I've been wanting to setup a new home server for a long time and have been held up way too long in weighing different architectures, so I finally used AI assisted exploration to crash-dive into a NixOS prototype deployment to see if a fully declarative approach could tame configuration drift, encryption, containers, and networking in one place. This writeup walks through building an full disk encryption NixOS prototype with Tang-based auto-unlock, Podman quadlets, and nftables — including the rough edges, undocumented workarounds, and what broke along the way. The takeaway is my assessment of where NixOS will be my future platform of choice.
I've been wanting to setup a new home server for a long time and have been held up way too long in weighing different architectures, so I finally used AI assisted exploration to crash-dive into a NixOS prototype deployment to see if a fully declarative approach could tame configuration drift, encryption, containers, and networking in one place. This writeup walks through building an full disk encryption NixOS prototype with Tang-based auto-unlock, Podman quadlets, and nftables — including the rough edges, undocumented workarounds, and what broke along the way. The takeaway is my assessment of where NixOS will be my future platform of choice.