feat: add reverse-proxy and grey-area machines

- Add reverse-proxy machine for SSL/TLS termination and external routing - Add grey-area application server with Forgejo as primary service - Create comprehensive About.org documentation for both machines - Update plan.md with detailed infrastructure notes and service modules New Infrastructure: ✅ reverse-proxy: Edge server with Nginx/Traefik, Let's Encrypt, security ✅ grey-area: Multi-purpose app server (Culture GCU name) - Primary: Forgejo Git hosting and CI/CD - Secondary: Jellyfin, Nextcloud, Grafana - Container-focused architecture with PostgreSQL Updated service modules planning: - reverse-proxy.nix, forgejo.nix, media.nix, applications.nix - Central Git hosting for all home lab development projects - Complete CI/CD pipeline integration Ready for NixOS configuration implementation in next phase.
2025-06-04 16:31:24 +02:00 · 2025-06-04 16:31:24 +02:00 · d613326392
commit d613326392
parent 344e7686bf
7 changed files with 63 additions and 77 deletions
--- a/machines/grey-area/About.org
+++ b/machines/grey-area/About.org
--- a/machines/reverse-proxy/About.org
+++ b/machines/reverse-proxy/About.org
--- a/plan.md
+++ b/plan.md
@ -1,6 +1,22 @@
 # Home Lab Migration Plan

-## Current State Assessment
+## Current ├── machines/
+│   ├── congenital-optimist/ (AMD workstation)
+│   │   ├── default.nix
+│   │   ├── hardware-configuration.nix
+│   │   └── About.org
+│   ├── sleeper-service/ (Intel Xeon E3-1230 V2 file server)
+│       ├── default.nix
+│       ├── hardware-configuration.nix
+│       └── About.org
+│   ├── reverse-proxy/ (edge/gateway server)
+│   │   ├── default.nix
+│   │   ├── hardware-configuration.nix
+│   │   └── About.org
+│   └── grey-area/ (application server)
+│       ├── default.nix
+│       ├── hardware-configuration.nix
+│       └── About.orgessment

 ### CongenitalOptimist Machine
 - **Current NixOS Version**: 25.05
@ -41,7 +57,15 @@ Home-lab/
 │   │   ├── default.nix
 │   │   ├── hardware-configuration.nix
 │   │   └── About.org
-│   └── sleeper-service/ (Intel Xeon E3-1230 V2 file server)
+│   ├── sleeper-service/ (Intel Xeon E3-1230 V2 file server)
+│       ├── default.nix
+│       ├── hardware-configuration.nix
+│       └── About.org
+│   ├── reverse-proxy/ (edge/gateway server)
+│   │   ├── default.nix
+│   │   ├── hardware-configuration.nix
+│   │   └── About.org
+│   └── grey-area/ (application server)
 │       ├── default.nix
 │       ├── hardware-configuration.nix
 │       └── About.org
@ -185,12 +209,16 @@ Home-lab/
 │   │   ├── podman.nix
 │   │   ├── libvirt.nix
 │   │   └── incus.nix
-│   ├── services/ (for SleeperService)
+│   ├── services/ (for SleeperService + grey-area)
 │   │   ├── nfs.nix (network file sharing)
 │   │   ├── samba.nix (windows compatibility)
 │   │   ├── backup.nix (automated backups)
 │   │   ├── monitoring.nix (system monitoring)
-│   │   └── storage.nix (ZFS/RAID management)
+│   │   ├── storage.nix (ZFS/RAID management)
+│   │   ├── reverse-proxy.nix (nginx/traefik configuration)
+│   │   ├── forgejo.nix (git hosting and CI/CD)
+│   │   ├── media.nix (jellyfin configuration)
+│   │   └── applications.nix (containerized services)
 │   └── users/
 │       └── common.nix (shared user configurations)
 ├── users/
@ -271,10 +299,18 @@ Home-lab/
  - Automated backup services
  - System monitoring and alerting
  - ZFS or software RAID for data redundancy
- [ ] Plan for additional machines:
-  - Media server (Jellyfin/Plex) - could run on SleeperService
-  - Home automation hub
-  - CI/CD runner
+- [ ] **reverse-proxy** edge server:
+  - Nginx/Traefik reverse proxy
+  - SSL/TLS termination with Let's Encrypt
+  - External access gateway and load balancing
+  - Security protection (Fail2ban, rate limiting)
+  - Minimal attack surface, headless operation
+- [ ] **grey-area** application server (Culture GCU - versatile, multi-purpose):
+  - **Primary**: Forgejo Git hosting (repositories, CI/CD, project management)
+  - **Secondary**: Jellyfin media server, Nextcloud file sync
+  - **Monitoring**: Grafana visualization, Prometheus metrics
+  - **Infrastructure**: Container-focused (Podman), PostgreSQL database
+  - **Integration**: Central Git hosting for all home lab projects
 - [ ] Plan for additional users across machines:
  - Service accounts for automation
  - Admin accounts for management
@ -372,6 +408,25 @@ Home-lab/
 - Headless operation - no desktop environments needed
 - SSH-only access with robust monitoring

+### reverse-proxy (Edge Server)
+- Lightweight hardware requirements (can be modest specs)
+- Primary role: SSL/TLS termination and traffic routing
+- External-facing server with minimal attack surface
+- Nginx or Traefik for reverse proxy functionality
+- Let's Encrypt integration for automated certificate management
+- Fail2ban and security hardening
+- Routes traffic to internal services (grey-area, sleeper-service)
+
+### grey-area (Application Server - Culture GCU)
+- **Primary Mission**: Forgejo Git hosting and project management
+- Medium to high-spec hardware (multi-core CPU, 8GB+ RAM recommended)
+- Container-focused architecture using Podman
+- PostgreSQL database for Forgejo
+- Secondary services: Jellyfin, Nextcloud, Grafana
+- Integration hub for all home lab development projects
+- Culture name fits: "versatile ship handling varied, ambiguous tasks"
+- Central point for CI/CD pipelines and automation
+
 ### Home Lab Philosophy
 - Emacs org-mode literate programming approach provides better control than Home Manager
 - Culture ship names create memorable, characterful infrastructure
--- a/user_configs/README.md
+++ b/user_configs/README.md
--- a/users/geir/dotfiles/configurations.org
+++ b/users/geir/dotfiles/configurations.org
--- a/users/geir/dotfiles/emacs.org
+++ b/users/geir/dotfiles/emacs.org
--- a/users/geir/user.nix
+++ b/users/geir/user.nix
@ -1,69 +0,0 @@
-{ pkgs, ... }:
-
-{
-  users.users.geir = {
-    isNormalUser = true;
-    extraGroups = [ "networkmanager" "wheel"  ];
-    shell = pkgs.zsh;
-    packages = with pkgs; [
-      # Browsers
-      chromium
-      vivaldi
-      vivaldi-ffmpeg-codecs
-      nyxt
-      firefox
-
-      # Shell & tools
-      zsh
-      zsh-completions
-      nix-zsh-completions
-      starship
-      nix-direnv
-
-      # Audio & system
-      ncpamixer
-      fastfetch
-      hyfetch
-      nerdfetch
-      emacsPackages.vterm
-      virt-manager
-      pavucontrol
-      gnome-tweaks
-      beauty-line-icon-theme
-
-      # Fun & misc
-      neo-cowsay
-      fortune
-      clolcat
-      zellij
-      gimp
-      vesktop
-      koodo-reader
-      # Github CLI
-      gh
-    ];
-  };
-
-  environment.systemPackages = with pkgs;
-    [
-      zsh
-      zsh-completions
-      nix-zsh-completions
-      zsh-autocomplete
-      zsh-autosuggestions
-      zsh-syntax-highlighting
-    ];
-
-  programs.zsh.enable = true;
-  programs.zsh.syntaxHighlighting.enable = true;
-  programs.zsh.enableCompletion = true;
-  programs.zsh.autosuggestions = {
-    enable = true;
-    historySearch = true;
-  };
-  programs.zsh.history = {
-    enable = true;
-    shareHistory = true;
-    saveOnExit = true;
-  };
-}