Alternatives Considered
Operating System
Section titled “Operating System”| Alternative | Why discarded |
|---|---|
| Ubuntu / Debian | No declarative config — system state not fully reproducible from git |
| Proxmox | Added complexity as a hypervisor layer with no benefit once NixOS handles VMs natively. Only relevant if running Windows or multiple full OS instances |
| Proxmox + NixOS | Redundant — NixOS alone handles virtualisation via microvm.nix |
Home Assistant Installation
Section titled “Home Assistant Installation”| Alternative | Why discarded |
|---|---|
| Home Assistant Container (Docker) | Loses access to the Supervisor and Add-on Store. Every add-on (Zigbee2MQTT, Node-RED, Frigate, ESPHome) would need to be configured manually as a separate Docker container |
| Home Assistant Supervised | Hybrid approach that sits between Docker and HAOS. Only officially supported on bare Debian, fragile when combined with other system modifications |
Dotfiles Management
Section titled “Dotfiles Management”| Alternative | Why discarded |
|---|---|
| Chezmoi | Replaced by Home Manager, which is native to NixOS and manages user-level configuration declaratively alongside the rest of the system |
| Bare git repo | No templating, no secrets management, no cross-machine differences support |
Secrets Management
Section titled “Secrets Management”| Alternative | Why discarded |
|---|---|
| agenix / sops-nix | Keeps secrets tightly coupled to the git repository (even if encrypted). Requires GPG/SSH key distribution. 1Password completely decouples secrets from code to act as an external, single source of truth. |
| git-crypt | Same git-bound limitations as agenix but requires GPG key management on top. |
Plain .env files outside git | Not versioned, easy to lose on a fresh install, and cannot be securely automated across multiple machines. |
| HashiCorp Vault | Massive overkill for a single-node homelab |
Backup Tool
Section titled “Backup Tool”| Alternative | Why discarded |
|---|---|
| Restic + Backrest | Chosen Solution. Restic is natively supported in NixOS via services.restic, allowing for a fully declarative and reproducible backup configuration. Backrest provides a modern Web UI to manage and monitor these backups. |
| Kopia | Discarded because it’s not “NixOS friendly” for declarative configuration. While it’s a great tool, its management is primarily imperative (GUI/CLI-based state), making it harder to maintain as code compared to Restic. |
| Duplicati | Known stability issues and bugs with large repositories. Slower and less efficient than Restic. |
| offen/docker-volume-backup | Simple but limited — no deduplication, no web UI, no multi-destination. |
NAS / File Storage
Section titled “NAS / File Storage”| Alternative | Why discarded |
|---|---|
| Nextcloud | Overkill for the use case. Designed for documents, calendars, and contacts — Immich is purpose-built for photos and videos and does it far better |
| TrueNAS | Requires dedicated hardware with multiple drive bays. Not suitable for a single-node server setup |
| Synology NAS | Proprietary software, hardware lock-in. Useful as an external storage device but not as the primary stack |
| Home Assistant Samba add-on | Basic network share, not a real NAS. No photo management, no backup features |
Media Server
Section titled “Media Server”| Alternative | Why discarded |
|---|---|
| Plex | Proprietary, requires a cloud account for authentication. In 2025 made remote streaming a paid feature and doubled the lifetime pass to $250. Contradicts the self-hosted, privacy-first philosophy of this setup |
| Emby | Partially open source but monetised. Less community support than Jellyfin |
Video Codec
Section titled “Video Codec”| Alternative | Why discarded |
|---|---|
| x265 / HEVC | Good compression but ~2x larger than AV1 at equivalent quality. All client devices (Apple TV, iPhone 16+) support AV1 natively so there is no compatibility reason to use x265 |
| x264 / H.264 | Widest compatibility but largest file sizes. No reason to use it when all clients support AV1 |
Remote Access
Section titled “Remote Access”| Alternative | Why discarded |
|---|---|
| Port forwarding | Exposes the home IP directly. Security risk, requires a static IP or dynamic DNS |
| WireGuard / Tailscale VPN | Valid option but requires a VPN client on every device. Cloudflare Tunnel works transparently via any browser or app with no client needed |
| Ngrok | Proprietary, usage limits on free tier |
Dashboard / Entry Point
Section titled “Dashboard / Entry Point”| Alternative | Why discarded |
|---|---|
| Homarr | Great UI but focused on drag-and-drop. Homepage is much faster and follows the “everything as code” philosophy with YAML configuration |
| Heimdall | Too simple — no service integration widgets or system monitoring |
| Dashy | Over-engineered for this setup. Complexity of configuration outweighs the benefits |
| Flame | Minimalist but lacks the deep service integrations and widgets available in Homepage |
Voice Assistant
Section titled “Voice Assistant”| Alternative | Why discarded |
|---|---|
| Home Assistant Voice Preview Edition (Official) | Discarded due to high cost (~€100). While it offers premium build quality and better microphones, the Atom Echo provides similar core functionality for a fraction of the price. |
| Amazon Echo / Alexa Integration | Discarded to ensure 100% local control and privacy. Avoids cloud dependencies and keeps all voice processing within the local Mini PC. |
| Direct Mini PC Microphone | Discarded because the server is located on a different floor. Requires a distributed “satellite” architecture via Wi-Fi to ensure coverage from any room. |