Nix-Wrapped Android Release Builds with Out-of-Repo Signing
How to use a Nix flake to pin the Android SDK, wrap Flutter release builds, keep signing material out of the repo, and add idempotent emulator helpers.
Blog
Prometheus Ecowitt Exporter on NixOS
Getting Ecowitt weather station data into Prometheus and Grafana with a Rust exporter and a NixOS module — with forwarding to Home Assistant and other receivers.
Crane: Nix Builds for Rust Without Losing cargo build
Using Crane to get reproducible Nix builds for Rust while keeping the standard Cargo workflow intact for developers who don't use Nix.
Running a Private OCI Registry on NixOS with Zot
Setting up a self-hosted, vendor-neutral container registry on NixOS using the Zot module — users, access control, retention, nginx, and monitoring included.
Everything You Can Set on macOS with nix-darwin
Most people think Nix on Mac is just package installation. nix-darwin lets you declaratively own system preferences, services, keyboard remapping, Homebrew, Dock layout, and more — rebuild and your entire Mac personality is back.
nix run and nix develop — Try Anything Without Installing It
One of Nix's most underappreciated superpowers: run any package without installing it. No brew install, no apt-get, no commitment. Three tiers from one-shot commands to full dev environments — plus comma, direnv, and the workflow that inverts how you think about package management.
Syncing qBittorrent Ports with ProtonVPN NAT-PMP on NixOS
ProtonVPN assigns ports dynamically via NAT-PMP and they change without warning. A small Rust daemon keeps qBittorrent's listening port in sync, recovers from failures, and exports Prometheus metrics — all wired up as a NixOS module.
Using Private GitHub Repositories with Nix Flakes
Private repos return a 404, not a 401, and you're debugging the wrong thing. Here's how to configure Nix access-tokens, manage them with sops-nix on NixOS and macOS, create properly-scoped GitHub tokens, and handle the edge cases — remote builders, the daemon, and fresh hosts.
writeShellScriptBin — Why Every Nix Flake Script Needs an Explicit Shell
Nix devShells inherit the user's login shell. If your flake defines shell functions or scripts without writeShellScriptBin, they silently break for anyone not running bash. Here's the fix — and the stricter variant you probably want instead.
Distributing a Private CLI via Homebrew with Nix Cross-Compilation
Setting up a private Homebrew tap to distribute a Rust CLI tool — using Nix for reproducible cross-compilation across four platforms, GitHub Releases for binary hosting, and a release script that handles the whole thing.