jan-leila/nix-config
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nix-config/README.md

101 lines
No EOL
4.3 KiB
Markdown
Raw Blame History

# nix-config
https://git.jan-leila.com/jan-leila/nix-config
nix multi user, multi system, configuration with `sops` secret management, `home-manager`, and `nixos-anywhere` setup via `disko` with `zfs` + `impermanence`
# Hosts
## Host Map
| Hostname | Device Description | Primary User | Role | Provisioned | Using Nix |
| :---------: | :------------------------: | :--------------: | :-------: | :---------: | :-------: |
| `twilight` | Desktop Computer | Leyla | Desktop | ✅ | ✅ |
| `horizon` | 13 inch Framework Laptop | Leyla | Laptop | ✅ | ✅ |
| `defiant` | NAS Server | Leyla | Server | ✅ | ✅ |
| `hesperium` | Mac | ????? | Mac | ❌ | ❌ |
| `emergent` | Desktop Computer | Eve | Desktop | ✅ | ✅ |
| `threshold` | Laptop | Eve | Laptop | ❌ | ❌ |
| `wolfram` | Steam Deck | House | Handheld | ✅ | ❌ |
| `ceder` | A5 Tablet | Leyla | Tablet | ✅ | ❌ |
| `skate` | A6 Tablet | Leyla | Tablet | ❌ | ❌ |
| `shale` | A6 Tablet | Eve | Tablet | ✅ | ❌ |
| `coven` | Pixel 8 | Leyla | Android | ✅ | ❌ |
# Tooling
## Rebuilding
`./rebuild.sh`
## Updating
`nix flake update`
## New host setup
`./install.sh --target 192.168.1.130 --flake hostname`
## Updating Secrets
`sops secrets/secrets_file_here.yaml`
## Inspecting a configuration
`nix-inspect -p .`
# Notes:
## Research topics
- Look into this for auto rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/`
- Look into this for npins https://jade.fyi/blog/pinning-nixos-with-npins/
- https://nixos-and-flakes.thiscute.world/
# Tasks:
## Chores:
- [ ] test out crab hole service
- [ ] learn how to use actual
## Tech Debt
- [ ] monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/)
- [ ] migrate away from flakes and move to npins
## Broken things
- [ ] figure out steam vr things?
- [ ] whisper was having issues
## Data Integrity
- [ ] zfs email after scrubbing # TODO: test this
- [ ] SMART test with email results
- [ ] zfs encryption FIDO2 2fa (look into shavee)
- [ ] rotate sops encryption keys periodically (and somehow sync between devices?)
- [ ] Secure Boot - https://github.com/nix-community/lanzaboote
- [ ] auto turn off on power loss - nut
## Data Access
- [ ] nfs export should be backed by the same values for server and client
- [ ] samba mounts
- [ ] offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs)
- [ ] figure out why syncthing and jellyfins permissions don't propagate downwards
- [ ] make radarr, sonarr, and bazarr accessible over vpn
- [ ] move searx, home-assistant, actual, vikunja, jellyfin, paperless, and immich to only be accessible via vpn
## Services
- [ ] vikunja service for project management
- [ ] Create Tor guard/relay server
- [ ] mastodon instance
- [ ] screeps server
## DevOps
- [ ] wake on LAN for updates
- [ ] remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html
- [ ] ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix
- [ ] fix panoramax package
- [ ] claude code MCP servers should bundle node with them so they work in all environments
## Observability
- [ ] graphana for dashboards
- [ ] prometheus and loki for metric and log collection
- [ ] zfs storage usage
- [ ] zfs drive health status
- [ ] service version lag
- [ ] network/cpu/ram utilization
- [ ] http latency
- [ ] postgres db load
- [ ] nginx queries
- [ ] ntfy.sh for push notifications
- [ ] kuma for uptime visualization
Reference in a new issue View git blame Copy permalink