Most people think Nix on Mac is just package installation. nix-darwin lets you declaratively own system preferences, services, keyboard remapping, Homebrew, Dock layout, and more — rebuild and your entire Mac personality is back.
One of Nix's most underappreciated superpowers: run any package without installing it. No brew install, no apt-get, no commitment. Three tiers from one-shot commands to full dev environments — plus comma, direnv, and the workflow that inverts how you think about package management.
ProtonVPN assigns ports dynamically via NAT-PMP and they change without warning. A small Rust daemon keeps qBittorrent's listening port in sync, recovers from failures, and exports Prometheus metrics — all wired up as a NixOS module.
Private repos return a 404, not a 401, and you're debugging the wrong thing. Here's how to configure Nix access-tokens, manage them with sops-nix on NixOS and macOS, create properly-scoped GitHub tokens, and handle the edge cases — remote builders, the daemon, and fresh hosts.
Nix devShells inherit the user's login shell. If your flake defines shell functions or scripts without writeShellScriptBin, they silently break for anyone not running bash. Here's the fix — and the stricter variant you probably want instead.
Setting up a private Homebrew tap to distribute a Rust CLI tool — using Nix for reproducible cross-compilation across four platforms, GitHub Releases for binary hosting, and a release script that handles the whole thing.
Why the nixpkgs postgres_exporter might not be enough, and how to package pg_exporter from the Pigsty project as a NixOS module — with Nix-native YAML collector configuration, one-toggle Grafana dashboards, and Prometheus wiring.
Upgrading PostgreSQL across four major versions on a NixOS server using flake-native scripts — reproducible, atomic, and with human checkpoints where they matter.
Packaging a Rust CLI tool with Nix so it produces fully static Linux binaries (musl) and portable macOS binaries — no Nix store paths baked in, no runtime dependencies to chase.
Hard-won patterns for packaging Elixir releases with Nix, running multiple instances on the same host, and avoiding the pitfalls that NixOS makes easy to fall into.