Skip to content

🧬 Architecture

Vol[atile] NixOS is a single flake (flake.nix) that builds two hosts and two MicroVM runners. The defining property is statelessness: the root filesystem is a tmpfs rebuilt clean on every boot, with all durable data mapped onto /persist via impermanence.

graph TD
    HW["Hardware<br/>Ryzen + AMD iGPU / NVIDIA RTX 4050"] --> K["CachyOS Kernel<br/>preempt=full · threadirqs"]
    K --> LB["Lanzaboote<br/>UEFI Secure Boot"]
    K --> IMP["Impermanence<br/>tmpfs root /"]
    IMP --> P["/persist<br/>durable state"]
    LB --> NIX["NixOS · Lix daemon"]
    NIX --> HM["Home Manager<br/>user: lowcache"]
    HM --> HYP["Hyprland + UWSM<br/>greetd / tuigreet"]
    HYP --> QS["Quickshell shell (ii)"]
    NIX --> VM["microvm.nix guests"]
    VM --> TOR["net-gate · Tor proxy"]
    VM --> TS["tailscale-vm"]
    NIX --> AI["Ollama (CUDA) + Open WebUI"]
    NIX --> DK["Docker OCI · Fooocus"]
    P -. out-of-store symlinks .-> HM

The Lix daemon

The reference C++ Nix daemon is replaced by Lix through the lix-module flake input. The flake keeps inputs.lix.url tracking Lix main with inputs.nixpkgs.follows = "nixpkgs", and the lock pins exact revisions.

Lix builds from source

Because Lix main is not published to cache.lix.systems, the daemon is built from source. The follows/override pinning must not be removed without re-verifying evaluation (nix eval .#nixosConfigurations.volnix.config.system.build.toplevel.drvPath).

Layers

Layer Mechanism Page
Boot & integrity Lanzaboote UEFI Secure Boot Boot & Secure Boot
Statelessness impermanence + /persist + symlinks Impermanence
Performance CachyOS kernel + sysctl tuning Kernel & Performance
Secrets sops-nix + age Secrets
Isolation microvm.nix gateways Networking
Desktop Hyprland + Quickshell Desktop