Declarative System, Package & Home Configurations - WIP Always- Nix Flakes & Reproducibility – 100% Nix Flakes-based, reproducible builds, no channels required.
- Hybrid Infrastructure – Nix and Terraform define bare-metal, VMs, and cloud (GCP) resources.
- Automated Topology – nix-topology visualizes and manages network and host relationships.
- Custom Package Overlays – Overlays override upstream packages and define custom ones.
- Multi-Platform Support – Supports bare-metal, VMs, and WSL environments.
- User Home Management – Per-user declarative config with HomeManager.
- Zero Trust Networking – Tailscale mesh VPN with Tailscale Serve exposure for selected services.
- SOPS Secrets Management – Host secrets managed declaratively with sops-nix and age/SSH keys.
- Automated Cloud Backups – Service data backups to Google Cloud Storage via systemd timers.
- Self-Hosted CI Runners – Declarative GitHub Actions self-hosted runner support on NixOS hosts.
- Media & Home Services – Declarative modules for Immich, Frigate, Jellyfin, Home Assistant, and more.
- Security & Compliance – Hardened defaults, run0 integration, and SBOM-enabled package workflows.
- Continuous Integration – Automated checks and workflows with GitHub Actions and flake-native outputs.
- Automated Garbage Collection – System prunes old Nix store paths automatically.
- Desktop Environments – Wayland GNOME (and Niri) desktop environments.
This workspace follows the following structure:
├── assets # Static assets
├── home # User HomeManager modules
├── hosts # Host NixOS modules
├── infrastructure # Terraform infrastructure
├── modules # NixOS modules
├── pkgs # Package definitions
├── shells # Ad-hoc shells environments
├── flake.nix # Nix flake
├── lib.nix # Nix utils
├── overlays.nix # Package overlays
├── shell.nix # Workspace development shell
└── topology.nix # Topology module configuration