forked from jan-leila/nix-config
merge: merged leyla/main
This commit is contained in:
parent
3a58722815
commit
0a8b3e1496
120 changed files with 2396 additions and 4519 deletions
39
README.md
39
README.md
|
|
@ -43,17 +43,34 @@ nix multi user, multi system, configuration with `sops` secret management, `home
|
|||
- Look into this for auto rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/`
|
||||
- Look into this for npins https://jade.fyi/blog/pinning-nixos-with-npins/
|
||||
- https://nixos-and-flakes.thiscute.world/
|
||||
- proton mail now has an smtp server we could use that for our zfs and SMART test emails
|
||||
- VR https://lvra.gitlab.io/docs/distros/nixos/
|
||||
|
||||
# Tasks:
|
||||
|
||||
## Documentation
|
||||
- [ ] project layout
|
||||
- [ ] users file structure
|
||||
- [ ] reverse proxy design
|
||||
- public service compatibility
|
||||
- vpn based services compatibility
|
||||
- [ ] the choice of impermanence
|
||||
- [ ] storage module design
|
||||
- base impermanence compatibility and structure reason
|
||||
- what does local vs persist mean in pool names (do we need a second layer? ephemeral, local, and persist? local exist only on this machine and is not backed up, persist is backed up to other machines (I think we need to redo the sops and torrent/media folders?))
|
||||
- plans to possibly support btrfs in the future
|
||||
- plans for home manager datasets
|
||||
- plans for auto systemd service datasets
|
||||
- [ ] plans to migrate to some kind of acl structure for user management
|
||||
- [ ] plans to migrate from flakes to npins
|
||||
|
||||
## Chores:
|
||||
- [ ] test out crab hole service
|
||||
- [ ] learn how to use actual
|
||||
|
||||
## Tech Debt
|
||||
- [ ] monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/)
|
||||
- [ ] migrate away from flakes and move to npins
|
||||
- [ ] rework the reverse_proxy.nix file so that it is a normally named service. Then also change it so that we can hook into it with both a base domain and a subdomain to make migrating to vpn accessible services easier
|
||||
- [ ] `host.users` should be redone so that we just extend the base `users.users` object. Right now we cant quite do this because we have weird circular dependencies with disko/impermanence (not sure which one) and home manger enabling/disabling users per devices
|
||||
|
||||
## Broken things
|
||||
- [ ] figure out steam vr things?
|
||||
|
|
@ -66,18 +83,27 @@ nix multi user, multi system, configuration with `sops` secret management, `home
|
|||
- [ ] rotate sops encryption keys periodically (and somehow sync between devices?)
|
||||
- [ ] Secure Boot - https://github.com/nix-community/lanzaboote
|
||||
- [ ] auto turn off on power loss - nut
|
||||
- [ ] every service needs to have its own data pool
|
||||
- [ ] secondary server with data sync. Maybe a Pi with a usb hdd enclosure and use rtcwake to only turn on once a week to sync data over tailscale with connection initiated from pi's side. We could probably put this at LZ. Hoping for it to draw only like $1 of power a month. Initial sync should probably be done here before we move it over because that will take a while. Data should be encrypted so that devices doesn't have access to it. Project will prob cost like $1800
|
||||
|
||||
## Data Access
|
||||
- [ ] nfs export should be backed by the same values for server and client
|
||||
- [ ] samba mounts
|
||||
- [ ] offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs)
|
||||
- [ ] figure out why syncthing and jellyfins permissions don't propagate downwards
|
||||
- [ ] make radarr, sonarr, and bazarr accessible over vpn
|
||||
- [ ] move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn
|
||||
- [ ] make radarr, sonarr, and bazarr accessible over vpn with fully qualified names via reverse proxy
|
||||
- [ ] move searx, home-assistant, actual, vikunja, jellyfin, paperless, and immich to only be accessible via vpn
|
||||
- [ ] FreeIPA/SSSD/LDAP/Kerberos to manage uid and gid's
|
||||
|
||||
## Services
|
||||
- [ ] ntfy service for unified push
|
||||
- [ ] signal socket server
|
||||
- [ ] vikunja service for project management
|
||||
- [ ] Penpot services (need to make this custom)
|
||||
- [ ] minecraft server with old world file
|
||||
- [ ] storj server
|
||||
- [ ] Create Tor guard/relay server
|
||||
- [ ] screeps server
|
||||
- [ ] mastodon instance
|
||||
|
||||
## DevOps
|
||||
|
|
@ -98,4 +124,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home
|
|||
- [ ] postgres db load
|
||||
- [ ] nginx queries
|
||||
- [ ] ntfy.sh for push notifications
|
||||
- [ ] kuma for uptime visualization
|
||||
- [ ] kuma for uptime visualization
|
||||
|
||||
## Packages
|
||||
- [ ] Custom private fork of MultiMC
|
||||
Loading…
Add table
Add a link
Reference in a new issue