vanixiets

/vɑn.ɪks.its/ — something from nothing

declarative, reproducible, type-safe infrastructure with nix flake modules

And all this to realize compositional algebras of graded effects, structured as indexed monad transformer stacks over effectful computations, from heterogeneous components to support experimentation, discovery, and understanding of the past in the present for the future.

Documentation • Getting Started • Architecture • Discussions

---

What This Provides

Nix flake-based system configurations for NixOS, nix-darwin, and home-manager using deferred module composition and clan.

Quick Start

Warning

These commands install the Nix package manager system-wide (multi-user daemon), modify shell initialization files, and apply system configurations. You almost surely don't want to execute them without reading the relevant source.

# Clone repository
git clone https://github.com/cameronraysmith/vanixiets.git
cd vanixiets

# Bootstrap nix and essential tools
make bootstrap && exec $SHELL

# Activate direnv
direnv allow

# Activate configuration
just activate

See the Getting Started guide for illustrative setup instructions.

Features

⊕ Deferred module composition - import-tree auto-discovers Nix files organized by feature category (aspect) rather than host, where each file is a flake-parts module that assigns deferredModule values to class-organized namespaces (flake.modules.darwin.*, flake.modules.homeManager.*, flake.modules.nixos.*)

⋈ Per-package nixpkgs channel selection - Multi-channel overlay architecture enables unstable default with selective stable fallbacks via modules/nixpkgs/overlays/stable-fallbacks.nix without holding back rolling upgrades for the entire package set.

⊛ Cross-platform deployment targets - NixOS, nix-darwin, or home-manager configurations

⊎ Multi-user configuration patterns - Admin users with integrated system/home-manager configurations and non-admin users with system-integrated or standalone home-manager deployments

⊢ Declarative secrets management - sops-nix integration with age encryption for managing encrypted secrets and integration with clan vars.

⊠ Composable package overlays - layered overlay composition (multi-channel access → stable fallbacks → custom packages → build overrides → flake input overlays) for package customization and dependency management

↯ Reproducible development environments - Standard nix development shell(s) with direnv auto-activation and just task runner recipe for each CI job to support reproducible local development testing

Documentation

Getting Started: Setup Guide • Host Onboarding • Home Manager Onboarding

Architecture: Architecture overview • Deferred module composition • System-user integration • Repository structure

Operations: Secrets management • Handling broken packages • Adding custom packages

Reference: CI jobs • Justfile recipes • Flake apps

📘 Full documentation: https://infra.cameronraysmith.net/

License

MIT

Credits

Built with flake-parts, import-tree, clan-core, and overlay patterns from mirkolenz/nixos.

See complete credits for full acknowledgments.

Origin of the name

vanixiets is a contraction of van niets iets ("from nothing, something"), capturing the Nix philosophy that build environments start empty and all dependencies must be explicitly declared.

The name pays homage to Eelco Dolstra's etymology for Nix itself:

"The name Nix is derived from the Dutch word niks, meaning nothing; build actions do not see anything that has not been explicitly declared as an input."

— Dolstra, de Jonge & Visser (2004)¹

Footnotes

1. Dolstra E, de Jonge M, Visser E. Nix: A Safe and Policy-Free System for Software Deployment. LISA '04: 18th USENIX Large Installation System Administration Conference. 2004;79–92. https://www.usenix.org/conference/lisa-04/nix-safe-and-policy-free-system-software-deployment ↩