This repo provides flake apps and scripts as the primary interfaces. The
Makefile is a convenience wrapper for a few host build commands.
# Host builds
make nixos WHAT=frame
make darwin WHAT=mair
make nixos WHAT=beast REMOTE=false
# Local VMs
nix run .#vm -- --help
nix run .#vm -- builder1
nix run .#vm -- --gui frame
nix run .#vm -- srvarr
nix run .#vm -- fana
nix run .#vm -- gw
nix run .#vm -- org
nix run .#vm -- beast
# Config diff between two Git revisions
nix run .#diff -- frame <old-rev> <new-rev>
nix run .#diff -- mair <old-rev> <new-rev>
# Proxmox VM deploy
nix run .#prox-deploy -- srvarr prx1-lab
nix run .#prox-deploy -- fana prx1-lab
nix run .#prox-deploy -- gw prx1-lab
nix run .#prox-deploy -- org prx1-lab
# Disk helpers
nix run .#deploy -- --disko frame /dev/sdXUpdate multiple machines over SSH with nix run .#deploy (defaults to
--all):
# Update all personal machines (default)
nix run .#deploy -- -A
# Stage a NixOS config for reboot instead of switching immediately
nix run .#deploy -- --branch ci/flake-update --boot srvarr
# Update all work machines
nix run .#deploy -- -A --work
# Update a subset interactively
nix run .#deploy -- -A --select
# Dry run (SSH check + disk estimate only)
nix run .#deploy -- -A --dry-runSecrets for non-work machines are managed via sops-nix, with one encrypted YAML
per host under secrets/.
Use these commands:
# Bootstrap a host secret
nix run .#sops-bootstrap -- beast
nix run .#sops-bootstrap -- beast --user root
# Current host (detected from hostname)
nix run .#sops-cat
nix run .#sops-edit
nix run .#sops-update
# Explicit host
nix run .#sops-cat -- mair
nix run .#sops-edit -- mair
nix run .#sops-update -- mair
nix run .#sops-pass -- beast root
nix run .#sops-pass -- --gen gw root
nix run .#sops-pass -- --gen gw both
nix run .#sops-pass -- beast ihrachyshka
# Copy one section between host secrets
nix run .#sops-copy -- mair prx1-lab attic
nix run .#sops-copy -- mair prx1-lab flakehubRun sops-update when a host secret should receive missing template keys.
sops-edit only opens the selected secret for editing.
Backup and restore procedures are documented in common/backup.md.
srvarr's adaptive upload policy and tracker prioritization are documented in
nixos/srvarrvm/upload-policy.md.
Run Bats checks:
system="$(nix eval --impure --raw --expr builtins.currentSystem)"
nix build ".#checks.${system}.bats" --no-linkRun full flake checks (same entrypoint used in CI):
nix flake check -L --show-traceCI matrix selection rules and skip behavior are documented in .github/README.md.
All VMs run on Proxmox hosts and are deployed with prox-deploy (wrapper
around nixmoxer).
| Machine | Type | Purpose | Config | Includes |
|---|---|---|---|---|
beast |
NixOS (x86_64-linux) | NAS storage + Jellyfin/Jellarr server. | nixos/beast/default.nix | common, nixos |
nvws |
Proxmox host | Work Proxmox node configuration. Single node. Also serves as a remote x86_64-linux builder for work machines. | nixos/nvws/default.nix | common, nixos |
prx1-lab |
Proxmox host | Lab Proxmox node (cluster leader) and TFTP/netboot host. | nixos/prx1-lab/default.nix | common, nixos |
prx2-lab |
Proxmox host | Lab Proxmox node (cluster member). | nixos/prx2-lab/default.nix | common, nixos |
prx3-lab |
Proxmox host | Lab Proxmox node (cluster member). | nixos/prx3-lab/default.nix | common, nixos |
| Machine | Type | Purpose | Config | Includes |
|---|---|---|---|---|
builder1 |
CI VM | Primary builder VM for CI and heavy Nix builds. | nixos/default.nix | common, nixos |
builder2 |
CI VM | Additional builder VM (same profile as builder1). |
nixos/default.nix | common, nixos |
builder3 |
CI VM | Additional builder VM (same profile as builder1). |
nixos/default.nix | common, nixos |
cache |
CI VM | Cache VM backed by NFS for binary caching. | nixos/cachevm/default.nix | common, nixos |
| Machine | Type | Purpose | Config | Includes |
|---|---|---|---|---|
mair |
macOS (aarch64-darwin) | Personal Mac workstation. | darwin/mair/default.nix | common, darwin |
mmini |
macOS (aarch64-darwin) | Mac mini workstation. | darwin/default.nix | common, darwin |
JGWXHWDL4X |
macOS (aarch64-darwin) | Work Mac. | darwin/default.nix | common, darwin |
frame |
NixOS (x86_64-linux) | Desktop workstation. | nixos/frame/default.nix | common, nixos |
Jellyfin and Jellarr run on beast.
| Machine | Type | Purpose | Config | Includes |
|---|---|---|---|---|
srvarr |
NixOS VM | Media automation stack (Arr suite). | nixos/srvarrvm/default.nix | common, nixos |
| Machine | Type | Purpose | Config | Includes |
|---|---|---|---|---|
fana |
NixOS VM | Local Grafana stack (Grafana + Prometheus + Loki + Alloy log shipping). | nixos/fanavm/default.nix | common, nixos |
pki |
NixOS VM | Home fleet control-plane VM for internal PKI, PKI rotation, and UniFi state sync. | nixos/pkivm/default.nix | common, nixos |
gw |
Network VM | Minimal WireGuard gateway VM for remote LAN access. | nixos/gwvm/default.nix | common, nixos |
org |
NixOS VM | Org software VM. Starter service: Vikunja with Prometheus metrics scraped by fana. |
nixos/orgvm/default.nix | common, nixos |