Declarative, reproducible NixOS infrastructure managed as a single flake.
Machines auto-discovered from machines/, secrets encrypted with ragenix, deployed with Colmena.
| Host | Purpose | Arch | Hardware |
|---|---|---|---|
| alligator | Main desktop | x86_64 |
AMD Ryzen 7 5800X, RX 6800 XT, 32 GB |
| hamster | Laptop | x86_64 |
ThinkBook 14 |
| whale | Home server | x86_64 |
Xeon E5-2696v3, 64 GB, 25 TB+ storage |
| lizard | Dacha server | aarch64 |
Raspberry Pi 4B, 8 GB |
- Compositor — Niri (scrollable tiling Wayland)
- Shell — Zsh + Powerlevel10k, zoxide, fzf, eza, atuin, direnv
- Editors — VS Code, Zed
- AI tools — Claude Code, Codex, OpenCode
Whale runs a mix of native NixOS services and Podman containers via Quadlet.
🏗 Infrastructure
- Nginx — reverse proxy + ACME certificates
- CoreDNS — internal DNS
- PostgreSQL / MySQL
💬 Communication
- Simple NixOS Mailserver — full mail stack (Postfix, Dovecot, Rspamd)
- Matrix Synapse — decentralized chat
☁️ Apps
- Vaultwarden — password manager
- Nextcloud — file sync & collaboration
- Forgejo — Git forge
- SearXNG — metasearch engine
- Radicale — CalDAV / CardDAV
- Home Assistant — home automation
- ntfy — push notifications
🎵 Media
- Navidrome — music streaming
- qBittorrent — BitTorrent client
- Lidarr — music collection manager
- Prowlarr — indexer manager
- Slskd — Soulseek client
🤖 AI / Dev
- LiteLLM — LLM proxy
- Qdrant — vector database
- Woodpecker CI — continuous integration
- Pterodactyl — game server panel
📊 Analytics
🔧 Other
- BorgBackup — deduplicating backups
- Syncthing — file synchronization
- I2P — anonymous network
- WebTLO — torrent tracker management
- Remote Nix builder
Home automation at the dacha.
- Home Assistant — home automation
- Frigate — NVR with object detection
- Mosquitto — MQTT broker
- Yggdrasil mesh overlay between all machines
- Nebula VPN (whale is lighthouse)
- WireGuard tunnel on whale
- systemd-networkd everywhere, NetworkManager on laptops
machines/ Per-host configs (auto-discovered by the flake)
roles/
core/ Base system, networking, Podman, shell, Home Manager
desktop/ Desktop stack (imports core + dev)
dev/ Editors, AI tools, languages, LSPs
family.nix Family desktop role (user olga, Russian locale)
server.nix Server hardening (watchdog, sysctl, BBR)
profiles/ Reusable opt-in modules (bluetooth, libvirt, printing, ...)
server/ Native NixOS services for whale
apps/ Quadlet/Podman containers for whale
modules/ Custom NixOS modules (auto-exported)
hardware/ Hardware modules (auto-exported)
secrets/ Encrypted .age files (git submodule)
secrets.nix Public-key ACL for agenix
nh os switch # rebuild current machine
nh os build # build without switching
./deploy.sh <host> switch # deploy to a remote host
nix flake check # lint
treefmt # formatMIT