This repo provides flake apps and scripts as the primary interfaces. The
Makefile is a convenience wrapper for a few host/home build commands.
# Host builds
make nixos WHAT=frame
make darwin WHAT=mair
make nixos WHAT=beast REMOTE=false
# Local VMs (resolved via `local-<host>vm`)
nix run .#vm -- --help
nix run .#vm -- builder1
nix run .#vm -- --gui desk
nix run .#vm -- srvarr
nix run .#vm -- fana
nix run .#vm -- gw
nix run .#vm -- org
nix run .#vm -- beast
# Proxmox VM deploy
nix run .#prox-deploy -- srvarr prx1
nix run .#prox-deploy -- fana prx1
nix run .#prox-deploy -- gw prx1
nix run .#prox-deploy -- org prx1
# Disk and image helpers
nix run .#deploy -- --disko frame /dev/sdX
nix build .#pi-image -o pi5.sdUpdate multiple machines over SSH with nix run .#deploy (defaults to
--all):
# Update all personal machines (default)
nix run .#deploy -- -A
# Update all work machines
nix run .#deploy -- -A --work
# Update a subset interactively
nix run .#deploy -- -A --select
# Dry run (SSH check + disk estimate only)
nix run .#deploy -- -A --dry-runSecrets are managed via sops-nix, with one encrypted YAML per host under secrets/.
Use these commands:
# Bootstrap a host secret
nix run .#sops-bootstrap -- beast
nix run .#sops-bootstrap -- beast --user root
# Current host (detected from hostname)
nix run .#sops-cat
nix run .#sops-edit
nix run .#sops-update
# Explicit host
nix run .#sops-cat -- mair
nix run .#sops-edit -- mair
nix run .#sops-update -- mair
# Copy one section between host secrets
nix run .#sops-copy -- mair prx1-lab atticBackup and restore procedures are documented in docs/backup.md.
make linux-home TARGET=nv
make darwin-home TARGET=mair
nix run .#deploy -- --home nvTARGET must match a standalone Home Manager profile from
homeConfigurations (the part after ${USERNAME}@).
Run Bats checks:
system="$(nix eval --impure --raw --expr builtins.currentSystem)"
nix build ".#checks.${system}.bats-tests" --no-linkRun full flake checks (same entrypoint used in CI):
nix flake check -L --show-traceCI matrix selection rules and skip behavior are documented in .github/README.md.
All VMs run on Proxmox hosts and are deployed with prox-deploy (wrapper
around nixmoxer).
| Machine | Type | Purpose | Config | Includes |
|---|---|---|---|---|
pi5 |
NixOS (Raspberry Pi) | DHCP and network services for the lab. | nixos/pi5/default.nix | common, nixos |
beast |
NixOS (x86_64-linux) | NAS storage + Jellyfin/Jellarr server. | nixos/beast/default.nix | common, nixos |
nvws |
Proxmox host | Work Proxmox node configuration. Single node. Also serves as a remote x86_64-linux builder for work machines. | nixos/nvws/default.nix | common, nixos |
prx1-lab |
Proxmox host | Lab Proxmox node (cluster leader). | nixos/prx1-lab/default.nix | common, nixos |
prx2-lab |
Proxmox host | Lab Proxmox node (cluster member). | nixos/prx2-lab/default.nix | common, nixos |
prx3-lab |
Proxmox host | Lab Proxmox node (cluster member). | nixos/prx3-lab/default.nix | common, nixos |
| Machine | Type | Purpose | Config | Includes |
|---|---|---|---|---|
builder1 |
CI VM | Primary builder VM for CI and heavy Nix builds. | nixos/default.nix | common, nixos |
builder2 |
CI VM | Additional builder VM (same profile as builder1). |
nixos/default.nix | common, nixos |
builder3 |
CI VM | Additional builder VM (same profile as builder1). |
nixos/default.nix | common, nixos |
cache |
CI VM | Cache VM backed by NFS for binary caching. | nixos/cachevm/default.nix | common, nixos |
| Machine | Type | Purpose | Config | Includes |
|---|---|---|---|---|
mair |
macOS (aarch64-darwin) | Personal Mac workstation. | darwin/mair/default.nix | common, darwin |
mmini |
macOS (aarch64-darwin) | Mac mini workstation. | darwin/default.nix | common, darwin |
JGWXHWDL4X |
macOS (aarch64-darwin) | Work Mac. | darwin/default.nix | common, darwin |
frame |
NixOS (x86_64-linux) | Desktop workstation. | nixos/frame/default.nix | common, nixos |
desk |
NixOS VM | Minimal Xfce desktop VM for local GUI testing. | nixos/deskvm/default.nix | common, nixos |
Jellyfin and Jellarr run on beast.
| Machine | Type | Purpose | Config | Includes |
|---|---|---|---|---|
srvarr |
NixOS VM | Media automation stack (Arr suite). | nixos/srvarrvm/default.nix | common, nixos |
| Machine | Type | Purpose | Config | Includes |
|---|---|---|---|---|
fana |
NixOS VM | Local Grafana stack (Grafana + Prometheus + Loki + Alloy log shipping). | nixos/fanavm/default.nix | common, nixos |
gw |
Network VM | Minimal WireGuard gateway VM for remote LAN access. | nixos/gwvm/default.nix | common, nixos |
org |
NixOS VM | Org software VM. Starter service: Vikunja with Prometheus metrics scraped by fana. |
nixos/orgvm/default.nix | common, nixos |