geir/home-lab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added niri

Browse source
This commit is contained in:
Geir Okkenhaug Jerstad 2025-06-10 20:33:54 +02:00
parent cdbce471ba
commit 8029d93a84
10 changed files with 837 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

259
documentation/BRANCHING_STRATEGY.md Normal file
View file

@ -0,0 +1,259 @@
# Git Branching Strategy for Infrastructure Management
## Branch Structure
### Main Branches
#### `main`
- **Purpose**: Production-ready configurations
- **Protection**: Protected branch with required reviews
- **Deployment**: Automatically deployed to production machines
- **Stability**: Should always be stable and tested
#### `develop`
- **Purpose**: Integration branch for new features
- **Testing**: Continuous integration testing
- **Merging**: Features merge here first
- **Deployment**: Deployed to staging/test environments
### Supporting Branches
#### Feature Branches: `feature/<description>`
- **Purpose**: Development of new features or modules
- **Naming**: `feature/add-cosmic-desktop`, `feature/sleeper-service-config`
- **Lifetime**: Temporary, deleted after merge
- **Source**: Branch from `develop`
- **Merge**: Merge back to `develop`
#### Machine Branches: `machine/<machine-name>`
- **Purpose**: Machine-specific configuration changes
- **Naming**: `machine/congenital-optimist`, `machine/sleeper-service`
- **Use Case**: Testing machine-specific changes
- **Merge**: Merge to `develop` after testing
#### Hotfix Branches: `hotfix/<issue>`
- **Purpose**: Critical fixes for production
- **Naming**: `hotfix/security-patch`, `hotfix/boot-failure`
- **Source**: Branch from `main`
- **Merge**: Merge to both `main` and `develop`
#### Module Branches: `module/<module-name>`
- **Purpose**: Development of specific modules
- **Naming**: `module/virtualization`, `module/desktop-gnome`
- **Scope**: Single module focus
- **Testing**: Module-specific testing
### Tagging Strategy
#### Version Tags: `v<major>.<minor>.<patch>`
- **Purpose**: Mark stable releases
- **Format**: `v1.0.0`, `v1.2.1`
- **Trigger**: Major configuration milestones
- **Deployment**: Tag triggers deployment workflows
#### Machine Tags: `<machine>-v<version>`
- **Purpose**: Machine-specific deployments
- **Format**: `congenital-optimist-v1.0.0`
- **Use Case**: Track per-machine configurations
- **Rollback**: Enable machine-specific rollbacks
#### Phase Tags: `phase-<number>-complete`
- **Purpose**: Mark migration phase completion
- **Format**: `phase-1-complete`, `phase-2-complete`
- **Documentation**: Link to plan.md milestones
## Workflow Examples
### Standard Feature Development
```bash
# Start new feature
git checkout develop
git pull origin develop
git checkout -b feature/add-incus-clustering
# Develop and test
# ... make changes ...
nix flake check
sudo nixos-rebuild test --flake .#congenital-optimist
# Commit and push
git add .
git commit -m "feat: add Incus clustering support"
git push origin feature/add-incus-clustering
# Create PR to develop
# ... review process ...
# Merge to develop
```
### Machine-Specific Changes
```bash
# Machine-specific branch
git checkout develop
git checkout -b machine/sleeper-service
# Test on specific machine
sudo nixos-rebuild test --flake .#sleeper-service
# Commit and merge
git add .
git commit -m "feat(sleeper-service): add NFS server configuration"
```
### Hotfix Process
```bash
# Critical fix needed
git checkout main
git checkout -b hotfix/zfs-boot-failure
# Fix the issue
# ... emergency fix ...
sudo nixos-rebuild test --flake .#congenital-optimist
# Deploy to main
git add .
git commit -m "fix: resolve ZFS boot failure"
git checkout main
git merge hotfix/zfs-boot-failure
git tag v1.0.1
# Backport to develop
git checkout develop
git merge hotfix/zfs-boot-failure
```
## Commit Convention
### Format
```
<type>(<scope>): <description>
[optional body]
[optional footer]
```
### Types
- **feat**: New feature or module
- **fix**: Bug fix
- **docs**: Documentation changes
- **style**: Formatting, missing semicolons, etc.
- **refactor**: Code refactoring
- **test**: Adding tests
- **chore**: Maintenance tasks
### Scopes
- **machine**: `(congenital-optimist)`, `(sleeper-service)`
- **module**: `(desktop)`, `(virtualization)`, `(users)`
- **config**: `(flake)`, `(ci)`
- **docs**: `(readme)`, `(plan)`
### Examples
```bash
feat(desktop): add Cosmic desktop environment module
fix(virtualization): resolve Incus networking issues
docs(readme): update installation instructions
refactor(modules): reorganize desktop environment modules
chore(ci): update GitHub Actions workflow
```
## Branch Protection Rules
### Main Branch Protection
- **Required Reviews**: 1 reviewer minimum
- **Status Checks**: All CI checks must pass
- **Up-to-date**: Branch must be up to date before merging
- **Admin Override**: Allow admin override for hotfixes
- **Force Push**: Disabled
- **Deletion**: Disabled
### Develop Branch Protection
- **Required Reviews**: 1 reviewer (can be self-review)
- **Status Checks**: All CI checks must pass
- **Auto-merge**: Allow auto-merge after checks
- **Force Push**: Disabled for others
## Merge Strategies
### Feature to Develop
- **Strategy**: Squash and merge
- **Reason**: Clean history, single commit per feature
- **Title**: Use conventional commit format
### Develop to Main
- **Strategy**: Merge commit
- **Reason**: Preserve feature branch history
- **Testing**: Full integration testing required
### Hotfix to Main
- **Strategy**: Fast-forward if possible
- **Reason**: Immediate deployment needed
- **Testing**: Minimal but critical testing
## Deployment Strategy
### Automatic Deployment
- **main** → Production machines (congenital-optimist, sleeper-service)
- **develop** → Test environment (if available)
### Manual Deployment
- Feature branches can be manually deployed for testing
- Use `nixos-rebuild test` for non-persistent testing
- Use `nixos-rebuild switch` for persistent changes
### Rollback Strategy
```bash
# Rollback to previous version
git checkout main
git revert <commit-hash>
git tag rollback-v1.0.0-to-v0.9.9
# Or rollback to specific tag
git checkout v1.0.0
sudo nixos-rebuild switch --flake .#congenital-optimist
```
## Branch Lifecycle
### Weekly Maintenance
- **Monday**: Review open feature branches
- **Wednesday**: Merge develop to main if stable
- **Friday**: Clean up merged feature branches
- **Sunday**: Update dependencies (automated)
### Monthly Tasks
- Review and update branch protection rules
- Clean up old tags and releases
- Update documentation
- Security audit of configurations
## Best Practices
### Branch Naming
- Use descriptive names: `feature/improve-zfs-performance`
- Include issue numbers: `feature/123-add-cosmic-desktop`
- Use lowercase with hyphens
- Keep names under 50 characters
### Commit Messages
- Use imperative mood: "add", "fix", "update"
- Keep first line under 50 characters
- Include body for complex changes
- Reference issues: "Fixes #123"
### Testing Requirements
- Always run `nix flake check` before committing
- Test with `nixos-rebuild test` on relevant machines
- Document testing performed in PR description
- Consider impact on other machines
### Code Review
- Focus on configuration correctness
- Check for security implications
- Verify documentation updates
- Ensure rollback plan exists
- Test locally when possible
---
This branching strategy ensures stable, tested configurations while enabling rapid development and emergency fixes when needed.

108
documentation/CLI_TOOLS_CONSOLIDATION.md Normal file
View file

@ -0,0 +1,108 @@
# CLI Tools Consolidation Summary
## Overview
Successfully consolidated common CLI tools from multiple user and machine configurations into `modules/common/base.nix` to reduce duplication and improve maintainability.
## Changes Made
### 1. Enhanced `modules/common/base.nix`
**Added packages:**
- Modern CLI tools (rust-based): `eza`, `bat`, `ripgrep`, `du-dust`, `bottom`, `fd`, `fzf`, `zoxide`, `tldr`
- Essential system tools: `curl`, `wget`, `git`, `htop`, `tree`, `file`, `unzip`, `zip`
- Text processing: `jq`, `yq`
- Network utilities: `nmap`
- System diagnostics: `lsof`, `strace`, `ncdu`
- Development basics: `github-cli`
- Environment management: `direnv`, `nix-direnv`
- Additional tools: `fastfetch`, `zellij`, `glances`, `systemctl-tui`, `uutils-coreutils-noprefix`
**Added aliases:**
- Editor shortcuts: `vi`/`vim``nvim`, `h``tldr`
- Modern CLI replacements: `ls``eza -l`, `cat``bat`, `grep``rg`, `top``btm`, `du``dust`, `find``fd`
- Git shortcuts: `gs`, `ga`, `gc`, `gp`, `gpa`, `gl`
- **Fixed `gpa` alias**: Now uses `git remote | xargs -L1 git push` for pushing to all remotes
### 2. Cleaned up `modules/users/common.nix`
**Removed duplicated packages:**
- `git`, `curl`, `wget`, `file`, `unzip`, `zip` (moved to base.nix)
**Removed duplicated aliases:**
- Basic CLI tool replacements (`ls`, `grep`, `find`, `cat`) moved to base.nix
- Basic git shortcuts moved to base.nix
### 3. Cleaned up `modules/users/geir.nix`
**Removed duplicated packages:**
- `wget`, `curl`, `htop`, `bottom`, `github-cli` (moved to base.nix)
### 4. Cleaned up `modules/users/sma.nix`
**Removed duplicated packages:**
- `htop`, `lsof`, `strace`, `curl`, `wget`, `tree`, `fd`, `ripgrep`, `fzf`, `ncdu`, `jq`, `yq`, `git`, `nmap` (moved to base.nix)
### 5. Cleaned up machine configurations
**reverse-proxy configuration:**
- Removed `curl`, `htop`, `bottom`, `git` (now in base.nix)
**grey-area configuration:**
- Removed `curl`, `htop`, `wget`, `git` (now in base.nix)
### 6. Cleaned up `packages/default.nix`
- Removed re-exports of `git`, `curl`, `wget` (now in base.nix)
## Benefits
1. **Reduced Duplication**: Eliminated 20+ instances of duplicated package declarations
2. **Better Maintainability**: Single source of truth for common CLI tools
3. **Consistency**: All machines get the same base set of modern CLI tools
4. **Simplified User Configs**: User-specific configs now focus on user-specific needs
5. **Easier Updates**: Update CLI tool versions in one place instead of multiple files
## Package Organization in base.nix
```nix
# Modern CLI tools (rust-based replacements)
tldr, eza, bat, ripgrep, du-dust, bottom, fd, fzf, zoxide, uutils-coreutils-noprefix
# Environment management
direnv, nix-direnv
# Essential system tools
curl, wget, git, htop, tree, file, unzip, zip
# Text processing and utilities
jq, yq
# Network utilities
nmap
# System monitoring and diagnostics
lsof, strace, ncdu
# Development basics
github-cli
```
## Verification
- ✅ `nix flake check` passes
- ✅ Dry-run build of congenital-optimist configuration succeeds
- ✅ All machines import base.nix via flake configuration
- ✅ No package conflicts or missing dependencies
## Next Steps
1. Consider creating additional specialized modules (e.g., `development/cli-tools.nix`) for development-specific tools
2. Monitor for any additional duplications as new packages are added
3. Consider consolidating shell aliases further if patterns emerge
## Final Completion Notes (Latest Updates)
### Git Alias Consolidation Completed
- **`gpa` alias fixed**: Properly configured in `base.nix` to push to all remotes using `git remote | xargs -L1 git push`
- **✅ Removed duplicate**: Eliminated hardcoded `git-push-all` alias from `geir.nix` that only worked with specific remotes (origin/github)
- **✅ Better flexibility**: The generic `gpa` alias now works with any git repository configuration
### Final Status
- **✅ All consolidation complete**: CLI tools, aliases, and git functionality fully consolidated
- **✅ No remaining duplications**: Comprehensive cleanup across all configuration files
- **✅ Validation passed**: `nix flake check` and `nixos-rebuild dry-run` both successful
- **✅ Ready for deployment**: All changes tested and validated
The CLI tools consolidation project is now **100% complete** with improved git workflow capabilities.

305
documentation/DEVELOPMENT_WORKFLOW.md Normal file
View file

@ -0,0 +1,305 @@
# 🔄 Development Workflow for Home Lab Infrastructure
## Overview
This document outlines the development workflow for the NixOS Home Lab infrastructure, emphasizing GitOps principles, automated testing, and safe configuration management.
## 🚀 Quick Start for Contributors
### Prerequisites
- NixOS system with flakes enabled
- Git configured with your credentials
- Access to the home lab machines (if deploying)
### Initial Setup
```bash
# Clone the repository
git clone <repository-url> Home-lab
cd Home-lab
# Verify flake configuration
nix flake check
# Test configuration locally (safe, non-persistent)
sudo nixos-rebuild test --flake .#congenital-optimist
```
## 🔄 Development Cycle
### 1. Feature Development
```bash
# Start from develop branch
git checkout develop
git pull origin develop
# Create feature branch
git checkout -b feature/improve-desktop-config
# Make your changes
# ... edit configuration files ...
# Validate configuration
nix flake check
# Test configuration (non-persistent)
sudo nixos-rebuild test --flake .#congenital-optimist
# Stage and commit changes
git add .
git commit -m "feat(desktop): improve GNOME configuration
- Add GNOME extensions for better workflow
- Configure custom keybindings
- Optimize performance settings"
# Push to remote
git push origin feature/improve-desktop-config
```
### 2. Pull Request Process
1. **Create PR** from feature branch to `develop`
2. **Automated Testing** runs via GitHub Actions:
- Flake syntax validation
- Build tests for all machines
- Security audit
- Documentation checks
3. **Code Review** by team members
4. **Local Testing** by reviewers (optional but recommended)
5. **Merge** to develop after approval
### 3. Production Deployment
```bash
# Merge develop to main (after testing)
git checkout main
git merge develop
# Tag release
git tag -a v1.1.0 -m "Release v1.1.0: Desktop improvements"
# Deploy to production
sudo nixos-rebuild switch --flake .#congenital-optimist
```
## 🧪 Testing Strategy
### Automated Testing (CI/CD)
Our GitHub Actions pipeline automatically tests:
- **Syntax Validation**: `nix flake check --all-systems`
- **Build Testing**: Full system build for each machine
- **Security Scanning**: Check for secrets and vulnerabilities
- **Module Validation**: Individual module testing
- **Documentation**: Ensure docs are up to date
### Manual Testing Levels
#### Level 1: Basic Validation
```bash
# Quick syntax check
nix flake check
# Build without applying
nix build .#nixosConfigurations.congenital-optimist.config.system.build.toplevel
```
#### Level 2: Safe Testing
```bash
# Test configuration (temporary, reverts on reboot)
sudo nixos-rebuild test --flake .#congenital-optimist
# Verify services
systemctl status incus libvirtd podman.socket
```
#### Level 3: Persistent Testing
```bash
# Apply configuration permanently
sudo nixos-rebuild switch --flake .#congenital-optimist
# Create rollback point
sudo nixos-rebuild test --flake .#congenital-optimist --rollback
```
## 🏗️ Configuration Architecture
### Module Organization
```
modules/
├── common/ # Shared base configuration
├── desktop/ # Desktop environment modules
├── development/ # Development tools and editors
├── hardware/ # Hardware-specific configurations
├── services/ # Service configurations
├── system/ # Core system modules
├── users/ # User configurations
└── virtualization/ # Container and VM setup
```
### Best Practices
#### Module Design
- **Single Responsibility**: Each module handles one aspect
- **Configurable**: Use options for customization
- **Documented**: Include comments and documentation
- **Testable**: Design for easy testing
#### Configuration Changes
- **Small Commits**: Make focused, atomic changes
- **Test First**: Always test before committing
- **Document Impact**: Explain what changes and why
- **Consider Rollback**: Ensure changes can be reverted
## 🔐 Security Considerations
### Configuration Security
- **No Secrets in Git**: Never commit passwords, keys, or certificates
- **Proper Permissions**: Set correct file permissions in configuration
- **Firewall Rules**: Review network access changes
- **User Privileges**: Validate user group memberships
### Development Security
- **Branch Protection**: Main branch requires reviews
- **Signed Commits**: Consider GPG signing for production
- **Access Control**: Limit who can deploy to production
- **Audit Trail**: All changes tracked in git history
## 🚨 Emergency Procedures
### Rollback Procedures
#### Git-based Rollback
```bash
# Find last known good commit
git log --oneline
# Rollback to specific commit
git checkout <commit-hash>
sudo nixos-rebuild switch --flake .#congenital-optimist
# Or revert specific changes
git revert <bad-commit-hash>
```
#### NixOS Generation Rollback
```bash
# List available generations
sudo nixos-rebuild list-generations
# Rollback to previous generation
sudo nixos-rebuild switch --rollback
# Or switch to specific generation
sudo /nix/var/nix/profiles/system-<generation>-link/bin/switch-to-configuration switch
```
#### ZFS Snapshot Rollback
```bash
# List snapshots
zfs list -t snapshot
# Rollback to snapshot (destructive!)
zfs rollback zpool/root@pre-update-snapshot
```
### Recovery Boot
If system fails to boot:
1. Boot from NixOS installation media
2. Import ZFS pools if needed
3. Chroot into system
4. Rollback to working configuration
5. Rebuild and reboot
## 📊 Monitoring and Maintenance
### Health Checks
Regular monitoring should include:
- **System Generations**: Track configuration changes
- **Service Status**: Monitor critical services
- **Storage Health**: ZFS pool status
- **Security Updates**: Regular dependency updates
- **Performance**: System resource utilization
### Automated Maintenance
Our CI/CD pipeline handles:
- **Weekly Dependency Updates**: Automated flake.lock updates
- **Security Scanning**: Regular vulnerability checks
- **Documentation Updates**: Auto-generated documentation
- **Build Verification**: Continuous build testing
### Manual Maintenance Tasks
#### Weekly
- Review open pull requests
- Check system logs for errors
- Verify backup operations
- Update development environment
#### Monthly
- Security audit of configurations
- Clean up old git branches
- Review and update documentation
- Performance optimization review
#### Quarterly
- Major dependency updates
- Infrastructure planning review
- Security policy updates
- Disaster recovery testing
## 🎯 Performance Optimization
### Build Performance
- **Nix Binary Cache**: Use shared cache for faster builds
- **Parallel Builds**: Configure appropriate build parallelism
- **Module Organization**: Optimize module import structure
- **Build Dependencies**: Minimize unnecessary dependencies
### Runtime Performance
- **Service Configuration**: Optimize service settings
- **Hardware Configuration**: Tune for specific hardware
- **Resource Allocation**: Configure appropriate limits
- **Monitoring**: Track performance metrics
## 📝 Documentation Standards
### Code Documentation
- **Module Comments**: Explain complex configurations
- **Option Documentation**: Document custom options
- **Example Usage**: Provide usage examples
- **Change Rationale**: Explain why changes were made
### Process Documentation
- **Workflow Updates**: Keep process docs current
- **Decision Records**: Document architectural decisions
- **Troubleshooting**: Maintain troubleshooting guides
- **Knowledge Transfer**: Document tribal knowledge
## 🤝 Collaboration Guidelines
### Communication
- **Clear Commit Messages**: Use conventional commit format
- **Descriptive PRs**: Explain what and why
- **Review Feedback**: Provide constructive feedback
- **Documentation**: Update docs with changes
### Code Review Focus Areas
1. **Correctness**: Does the configuration work?
2. **Security**: Any security implications?
3. **Performance**: Impact on system performance?
4. **Maintainability**: Is the code maintainable?
5. **Documentation**: Are docs updated?
## 🔗 Related Documentation
- [**README.md**](README.md): Project overview and quick start
- [**BRANCHING_STRATEGY.md**](BRANCHING_STRATEGY.md): Git workflow details
- [**plan.md**](plan.md): Migration and development plan
- [**CI/CD Pipeline**](.github/workflows/ci.yml): Automated testing configuration
---
*"The important thing is not to panic."* - Douglas Adams
This workflow ensures reliable, tested, and maintainable infrastructure while enabling rapid development and safe deployments.