visitor@book.rymcg.tech:~/nixos-workstation/introduction

Introduction

What is a workstation?

If a server is a machine whose role it is to serve applications to many people over a network, a workstation is a machine whose role it is to serve a local operator stationed at the computer.

A Linux workstation is therefore a personal computer that you use for “work”: development, administration, writing, research. Your workstation might be a desktop computer, a laptop, or even a headless VM that you SSH into. It is the role of the machine that matters, not its form factor.

A workstation is often used to develop network software, but its role is to serve only your local user account, for testing and development. Your workstation may be connected to a broader network, but it is primarily a client: a terminal, web browser, editor, and control panel for other systems – not a server for a wider audience.

These roles matter for both security and data hygiene. The two rules are simple: never keep production data on your work machine, and never work directly in production.

Bend those rules however you like, but do so knowingly. Otherwise, you will create unenviable new breeds: Sworkstations, Desktop Infrastructure, and Production Laptops. If you let a machine become a pet-with-ports, you may lose the ability to reason clearly about where it is deployed, what it contains, and who depends on it.

NixOS

Most Linux distributions are installed in a particular moment in time.

You begin with an installer, choose some packages, adjust a few settings, add repositories, copy in configuration files, and eventually reach a system that feels correct. A month later, you install one more tool. Six months later, you have forgotten why a service is enabled, which package provided a command, or whether a file in /etc came from you, the distribution, or an application that was feeling ambitious.

The machine works, but its configuration is no longer entirely described anywhere. It lives partly in package databases, partly in configuration files, partly in shell history, and partly in your memory. This is manageable for one machine – until it is not.

NixOS takes a different approach. Rather than treating the installed system as the source of truth, NixOS asks you to describe the desired system in code. Packages, users, services, fonts, desktop settings, kernel options, and much of the operating system itself can all be declared in config files. You describe the workstation you want; NixOS builds and activates it.

This is not magic. It is more like insisting that your computer keep its receipts. NixOS makes the entire system configuration reproducible by construction. It is similar to how Rust addresses memory safety: by making it mandatory to keep track of its ownership. NixOS makes it mandatory to track all of your configuration and package sources in a git repository, so that it is reproducible completely from a particular snapshot in time.

If you’ve ever programmed in JavaScript, you might be familiar with a file named package-lock.json. This file describes the exact version numbers of your application’s dependencies, and all of their dependencies recursively. This is for the integrity of your app, to make sure that when you install your app, you install the exact versions of the dependencies you need. NixOS does that too, but for the entire operating system!

A NixOS configuration can be stored in a Git repository, reviewed, copied to another machine, and rebuilt later. A new workstation does not need to become a fresh archaeological site where you rediscover every prior decision. Instead, it can start from the same configuration as your previous machine, with only the differences that its hardware or purpose require.

This makes NixOS especially useful for workstations. A workstation is personal, and personal configurations tend to accumulate. Your editor, shell, window manager, fonts, SSH settings, development toolchains, hardware quirks, command-line utilities, and small quality-of-life preferences all matter. On a conventional system, recreating that environment often means a long sequence of remembered installation steps. On NixOS, the goal is to make it an automated rebuild.

This system is designed around generations. When you change the configuration, NixOS builds a new system generation rather than mutating the current one in place. If the new configuration turns out to be wrong, inconvenient, or merely too clever, you can boot or switch back to an earlier generation.

This does not make mistakes impossible. It simply makes them less permanent.

NixOS is therefore a good fit for the kind of workstation described in this book: one that is clearly yours, reproducible from source, and safe to experiment with. You should be able to install a new machine, apply your configuration, and arrive at a familiar environment without performing a ritual reconstruction of your past self.

sway-home

This book is built around sway-home, which is EnigmaCurry’s personal NixOS configuration, packaged as a reusable library of modules: the Sway desktop and its companion programs (waybar, foot, rofi), a curated package set, shell and editor configuration, and the home-manager dotfiles that tie them together. Every machine you install depends on sway-home as a pinned flake input, so you get its defaults for free while keeping your own per-host configuration separate.

sway-home is used here as an opinionated base, not a finished product. It makes a particular set of choices – one person’s choices – so that the install has a concrete, working desktop to point at from the start. You are not expected to keep all of those choices. The intent is that you fork sway-home into your own copy and point your machines at it, then change the colors, swap the window manager, and add or remove programs to taste. Because the whole system is reproducible from source, such changes are deliberate, reviewable, and reversible.

// settings
theme:
fx: