# Becoming Dangerous: AI-Assisted Self-Hosting with NixOS

> Self-hosting was too hard for most engineers. AI tools like Claude are changing that. Here's how to become dangerous enough to own your data.


Self-hosting has always been a niche hobby for a reason.

I've been using NixOS for over a decade. I know the ecosystem. I've contributed to it, founded NixCon, led the marketing team. And yet, every time I've tried to self-host something beyond the basics, I've hit the same wall: the nitty-gritty details that take forever to get right.

You want to run Nextcloud? Great. Now you need to understand nginx reverse proxies, TLS certificates, PostgreSQL tuning, DNS records, backup strategies. Each of these is its own rabbit hole. Each requires reading documentation, testing configurations, breaking things, fixing them, and hoping you didn't miss some security footgun along the way.

Most engineers give up. The friction is just too high. We default to Google Photos, Bitwarden's cloud service, Dropbox. It's not that we don't care about owning our data - it's that the time investment to self-host feels infinite.

Something changed.

## AI as the Learning Accelerator

LLMs like Claude are surprisingly good at Nix. Not perfect, but good enough to be useful. They've seen enough NixOS configurations in their training data to generate reasonable starting points for most services.

The real shift isn't perfect AI answers - it's a new iteration loop. Tools like Claude Code don't just suggest configurations. They write the config, run `nixos-rebuild switch`, read the error, fix the config, and try again. The whole cycle happens inside the tool. You watch, you steer, you approve - but the AI does the tedious back-and-forth with the compiler.

The loop looks like this:

1. You describe what you want ("set up Vaultwarden with HTTPS")
2. AI writes the NixOS config
3. AI runs `nixos-rebuild build-vm` to test in an isolated QEMU virtual machine
4. Build fails? AI reads the error, adjusts, tries again
5. VM boots? AI can verify the service is running, check ports, read logs - or write automated tests using the [NixOS test driver](https://nixos.org/manual/nixos/stable/#sec-nixos-tests)
6. Once it works in the VM, deploy to the real system with `nixos-rebuild switch`

This used to take weeks of reading documentation. Now it takes hours. Sometimes minutes.

AI gets things wrong. It suggests options that were renamed, or patterns that almost work. But NixOS catches those mistakes at build time, not at runtime. The error is specific, the AI reads it directly, and the next attempt is better. The feedback loop is tight because there's no human in the middle copying errors around.

I don't need to become an nginx expert. I don't need to memorize PostgreSQL connection strings. I just need to become *dangerous enough* to get a working configuration and understand roughly what it does.

## Why NixOS is the Perfect Match

NixOS and AI-assisted development are a surprisingly good fit. Here's why:

**Declarative configuration.** Everything lives in one place - your `configuration.nix` or flake. No hunting through `/etc/nginx/sites-available/` and `/var/lib/postgres/` and wherever else configs might hide. When AI generates a config, you know exactly where it goes.

**Reproducible by design.** The same configuration produces the same system, every time. If AI helps you build something that works in a test VM, it'll work on your production server. No "works on my machine" surprises.

**Safe experimentation with `build-vm`.** This is the killer feature for AI-assisted self-hosting. `nixos-rebuild build-vm` creates a full QEMU virtual machine from your config - a disposable sandbox where AI can test everything without touching your host system. The AI boots the VM, checks if services start, verifies ports are open, reads logs. If the VM works, you deploy with confidence. If it doesn't, nothing was harmed. And because each VM is isolated, you can work on multiple services in parallel - have AI configure Vaultwarden in one VM while you're tweaking Immich in another.

**Atomic rollbacks.** Even on the real system, mistakes are cheap. One command: `nixos-rebuild switch --rollback`. You're back to the last working state. Between `build-vm` for testing and rollbacks for production, the fear of breaking things permanently evaporates.

**Build-time errors, not runtime surprises.** Nix evaluates your entire configuration before touching the system. Misspelled an option? Wrong type? Missing dependency? You find out immediately, not after deploying. This is perfect for AI-generated configs - mistakes are caught early and the error messages are specific enough to feed back into the conversation.

**Structured configs are AI-friendly.** Nix configurations are essentially structured data. LLMs are better at generating structured output than they are at writing bash scripts that modify random files across the filesystem.

The combination means you can iterate fast without fear. Break things, learn from the errors, roll back, try again. The traditional self-hosting nightmare - spending a weekend debugging something and ending up with a broken system you can't recover - just doesn't happen on NixOS.

## What You Can Actually Self-Host

Let me be practical. Here's what's actually achievable with the AI + NixOS approach:

**Vaultwarden (passwords)** - Start here. It's the easiest win. Vaultwarden is a lightweight Bitwarden-compatible server. The NixOS module is mature. Basic config is maybe 10 lines. AI can help you add HTTPS, backups, and proper secrets management incrementally.

```nix
services.vaultwarden = {
  enable = true;
  config = {
    DOMAIN = "https://vault.example.com";
    SIGNUPS_ALLOWED = false;
  };
};
```

**Immich (photos)** - Google Photos replacement with a genuinely good UI. More complex than Vaultwarden - needs PostgreSQL, Redis, machine learning models. But the NixOS module handles most of the complexity. AI can help you configure GPU acceleration if you want faster video transcoding.

**Paperless-ngx (documents)** - Scan documents, OCR them, organize them, search them. Self-hosted document management that actually works. Great NixOS module with sensible defaults.

**Seafile (files)** - Fast, reliable file sync that just works. Unlike heavier alternatives, Seafile focuses on doing one thing well - syncing files across devices. It handles large libraries without choking and the sync client is solid on every platform.

Each of these has a dedicated NixOS module. Each is documented on the [NixOS Wiki](https://wiki.nixos.org/). And for each, tools like Claude Code can write the config, run the build, and iterate through errors autonomously. You stay in the loop to review and approve, but the grunt work of debugging config options is handled for you.


## The Bigger Picture

Here's what I find genuinely exciting about this moment.

Self-hosting has been niche because of time. Time to research which software to run. Time to learn how to configure it. Time to test it. Time to keep it updated. And the killer: every additional service multiplied the maintenance burden exponentially. Five services didn't take five times the effort - they took twenty.

AI flips that equation. Research that took days happens in hours, sometimes minutes. Maintenance tasks that used to eat weekends - updating configs, debugging broken upgrades, checking logs - become something AI handles while you review the results. The effort doesn't scale exponentially anymore. It stays roughly flat.

And here's the part that surprised me: the configurations you end up with are actually *better*. When iteration is cheap, you don't settle for "it works." You keep going. Tighten the firewall rules. Tune the database. Add proper monitoring. The kind of polish that nobody had time for before becomes the default, because asking AI to do one more pass costs you nothing.

Sure, you can use AI as a tool that just writes configurations for you. But that's selling it short. I use it to become an expert. Every iteration is a conversation - why did this fail, what does this option actually do, what's the tradeoff between these two approaches. The AI explains as it works, and you absorb it. After a few sessions configuring a service, you genuinely understand it. Not because you read documentation for a week, but because you learned by doing, with a patient teacher running the commands alongside you.

And here's the hopeful ending: we might be building the tools that finally let us own our own data. Not everyone will self-host. Most people won't. But more engineers *can* now, and that pool keeps growing.