Remote NixOS deploys get dramatically faster when the target host fetches public dependencies from its own substituters and you only push the private bits. The key is `--use-substitutes` and the trusted-user detail most guides skip.
NUR flips the AUR model inside out. Instead of one giant package repo, every maintainer keeps their own repository and NUR indexes the lot. That gives you composability, selective trust, and a much wider ecosystem than most Nix users realize.
Turning nftables rule counters into Prometheus time series with a custom exporter and Grafana dashboards, using rule comments as stable human-readable labels.
A tour of Hrafnsyn, a Phoenix LiveView app that merges ADS-B aircraft and AIS vessel data into one operational map, packages cleanly with Nix, and now runs as a real deployed service.
For headless Raspberry Pi bring-up on NixOS, image-time secret injection is often more reliable than first-boot decryption on the device. Here's the provisioning flow, the brittle design we tried first, and why bootstrap state belongs under /var/lib rather than /etc.
Get Gardena smart system data out of the phone app and into Prometheus and Grafana with a Rust exporter, a NixOS module, and per-valve water-use estimates that are honest about what the hardware can and cannot measure.
A practical BorgBackup setup for NixOS with rsync.net: the manual CLI basics first, then a clean declarative `services.borgbackup.jobs` configuration with `sops-nix`, retention, pre-backup dump chaining, and restore verification.
A host-centric dotfiles repo is easy to start and easy to outgrow. Here's what improved when I reorganized mine into a Dendritic-style layout around reusable aspects, public vs private modules, and shared inventory — plus the tradeoffs in indirection, naming, and boilerplate.
One flake can handle both NixOS and plain Debian or Ubuntu deploys. Here's a practical pattern for embedding a full legacy deployment workflow into flake apps: setup, install, build, systemd user units, database dumps, REPL shells, and shell aliases.
Why the existing Python and Go gpsd exporters keep crashing, how a Rust rewrite fixes it, and wiring the whole thing up with Prometheus on NixOS — including the gpsd configuration that nobody tells you about.
Building hickory-dns from source with Nix, generating zone files from a host registry, wiring up DDNS with Kea DHCP, hardening with systemd, and monitoring the whole thing with Prometheus and Grafana.
How to install NixOS on cheap VPS instances with 768MB–1GB RAM using nixos-infect and a custom kexec image for nixos-anywhere.
Building your own private Cachix-style Nix binary cache on NixOS with Attic, Garage, PostgreSQL, sops-nix, multi-tenant token scoping, and GitHub Actions.
How to use a Nix flake to pin the Android SDK, wrap Flutter release builds, keep signing material out of the repo, and add idempotent emulator helpers.
Getting Ecowitt weather station data into Prometheus and Grafana with a Rust exporter and a NixOS module — with forwarding to Home Assistant and other receivers.
Using Crane to get reproducible Nix builds for Rust while keeping the standard Cargo workflow intact for developers who don't use Nix.
Setting up a self-hosted, vendor-neutral container registry on NixOS using the Zot module — users, access control, retention, nginx, and monitoring included.
Most people think Nix on Mac is just package installation. nix-darwin lets you declaratively own system preferences, services, keyboard remapping, Homebrew, Dock layout, and more — rebuild and your entire Mac personality is back.
One of Nix's most underappreciated superpowers: run any package without installing it. No brew install, no apt-get, no commitment. Three tiers from one-shot commands to full dev environments — plus comma, direnv, and the workflow that inverts how you think about package management.
ProtonVPN assigns ports dynamically via NAT-PMP and they change without warning. A small Rust daemon keeps qBittorrent's listening port in sync, recovers from failures, and exports Prometheus metrics — all wired up as a NixOS module.
Private repos return a 404, not a 401, and you're debugging the wrong thing. Here's how to configure Nix access-tokens, manage them with sops-nix on NixOS and macOS, create properly-scoped GitHub tokens, and handle the edge cases — remote builders, the daemon, and fresh hosts.
Nix devShells inherit the user's login shell. If your flake defines shell functions or scripts without writeShellScriptBin, they silently break for anyone not running bash. Here's the fix — and the stricter variant you probably want instead.
Setting up a private Homebrew tap to distribute a Rust CLI tool — using Nix for reproducible cross-compilation across four platforms, GitHub Releases for binary hosting, and a release script that handles the whole thing.
Why the nixpkgs postgres_exporter might not be enough, and how to package pg_exporter from the Pigsty project as a NixOS module — with Nix-native YAML collector configuration, one-toggle Grafana dashboards, and Prometheus wiring.
Upgrading PostgreSQL across four major versions on a NixOS server using flake-native scripts — reproducible, atomic, and with human checkpoints where they matter.
Packaging a Rust CLI tool with Nix so it produces fully static Linux binaries (musl) and portable macOS binaries — no Nix store paths baked in, no runtime dependencies to chase.
Hard-won patterns for packaging Elixir releases with Nix, running multiple instances on the same host, and avoiding the pitfalls that NixOS makes easy to fall into.
When your NixOS host needs decrypted secrets to build its own configuration but can't decrypt them until after it's built — and how nixos-rebuild's --target-host and --build-host flags solve the chicken-and-egg problem elegantly.
How to take over an OVH Kimsufi dedicated server with nixos-anywhere, disko, and mdadm RAID — plus wrestling with Java Web Start KVM consoles in 2026.
How a Rust-based template generator turns the boilerplate of adding a new NixOS host to a dotfiles flake into a guided, repeatable process.
A postmortem on getting Flutter iOS builds working inside a Nix flake, and what the experience revealed about Flutter's relationship with the filesystem.