- Documentation: Official EN • Official FR • Readme FR • To-Do FR
- Subprojects: Boilerplate • Example • Generator • Documentation
- 🔥 Declarative, reproducible, immutable.
- 🚀 Ready-to-use modules.
- ❄️ Simple main configuration.
- 🧩 Consistent structure.
- 🌎 A full network.
This project is constantly evolving according to my needs. If you'd like to be informed about upcoming stable versions, please let me know on GitHub or by subscribing to my YouTube channel (FR). Thank you!
| Feature | Description | |
|---|---|---|
| ⚙️ | Automated install | Fully automated host install / update with nixos-anywhere, disko & colmena |
| 👤 | User profiles | User profiles and modules with Home Manager (admin, gamer, beginner...) |
| 🖥️ | Host profiles | Host profiles (servers, containers, network nodes, workstations...) |
| 🌐 | Tailnet VPN | Full-mesh VPN with headscale + tailscale, independent subnets |
| 🛡️ | Ad-Free web | Secure, ad-free internet with AdguardHome and effective firewall (nftables) |
| 🧩 | Single Sign On | SSO strategy with Kanidm: one identity for (almost) all services |
| 🤗 | Smart services | Immich, Nextcloud, Forgejo, Vaultwarden, Mattermost, Jellyfin, etc. |
| 💻 | Clean Gnome | NixOS hosts with streamlined GNOME UI + stable and useful apps |
| 💾 | 3-2-1 Backups | Robust, simplified, and widespread backups with Restic |
| 🤖 | Generative AI | Secure, on-premises generative AI, using Open WebUI and Ollama |
| 🏠 | Homepage | Automated homepage -> quick access to all configured services |
| Specificity | Description | |
|---|---|---|
| ❄️ | Declarative & Immutable | Fully reproducible configuration based on Nix / NixOS and its ecosystem |
| 🔑 | Enhanced security | Simple and reliable security strategy powered by sops-nix |
| 📦 | High-level modules | High-level NixOS modules, easy to enable and configure |
| 📐 | Consistent architecture | Extensible and scalable architecture, consistent and customizable |
| ✴️ | Reverse proxy | Services distributed across network servers through Caddy proxies |
| 🛜 | Auto-networking | Zero-conf network plumbing (DNS, DHCP, firewall...) with dnsmasq |
| ✅ | Monitoring & Alerts | Supervision with Prometheus, Grafana and Alertmanager |
- OAuth2 = supports OAuth2 / OIDC
- Native = no plugin or external component required; can be configured directly
- PKCE = supports PKCE
- Declarative = all settings can be declared in NixOS
- OK = works on my configuration
| Application | OAuth2 | Native | PKCE | Declarative | OK | Comments |
|---|---|---|---|---|---|---|
| Outline | ✅ | ✅ | ✅ | ✅ | ✅ | Works perfectly |
| Mealie | ✅ | ✅ | ✅ | ✅ | ✅ | Works perfectly |
| Vaultwarden | ✅ | ✅ | ✅ | ✅ | ✅ | Fill the right e-mail first |
| Matrix Synapse | ✅ | ✅ | ✅ | ✅ | ✅ | Works fine (+Element +Coturn) |
| Open WebUI | ✅ | ✅ | ✅ | ✅ | ✅ | Works fine (+Ollama) |
| Grafana | ✅ | ✅ | ✅ | ✅ | ✅ | Works fine |
| LaSuite Docs | ✅ | ✅ | ✅ | ✅ | Well, PKCE Challenge not found | |
| Immich | ✅ | ✅ | ✅ | ✅ | Non-declarative configuration | |
| Forgejo | ✅ | ✅ | ✅ | ❌ | ✅ | Non-declarative configuration |
| Nextcloud | ✅ | ❌ | ❌ | ❌ | ✅ | Requires a plugin, non-declarative |
| OAuth2 Proxy | ✅ | ✅ | ✅ | ✅ | ✅ | Linked to Caddy & Kanidm |
| Homepage | 🔁 | 🔁 | 🔁 | 🔁 | ✅ | Via OAuth2 Proxy |
| Prometheus | 🔁 | 🔁 | 🔁 | 🔁 | ✅ | Via OAuth2 Proxy |
| Jellyfin | ℹ️ | ℹ️ | ℹ️ | ℹ️ | ℹ️ | Common access |
| AdGuard Home | ℹ️ | ℹ️ | ℹ️ | ℹ️ | ℹ️ | Common access |
| Geneweb | ℹ️ | ℹ️ | ℹ️ | ℹ️ | ℹ️ | Common access |
| ❌ | ❌ | ❌ | ❌ | ❌ | No more OAuth2 for the TEAM edition |
