I am really proud of my Nix config. In one repository, it describes all of my machines, including my desktop, laptop, and servers. Everything is deduplicated - my Emacs config is available everywhere (stripped down on servers), and other programs are configured consistently. To spin up a new box, all I need to do is boot up a custom NixOS image (configured through Nix to have my public keys baked in), and then run a single script to deploy my Nix configuration of choice to the machine. This custom NixOS image also contains a range of utilities that makes it useful as a live image that feels just like any of my servers. I even serve this custom image via a PXE server in my apartment. I can network boot into it without even needing to image a USB stick.
Like I said, I'm really proud of my Nix config. Even still, it lives in a private repository. This makes me sad - I want others to benefit from my Nix config too - but it also makes me most comfortable. I have a small reason for this, as well as a big reason.
Security through obscurity is the idea that by hiding a security flaw, you're safe from it. It's generally accepted that security through obscurity doesn't exist - given enough time, a bad actor can find the flaw regardless of the attempts you make to hide it. On the other hand, even if security through obscurity is insufficient as a single measure, it can at least add a layer to your swiss cheese.
This is the small reason why I don't share my Nix config. It gives a very detailed schematic of the architecture of my network - what boxes are running what, the precise versions of every piece of software I'm using, and even the exact configurations of each of them. In fact, from my Nix config, it would be possible to create basically a clone of my entire network - that's the whole point, after all - which could then be analyzed by a bad actor.
Now, I'm a pretty boring person. I don't think anyone is going to go through the effort of all of this just to attack me. Perhaps the more realistic threat are things that can be more easily abused. For example, all of my email addresses are written out in plain text in my config files. Some of these get absolutely no spam, and I'd like to keep it that way! I could store my email addresses more securely with something like agenix, but then I've made things a little more obtuse for myself. (And of course, my email addresses will still be available in the git history, unless I also rewrite master!)
Okay, so this is the much larger reason.
My machines are an extension of myself. When things are configured properly, it feels like there is no boundary between them and me. In fact, when I do feel that boundary, that's a sign that things aren't configured properly, or that I'm working in an environment that's too constrained for me to feel comfortable. And this is one of the reasons I love Nix - all of my machines behave the same, interacting with any of them feels warm and familiar, and I can operate efficiently.
The side effect of this is that my Nix config is basically a render of my brain. It encodes all of my idiosyncrasies - like the fact that I browse mail within Emacs, or all of the little tiny tweaks I've made to my software to make it just a little bit nicer for me specifically. The silly little arbitrary computer names that made me smile a bit, or the copy-and-pastes of my friend's configs that tells you a bit about my social network. It also contains artifacts of my physical being, like the little keyboard shortcut changes I've made because my hands are small. Even little moments of time and immortalized in my config, like when I found out I couldn't cross-compile for Raspberry Pi and had to frantically and hackily fix it so I could go back to the actual work I was trying to do.
None of this is especially private, and I'd be willing to give any one of these details to anyone that asked. It's all of it together that makes it feel intimate, in the same way that any one entry in a diary can feel mundane, but all of the entries combined can feel like something more.
A lot of my friends have been converting over to Nix slowly, and I've noticed they tend to run into problems that I've run into and have solved. I'll gladly send them snippets of my config and explain why I did what I did. It's just the whole config together that feels too overwhelming to give away.
And it's a shame, too, because I am really proud of my Nix config.