What if your entire Kubernetes edge cluster, from the kernel to the workload, was a single reproducible function? No drift. No snowflakes. No, "this node got fixed manually six months ago, and nobody remembers how." Just code in, cluster out. That question led me into a project that combines: infrastructure-nixos for the Raspberry Pi-hosted Forgejo control path edge-cluster-infra for Oracle networking, compute, and block storage infrastructure-secrets for the shared SOPS-managed secret layer nix-k3s-edge-cluster for the NixOS + K3s runtime and workload layer RustDesk as a real workload proof point A Raspberry Pi-hosted Forgejo instance, a Mac mini runner, and an Oracle edge node as the deployed target This post is the practical version of that story: what I built, what actually worked, what hurt, and why I think the most interesting thing here is not Nix syntax, but where the source of truth lives.…