkgs-unstable, ... }: {
10    nixosConfigurations.marilag = nixpkgs.lib.nixosSystem {
11      system = "x86_64-linux";
12
13      modules = [
14         {
15            nixpkgs.overlays = [
16              (final: prev: {
17                unstable = import nixpkgs-unstable {
18                   inherit (final) config;
19                   inherit (final.stdenv.hostPlatform) system;
20                };
21              })
22            ];
23          }
24        ./hosts/marilag/configuration.nix
25        ./hosts/marilag/hardware-configuration.nix
26
27        ./modules/hardware.nix
28        ./modules/networking.nix
29        ./modules/users.nix
30        ./modules/services.nix
31      ];
32    };
33  };
34}

/etc/nixos/hosts/marilag/configuration.nix

 1{
 2  system.stateVersion = "25.11";
 3
 4  environment.systemPackages = with pkgs; [
 5    vim
 6    wget
 7    btop
 8    htop
 9    git
10    zip
11    unzip
12
13    virt-manager
14    libguestfs
15    dnsmasq
16    cloud-utils
17
18  ];
19
20  programs.nh = {
21    enable = true;
22    clean.enable = true;
23    clean.extraArgs = "--keep-since 4d --keep 3";
24    flake = "/etc/nixos";
25  };
26
27  environment.localBinInPath = true;
28  environment.pathsToLink = [ "/libexec" ];
29}

/etc/nixos/modules/networking.nix

 1{ config, pkgs, ... }:
 2
 3{
 4  networking = {
 5    hostName = "marilag";
 6
 7    networkmanager.enable = true;
 8
 9    useDHCP = false;
10
11    bridges.br0.interfaces = [ "enp0s31f6" ];
12
13    interfaces.br0.ipv4.addresses = [
14      {
15        address = "192.168.254.100";
16        prefixLength = 24;
17      }
18    ];
19
20    defaultGateway = "192.168.254.254";
21
22    nameservers = [
23      "1.1.1.1"
24      "8.8.8.8"
25    ];
26
27    firewall.checkReversePath = "loose";
28  };
29}

/etc/nixos/modules/users.nix

 1{ config, pkgs, ... }:
 2
 3{
 4  networking = {
 5    hostName = "marilag";
 6
 7    networkmanager.enable = true;
 8
 9    useDHCP = false;
10
11    bridges.br0.interfaces = [ "enp0s31f6" ];
12
13    interfaces.br0.ipv4.addresses = [
14      {
15        address = "192.168.254.100";
16        prefixLength = 24;
17      }
18    ];
19
20    defaultGateway = "192.168.254.254";
21
22    nameservers = [
23      "1.1.1.1"
24      "8.8.8.8"
25    ];
26
27    firewall.checkReversePath = "loose";
28  };
29}

/etc/nixos/modules/services.nix

 1{ config, pkgs, ... }:
 2
 3{
 4  # SSH server
 5  services.openssh = {
 6    enable = true;
 7
 8    ports = [ 22 ];
 9
10    settings = {
11      PermitRootLogin = "no";
12      PasswordAuthentication = true;  # later switch to false + keys
13    };
14  };
15
16  # Power management
17  services.power-profiles-daemon.enable = false;
18
19  services.thermald.enable = true;
20
21  services.tlp = {
22    enable = true;
23
24    settings = {
25      START_CHARGE_THRESH_BAT0 = 65;
26      STOP_CHARGE_THRESH_BAT0 = 80;
27
28      CPU_SCALING_GOVERNOR_ON_AC = "performance";
29      CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
30    };
31  };
32
33  # thinkfan
34  services.thinkfan = {
35    enable = true;
36
37    sensors = [
38      {
39        type = "hwmon";
40        query = "/sys/devices/platform/coretemp.0/hwmon/hwmon7/temp1_input";
41      }
42    ];
43
44    fans = [
45      {
46        type = "tpacpi";
47        query = "/proc/acpi/ibm/fan";
48      }
49    ];
50
51    levels = [
52      [ 0 0 45 ]
53      [ 1 43 50 ]
54      [ 2 48 55 ]
55      [ 3 53 60 ]
56      [ 4 58 65 ]
57      [ 5 63 70 ]
58      [ 6 68 75 ]
59      [ 7 72 80 ]
60      [ 127 78 32767 ]
61    ];
62  };
63}

/etc/nixos/modules/hardware.nix

 1{ config, pkgs, ... }:
 2
 3{
 4  boot = {
 5    loader.systemd-boot.enable = true;
 6    loader.efi.canTouchEfiVariables = true;
 7
 8    kernelParams = [
 9      "kvm-intel"
10      "mem_sleep_default=deep"
11    ];
12
13    kernelModules = [ "thinkpad_acpi" ];
14
15    extraModprobeConfig = ''
16      options thinkpad_acpi fan_control=1
17    '';
18
19    # IMPORTANT: keep default kernel first while stabilizing
20    # kernelPackages = pkgs.linuxPackages_6_12;
21  };
22
23  time.timeZone = "Asia/Manila";
24
25  i18n.defaultLocale = "en_US.UTF-8";
26  i18n.supportedLocales = [ "en_US.UTF-8/UTF-8" ];
27}

Rebuild system.

1nixos-rebuild switch --flake /etc/nixos#marilag