From firmware to full stack.

Building neural interfaces, real-time sensing systems, and open-source embedded firmware. I write about the tools, languages, and infrastructure that hold it all together.

Dotfiles, Part 5: Custom Tooling and the Platform Edges

Mar 19, 2026

A Cloudflare CLI with a tunnel state machine, GNU Stow inside Nix, triple-platform service modules, secure credential hashing, declarative ZFS, and dev shell bootstrapping.

nixtoolinginfrastructure

Dotfiles, Part 4: Network-Aware Services — From Split Tunneling to Topology-Driven DNS

Mar 15, 2026

ProtonVPN with network namespace split tunneling, ad-blocking derived from VLAN topology, DHCP-to-DNS sync, and dynamic WireGuard peer onboarding — all as composable NixOS modules.

nixnetworkingsecurityinfrastructure

Dotfiles, Part 3: Secrets, Fleet Management, and the User Bridge

Mar 11, 2026

How I bootstrap 9 machines with sops-nix, clan-core, and a user module pattern that solves the secrets chicken-and-egg problem — plus service exposure via Caddy and Cloudflare Tunnel.

nixsecurityinfrastructure

Dotfiles, Part 2: A NixOS Home Router — From VLANs to Declarative DNS

Mar 7, 2026

Building a full home router as composable NixOS modules — typed options, auto-derived nftables rules, VLAN isolation, and a custom Go CLI for Cloudflare DNS sync.

nixnetworkinginfrastructure

Dotfiles, Part 1: Why Dendritic Flakes Work for Managing 9 Machines

Mar 3, 2026

How I use import-tree, flake-parts, and clan-core to manage NixOS, macOS, and WSL machines from a single flake — without maintaining a central import list.

nixdotfilesinfrastructure

All posts →