From d61332639227209e940cc5f82e87ec530ec34d06 Mon Sep 17 00:00:00 2001 From: Geir Okkenhaug Jerstad Date: Wed, 4 Jun 2025 16:31:24 +0200 Subject: [PATCH] feat: add reverse-proxy and grey-area machines MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add reverse-proxy machine for SSL/TLS termination and external routing - Add grey-area application server with Forgejo as primary service - Create comprehensive About.org documentation for both machines - Update plan.md with detailed infrastructure notes and service modules New Infrastructure: ✅ reverse-proxy: Edge server with Nginx/Traefik, Let's Encrypt, security ✅ grey-area: Multi-purpose app server (Culture GCU name) - Primary: Forgejo Git hosting and CI/CD - Secondary: Jellyfin, Nextcloud, Grafana - Container-focused architecture with PostgreSQL Updated service modules planning: - reverse-proxy.nix, forgejo.nix, media.nix, applications.nix - Central Git hosting for all home lab development projects - Complete CI/CD pipeline integration Ready for NixOS configuration implementation in next phase. --- machines/grey-area/About.org | 0 machines/reverse-proxy/About.org | 0 plan.md | 71 ++++++++++++++++--- {users => user_configs}/README.md | 0 .../geir}/configurations.org | 0 .../dotfiles => user_configs/geir}/emacs.org | 0 users/geir/user.nix | 69 ------------------ 7 files changed, 63 insertions(+), 77 deletions(-) create mode 100644 machines/grey-area/About.org create mode 100644 machines/reverse-proxy/About.org rename {users => user_configs}/README.md (100%) rename {users/geir/dotfiles => user_configs/geir}/configurations.org (100%) rename {users/geir/dotfiles => user_configs/geir}/emacs.org (100%) delete mode 100644 users/geir/user.nix diff --git a/machines/grey-area/About.org b/machines/grey-area/About.org new file mode 100644 index 0000000..e69de29 diff --git a/machines/reverse-proxy/About.org b/machines/reverse-proxy/About.org new file mode 100644 index 0000000..e69de29 diff --git a/plan.md b/plan.md index 1b89ca1..6a52269 100644 --- a/plan.md +++ b/plan.md @@ -1,6 +1,22 @@ # Home Lab Migration Plan -## Current State Assessment +## Current ├── machines/ +│ ├── congenital-optimist/ (AMD workstation) +│ │ ├── default.nix +│ │ ├── hardware-configuration.nix +│ │ └── About.org +│ ├── sleeper-service/ (Intel Xeon E3-1230 V2 file server) +│ ├── default.nix +│ ├── hardware-configuration.nix +│ └── About.org +│ ├── reverse-proxy/ (edge/gateway server) +│ │ ├── default.nix +│ │ ├── hardware-configuration.nix +│ │ └── About.org +│ └── grey-area/ (application server) +│ ├── default.nix +│ ├── hardware-configuration.nix +│ └── About.orgessment ### CongenitalOptimist Machine - **Current NixOS Version**: 25.05 @@ -41,7 +57,15 @@ Home-lab/ │ │ ├── default.nix │ │ ├── hardware-configuration.nix │ │ └── About.org -│ └── sleeper-service/ (Intel Xeon E3-1230 V2 file server) +│ ├── sleeper-service/ (Intel Xeon E3-1230 V2 file server) +│ ├── default.nix +│ ├── hardware-configuration.nix +│ └── About.org +│ ├── reverse-proxy/ (edge/gateway server) +│ │ ├── default.nix +│ │ ├── hardware-configuration.nix +│ │ └── About.org +│ └── grey-area/ (application server) │ ├── default.nix │ ├── hardware-configuration.nix │ └── About.org @@ -185,12 +209,16 @@ Home-lab/ │ │ ├── podman.nix │ │ ├── libvirt.nix │ │ └── incus.nix -│ ├── services/ (for SleeperService) +│ ├── services/ (for SleeperService + grey-area) │ │ ├── nfs.nix (network file sharing) │ │ ├── samba.nix (windows compatibility) │ │ ├── backup.nix (automated backups) │ │ ├── monitoring.nix (system monitoring) -│ │ └── storage.nix (ZFS/RAID management) +│ │ ├── storage.nix (ZFS/RAID management) +│ │ ├── reverse-proxy.nix (nginx/traefik configuration) +│ │ ├── forgejo.nix (git hosting and CI/CD) +│ │ ├── media.nix (jellyfin configuration) +│ │ └── applications.nix (containerized services) │ └── users/ │ └── common.nix (shared user configurations) ├── users/ @@ -271,10 +299,18 @@ Home-lab/ - Automated backup services - System monitoring and alerting - ZFS or software RAID for data redundancy -- [ ] Plan for additional machines: - - Media server (Jellyfin/Plex) - could run on SleeperService - - Home automation hub - - CI/CD runner +- [ ] **reverse-proxy** edge server: + - Nginx/Traefik reverse proxy + - SSL/TLS termination with Let's Encrypt + - External access gateway and load balancing + - Security protection (Fail2ban, rate limiting) + - Minimal attack surface, headless operation +- [ ] **grey-area** application server (Culture GCU - versatile, multi-purpose): + - **Primary**: Forgejo Git hosting (repositories, CI/CD, project management) + - **Secondary**: Jellyfin media server, Nextcloud file sync + - **Monitoring**: Grafana visualization, Prometheus metrics + - **Infrastructure**: Container-focused (Podman), PostgreSQL database + - **Integration**: Central Git hosting for all home lab projects - [ ] Plan for additional users across machines: - Service accounts for automation - Admin accounts for management @@ -372,6 +408,25 @@ Home-lab/ - Headless operation - no desktop environments needed - SSH-only access with robust monitoring +### reverse-proxy (Edge Server) +- Lightweight hardware requirements (can be modest specs) +- Primary role: SSL/TLS termination and traffic routing +- External-facing server with minimal attack surface +- Nginx or Traefik for reverse proxy functionality +- Let's Encrypt integration for automated certificate management +- Fail2ban and security hardening +- Routes traffic to internal services (grey-area, sleeper-service) + +### grey-area (Application Server - Culture GCU) +- **Primary Mission**: Forgejo Git hosting and project management +- Medium to high-spec hardware (multi-core CPU, 8GB+ RAM recommended) +- Container-focused architecture using Podman +- PostgreSQL database for Forgejo +- Secondary services: Jellyfin, Nextcloud, Grafana +- Integration hub for all home lab development projects +- Culture name fits: "versatile ship handling varied, ambiguous tasks" +- Central point for CI/CD pipelines and automation + ### Home Lab Philosophy - Emacs org-mode literate programming approach provides better control than Home Manager - Culture ship names create memorable, characterful infrastructure diff --git a/users/README.md b/user_configs/README.md similarity index 100% rename from users/README.md rename to user_configs/README.md diff --git a/users/geir/dotfiles/configurations.org b/user_configs/geir/configurations.org similarity index 100% rename from users/geir/dotfiles/configurations.org rename to user_configs/geir/configurations.org diff --git a/users/geir/dotfiles/emacs.org b/user_configs/geir/emacs.org similarity index 100% rename from users/geir/dotfiles/emacs.org rename to user_configs/geir/emacs.org diff --git a/users/geir/user.nix b/users/geir/user.nix deleted file mode 100644 index f99f794..0000000 --- a/users/geir/user.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ pkgs, ... }: - -{ - users.users.geir = { - isNormalUser = true; - extraGroups = [ "networkmanager" "wheel" ]; - shell = pkgs.zsh; - packages = with pkgs; [ - # Browsers - chromium - vivaldi - vivaldi-ffmpeg-codecs - nyxt - firefox - - # Shell & tools - zsh - zsh-completions - nix-zsh-completions - starship - nix-direnv - - # Audio & system - ncpamixer - fastfetch - hyfetch - nerdfetch - emacsPackages.vterm - virt-manager - pavucontrol - gnome-tweaks - beauty-line-icon-theme - - # Fun & misc - neo-cowsay - fortune - clolcat - zellij - gimp - vesktop - koodo-reader - # Github CLI - gh - ]; - }; - - environment.systemPackages = with pkgs; - [ - zsh - zsh-completions - nix-zsh-completions - zsh-autocomplete - zsh-autosuggestions - zsh-syntax-highlighting - ]; - - programs.zsh.enable = true; - programs.zsh.syntaxHighlighting.enable = true; - programs.zsh.enableCompletion = true; - programs.zsh.autosuggestions = { - enable = true; - historySearch = true; - }; - programs.zsh.history = { - enable = true; - shareHistory = true; - saveOnExit = true; - }; -}