diff --git a/.envrc b/.envrc
new file mode 100644
index 0000000..1d953f4
--- /dev/null
+++ b/.envrc
@@ -0,0 +1 @@
+use nix
diff --git a/.gitignore b/.gitignore
index bc7b989..16abf57 100644
--- a/.gitignore
+++ b/.gitignore
@@ -182,3 +182,5 @@ dmypy.json
 
 netbox-docker
 /.vscode
+.direnv
+.pre-commit-config.yaml
diff --git a/default.nix b/default.nix
new file mode 100644
index 0000000..84f7943
--- /dev/null
+++ b/default.nix
@@ -0,0 +1,55 @@
+{
+  sources ? import ./npins,
+  pkgs ? import sources.nixpkgs { },
+}:
+
+let
+  checks = (import sources.git-hooks).run {
+    src = ./.;
+
+    hooks =
+      {
+        commitizen.enable = true;
+      }
+      // (pkgs.lib.genAttrs
+        [
+          "black"
+          "isort"
+          "ruff"
+        ]
+        (hook: {
+          enable = true;
+          stages = [ "pre-push" ];
+        })
+      );
+  };
+
+  python3 = pkgs.python3.override {
+    packageOverrides = self: _: {
+      netifaces2 = self.callPackage ./nix/netifaces2.nix { };
+    };
+  };
+in
+
+{
+  devShell = pkgs.mkShell {
+    name = "netbox-agent.dev";
+
+    packages = [
+      (python3.withPackages (ps: [
+        ps.pynetbox
+        ps.netaddr
+        ps.netifaces2
+        ps.pyyaml
+        ps.jsonargparse
+        ps.python-slugify
+        ps.packaging
+        ps.distro
+      ]))
+    ] ++ checks.enabledPackages;
+
+    shellHook = ''
+      ${checks.shellHook}
+    '';
+  };
+}
diff --git a/nix/netifaces2.nix b/nix/netifaces2.nix
new file mode 100644
index 0000000..1c2cdf9
--- /dev/null
+++ b/nix/netifaces2.nix
@@ -0,0 +1,46 @@
+{
+  lib,
+  buildPythonPackage,
+  fetchFromGitHub,
+  cargo,
+  rustPlatform,
+  rustc,
+  typing-extensions,
+}:
+
+buildPythonPackage rec {
+  pname = "netifaces-2";
+  version = "0.0.22";
+  pyproject = true;
+
+  src = fetchFromGitHub {
+    owner = "SamuelYvon";
+    repo = "netifaces-2";
+    rev = "V${version}";
+    hash = "sha256-XO3HWq8FOVzvpbK8mIBOup6hFMnhDpqOK/5bPziPZQ8=";
+  };
+
+  cargoDeps = rustPlatform.fetchCargoTarball {
+    inherit src;
+    name = "${pname}-${version}";
+    hash = "sha256-uoUa6DSBuIV3RrE7svT1TVLxPHdx8BFu/C6mbpRmor0=";
+  };
+
+  build-system = [
+    cargo
+    rustPlatform.cargoSetupHook
+    rustPlatform.maturinBuildHook
+    rustc
+  ];
+
+  dependencies = [ typing-extensions ];
+
+  pythonImportsCheck = [ "netifaces" ];
+
+  meta = {
+    description = "Netifaces reborn";
+    homepage = "https://github.com/SamuelYvon/netifaces-2.git";
+    license = lib.licenses.mit;
+    maintainers = with lib.maintainers; [ ];
+  };
+}
diff --git a/npins/default.nix b/npins/default.nix
new file mode 100644
index 0000000..5e7d086
--- /dev/null
+++ b/npins/default.nix
@@ -0,0 +1,80 @@
+# Generated by npins. Do not modify; will be overwritten regularly
+let
+  data = builtins.fromJSON (builtins.readFile ./sources.json);
+  version = data.version;
+
+  mkSource =
+    spec:
+    assert spec ? type;
+    let
+      path =
+        if spec.type == "Git" then
+          mkGitSource spec
+        else if spec.type == "GitRelease" then
+          mkGitSource spec
+        else if spec.type == "PyPi" then
+          mkPyPiSource spec
+        else if spec.type == "Channel" then
+          mkChannelSource spec
+        else
+          builtins.throw "Unknown source type ${spec.type}";
+    in
+    spec // { outPath = path; };
+
+  mkGitSource =
+    {
+      repository,
+      revision,
+      url ? null,
+      hash,
+      branch ? null,
+      ...
+    }:
+    assert repository ? type;
+    # At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository
+    # In the latter case, there we will always be an url to the tarball
+    if url != null then
+      (builtins.fetchTarball {
+        inherit url;
+        sha256 = hash; # FIXME: check nix version & use SRI hashes
+      })
+    else
+      assert repository.type == "Git";
+      let
+        urlToName =
+          url: rev:
+          let
+            matched = builtins.match "^.*/([^/]*)(\\.git)?$" repository.url;
+
+            short = builtins.substring 0 7 rev;
+
+            appendShort = if (builtins.match "[a-f0-9]*" rev) != null then "-${short}" else "";
+          in
+          "${if matched == null then "source" else builtins.head matched}${appendShort}";
+        name = urlToName repository.url revision;
+      in
+      builtins.fetchGit {
+        url = repository.url;
+        rev = revision;
+        inherit name;
+        # hash = hash;
+      };
+
+  mkPyPiSource =
+    { url, hash, ... }:
+    builtins.fetchurl {
+      inherit url;
+      sha256 = hash;
+    };
+
+  mkChannelSource =
+    { url, hash, ... }:
+    builtins.fetchTarball {
+      inherit url;
+      sha256 = hash;
+    };
+in
+if version == 3 then
+  builtins.mapAttrs (_: mkSource) data.pins
+else
+  throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`"
diff --git a/npins/sources.json b/npins/sources.json
new file mode 100644
index 0000000..f15de69
--- /dev/null
+++ b/npins/sources.json
@@ -0,0 +1,23 @@
+{
+  "pins": {
+    "git-hooks": {
+      "type": "Git",
+      "repository": {
+        "type": "GitHub",
+        "owner": "cachix",
+        "repo": "git-hooks.nix"
+      },
+      "branch": "master",
+      "revision": "3c3e88f0f544d6bb54329832616af7eb971b6be6",
+      "url": "https://github.com/cachix/git-hooks.nix/archive/3c3e88f0f544d6bb54329832616af7eb971b6be6.tar.gz",
+      "hash": "04pwjz423iq2nkazkys905gvsm5j39722ngavrnx42b8msr5k555"
+    },
+    "nixpkgs": {
+      "type": "Channel",
+      "name": "nixpkgs-unstable",
+      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.11pre694416.ccc0c2126893/nixexprs.tar.xz",
+      "hash": "0cn1z4wzps8nfqxzr6l5mbn81adcqy2cy2ic70z13fhzicmxfsbx"
+    }
+  },
+  "version": 3
+}
\ No newline at end of file
diff --git a/shell.nix b/shell.nix
new file mode 100644
index 0000000..d6d21cf
--- /dev/null
+++ b/shell.nix
@@ -0,0 +1 @@
+(import ./. { }).devShell