NixOS system configurations for AI workloads — LLM inference hosts, ROCm/CUDA accelerator stacks, model-serving services — declared as flakes.
The system-level counterpart to
nix-ai (home-manager modules
for Claude Code / Gemini / Copilot / MCP servers). nixos-ai holds NixOS
configurations for the physical Linux hosts that run AI workloads.
| Host | Hardware | Role | Status |
|---|---|---|---|
llm |
B550M Gaming X Wifi6 + Ryzen 9 5900X + 32 GB DDR4 + RX 580 + ADATA 512 GB NVMe | LLM inference / general AI dev | Active (NixOS 26.05) |
Prerequisites:
- Nix with flakes enabled
(
experimental-features = nix-command flakes) - A NixOS host matching one of the hardware configurations under
hosts/, or a derivative you maintain in a fork
Clone the repo onto the target host (typical path is /etc/nixos):
sudo git clone https://github.com/JacobPEvans/nixos-ai.git /etc/nixos
cd /etc/nixosEdit vars.nix at the repo root for your fork. Everything that varies
per install lives there — SSH keys, disk UUIDs, hostname, timezone,
CPU/GPU module names, initrd modules, trusted IP ranges, gc schedule,
zram percentage, fail2ban retry count, supported formatter systems. The
rest of the tree only references values from vars.nix; there are no
hardcoded UUIDs, hostnames, or per-host magic numbers in the Nix
modules.
To bring up a new host:
- Add an entry under
vars.hosts.<name>(copy thellmblock as a starting template). - Drop in
hosts/<name>/configuration.nixandhosts/<name>/hardware-configuration.nix(copy thellmfiles; they only referencehost.*andvars.*, no per-host hardcoding). sudo nixos-rebuild switch --flake .#<name>on the target host.
The flake auto-discovers hosts via nixpkgs.lib.mapAttrs over
vars.hosts, so no flake.nix edit is needed when adding a host.
Build and switch the active system on the target host:
sudo nixos-rebuild switch --flake .#llmBuild without persisting (validates evaluation + closure):
nixos-rebuild build --flake .#llmBuild directly from GitHub without cloning (useful for one-shot testing on a fresh host):
sudo nixos-rebuild switch --flake github:JacobPEvans/nixos-ai#llmVerify after switch:
systemctl is-active sshd fail2ban
timedatectl # should print 'Time zone: UTC'
swapon --show # zram0 priority 5- Hostnames are short, lowercase, single-word per host's primary role
(
llm, futureinference-N). - Timezone is UTC on every host.
- Root SSH is key-only; password and keyboard-interactive auth are disabled.
- All per-install and per-operator values (SSH keys, disk UUIDs,
hostname, timezone, CPU/GPU module names, initrd modules, trusted IP
ranges, gc schedule, zram %, fail2ban retry count) live in
vars.nixat the repo root and flow into modules viaspecialArgsashostandvars. The Nix modules contain no per-host magic numbers — only policy decisions like "use systemd-boot" or "NetworkManager owns DHCP".vars.nixis committed; only publishable values belong there. fail2banguards sshd; the RFC191810.0.0.0/8range is inignoreIPto cover the multi-VLAN homelab boundary. Key-only auth is the actual access control.- One flake at the repo root; per-host config lives in
hosts/<hostname>/.
nix flake check # evaluation + formatting + lint
nixos-rebuild build --flake .#llm # build (no switch)Pre-commit hooks check whitespace, YAML/JSON syntax, large files, private-key leaks, markdown lint (markdownlint-cli2), Nix formatting (nixfmt-rfc-style), unused bindings (deadnix), common antipatterns (statix), and GitHub Actions security (zizmor).
pre-commit install # one-time setup
pre-commit run --all-files # run all hooksnix-ai— user-level AI tooling (Claude Code, Gemini, Copilot, MCP servers) as home-manager modules.nix-darwin— macOS system configurations.nix-home— cross-platform home-manager user environment.nix-devenv— reusable per-language dev shells.