My home network and vps infrastructure, completely managed using NixOS, terraform and flakes. It's almost completely declarative, including secrets management.
My VPSs are gently offered by GARR, as i'm a comp-sci student; and they're all created using terraform's openstack provider and terranix as a nix wrapper. Thanks to terranix-openstack i can easily manage the creation of terraform resources through nix and it's module system.
$ nix build -o config.tf.json
$ terraform init && terraform apply
This will create the openstack's resources defined in config.nix
Actually secrets are managed using sops; in particular using terraform's sops provider and sops-nix for provisioning pourposes.
All the machines are managed using 'deploy-rs' and can be easily deployed with:
$ deploy .#<machine_name> -- --impure
Most of the machines are impure so you must provide the impure flag.
That's my surface pro 4 (with m3 cpu) using nixos-hardware and nixos. I'm currently using it for university note-taking on xournal++ and it's rocking a Sway/Wayland setup, with almost full touch support.
I'm currently do not use any common module on it, so the whole configuration is in 'nixos/sp4' directory.
For deploying:
$ deploy '.#sp4' -- --impure -j0
I'm only using the -j0 flag only when i'm building from the sp4 itself, which has very poor performance in terms of compiling, so i'm building all the stuff directly using the Desktop (which isn't in the flake).
This is a VPS offered by GARR as a student, and it's serving as a web server for my blog, as a wireguard server, pounce server and also as a nameserver for my domains.
$ deploy '.#kelpie' -- --impure