This is a highly specialized NixOS configuration, meticulously crafted over two years to ensure redundancy, reliability, and security. NixOS’s declarative nature allows for reproducible and resilient system setups, and this configuration reflects my journey in leveraging those strengths.

Note: I’ve been learning Nix since 2023, and while I’m passionate about this setup, I’m not an expert. Use this configuration as inspiration, but always validate choices for your own needs. Last reviewed: 10/10/2025 (DD/MM/YYYY)

The networking stack is designed for security, privacy, and reliability:

• Network Management: Uses NetworkManager with wpa_supplicant as the backend for wireless networks.
• DNS:
  • DNSSEC and DNS-over-TLS via Stubby.
  • Caching with Unbound for faster and more efficient queries.
• Time Synchronization: Uses chrony with the NTS protocol for secure time synchronization.
• Firewall: A robust firewall configuration with kernel hardening and security-focused parameters.

I primarily use VSCode, and this configuration includes support for:

• Languages: C++, Rust, Python, SQL (MySQL & PostgreSQL servers included).
• Tools: Jupyter Notebooks/Server.
• Development Shells: C++, Python, JavaScript.

This configuration includes almost all AI libraries you might need:

• Python Libraries: scikit-learn, PyTorch (with torch-bin), transformers, langchain, smolagents, flash-attn, streamlit, gradio, and more.
• Configuration File: Dev/python.nix

I’ve developed several custom tools to streamline workflows:

The security.nix file includes:

• Kernel parameter hardening.
• Banned file formats.
• Disabling of the CUPS service.

This configuration is constantly evolving. I’ll be documenting additional features and improvements soon.