diff --git a/roles/dev-nix/README.md b/roles/dev-nix/README.md
new file mode 100644
index 00000000..eb20f967
--- /dev/null
+++ b/roles/dev-nix/README.md
@@ -0,0 +1,32 @@
+# dev-nix
+
+This role installs the Nix package manager in a secure and reproducible way.
+
+## Description
+
+The role provides an offline-friendly and deterministic installation of Nix by
+using a locally stored installer script that is verified via SHA256 before
+execution. This avoids remote code downloads during Ansible runs and ensures a
+stable installation across different systems.
+
+## Overview
+
+The installer script is shipped with the role and copied to the target host.
+Its checksum is validated against a predefined SHA256 value. Only if the
+checksum matches, the installer is executed in multi-user (daemon) mode.
+Optionally, the role can install a small shell snippet to automatically load
+the Nix environment.
+
+## Features
+
+- Local, pinned Nix installer (no network download at runtime)
+- SHA256 checksum verification
+- Multi-user (daemon) installation mode
+- Optional shell integration via `/etc/profile.d`
+- Fully idempotent and distro-agnostic
+
+## Further Resources
+
+- Nix project: https://nixos.org
+- Nix releases: https://releases.nixos.org
+- Infinito.Nexus License: https://s.infinito.nexus/license
\ No newline at end of file
diff --git a/roles/dev-nix/defaults/main.yml b/roles/dev-nix/defaults/main.yml
new file mode 100644
index 00000000..0e4084ef
--- /dev/null
+++ b/roles/dev-nix/defaults/main.yml
@@ -0,0 +1,18 @@
+---
+# Path to the installer script inside this role
+dev_nix_installer_source: "nix-install.sh"
+
+# Path where the installer will be copied on the target host
+dev_nix_installer_dest: "/usr/local/share/nix-install.sh"
+
+# Expected SHA256 of the installer file.
+# You MUST set this to the actual hash of files/nix-install.sh, e.g.:
+#   sha256sum roles/dev-nix/files/nix-install.sh
+dev_nix_installer_sha256: "CHANGE_ME_SHA256_OF_INSTALLER"
+
+# Whether to drop a small shell snippet into /etc/profile.d to ensure
+# Nix environment is available for login shells.
+dev_nix_enable_shell_snippet: false
+
+# Path of the profile.d snippet
+dev_nix_shell_snippet_path: "/etc/profile.d/nix.sh"
diff --git a/roles/dev-nix/files/nix-install.sh b/roles/dev-nix/files/nix-install.sh
new file mode 100644
index 00000000..eda439bb
--- /dev/null
+++ b/roles/dev-nix/files/nix-install.sh
@@ -0,0 +1 @@
+chmod +x roles/dev-nix/files/nix-install.sh
diff --git a/roles/dev-nix/meta/main.yml b/roles/dev-nix/meta/main.yml
new file mode 100644
index 00000000..b69c013c
--- /dev/null
+++ b/roles/dev-nix/meta/main.yml
@@ -0,0 +1,37 @@
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Installs the Nix package manager using a locally stored installer script with SHA256 verification."
+  license: "Infinito.Nexus NonCommercial License"
+  license_url: "https://s.infinito.nexus/license"
+  company: |
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  min_ansible_version: "2.9"
+  platforms:
+    - name: Archlinux
+      versions:
+        - rolling
+    - name: Debian
+      versions:
+        - all
+    - name: Ubuntu
+      versions:
+        - all
+    - name: EL
+      versions:
+        - all
+    - name: Fedora
+      versions:
+        - all
+    - name: GenericLinux
+      versions:
+        - all
+  galaxy_tags:
+    - nix
+    - devtools
+    - development
+    - build
+    - automation
+    - infinito-nexus
+dependencies: []
diff --git a/roles/dev-nix/tasks/install.yml b/roles/dev-nix/tasks/install.yml
new file mode 100644
index 00000000..04392f5e
--- /dev/null
+++ b/roles/dev-nix/tasks/install.yml
@@ -0,0 +1,44 @@
+---
+# Install Nix using a locally stored installer script with SHA256 verification.
+
+- name: Ensure Nix installer script is present on target
+  ansible.builtin.copy:
+    src: "{{ dev_nix_installer_source }}"
+    dest: "{{ dev_nix_installer_dest }}"
+    mode: "0755"
+  become: true
+
+- name: Verify Nix installer SHA256 checksum
+  ansible.builtin.command: >
+    sh -c "sha256sum '{{ dev_nix_installer_dest }}' | awk '{print $1}'"
+  register: dev_nix_checksum_result
+  changed_when: false
+  become: true
+
+- name: Fail if Nix installer checksum does not match
+  ansible.builtin.fail:
+    msg: >-
+      Nix installer checksum mismatch.
+      Expected '{{ dev_nix_installer_sha256 }}', got '{{ dev_nix_checksum_result.stdout }}'.
+      Refusing to execute the installer.
+  when: dev_nix_checksum_result.stdout != dev_nix_installer_sha256
+
+# Nix multi-user (daemon) mode: creates /nix/store when successful.
+- name: Run Nix installer in daemon (multi-user) mode if Nix is not installed
+  ansible.builtin.shell: >
+    "{{ dev_nix_installer_dest }}" --daemon
+  args:
+    creates: "/nix/store"
+  become: true
+
+- name: Optionally drop shell snippet for Nix
+  ansible.builtin.copy:
+    dest: "{{ dev_nix_shell_snippet_path }}"
+    mode: "0644"
+    content: |
+      # Added by dev-nix Ansible role
+      if [ -e /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh ]; then
+        . /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh
+      fi
+  when: dev_nix_enable_shell_snippet | bool
+  become: true
diff --git a/roles/dev-nix/tasks/main.yml b/roles/dev-nix/tasks/main.yml
new file mode 100644
index 00000000..6e9975b7
--- /dev/null
+++ b/roles/dev-nix/tasks/main.yml
@@ -0,0 +1,5 @@
+---
+# Main entrypoint for the dev-nix role
+
+- name: Include installation tasks for Nix
+  ansible.builtin.include_tasks: install.yml
diff --git a/roles/dev-nix/vars/main.yml b/roles/dev-nix/vars/main.yml
new file mode 100644
index 00000000..7107c7a8
--- /dev/null
+++ b/roles/dev-nix/vars/main.yml
@@ -0,0 +1 @@
+application_id: dev-nix
\ No newline at end of file