diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml deleted file mode 100644 index 059a612..0000000 --- a/.github/workflows/ci.yml +++ /dev/null @@ -1,233 +0,0 @@ -name: 🏠 Home Lab CI/CD Pipeline - -on: - push: - branches: [ main, develop ] - pull_request: - branches: [ main ] - schedule: - # Weekly dependency updates check - - cron: '0 0 * * 0' - -env: - NIXPKGS_ALLOW_UNFREE: 1 - -jobs: - # Lint and validate flake configuration - validate: - name: 🔍 Validate Configuration - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@main - with: - extra-conf: | - experimental-features = nix-command flakes - accept-flake-config = true - - - name: Setup Nix Magic Cache - uses: DeterminateSystems/magic-nix-cache-action@main - - - name: Check flake syntax - run: nix flake check --all-systems - - - name: Format check - run: | - nix fmt - git diff --exit-code - - # Build configurations for all machines - build: - name: 🔨 Build Configurations - runs-on: ubuntu-latest - needs: validate - strategy: - matrix: - machine: [congenital-optimist, sleeper-service] - fail-fast: false - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@main - with: - extra-conf: | - experimental-features = nix-command flakes - accept-flake-config = true - - - name: Setup Nix Magic Cache - uses: DeterminateSystems/magic-nix-cache-action@main - - - name: Build ${{ matrix.machine }} configuration - run: | - nix build .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel - - - name: Check configuration size - run: | - nix path-info -S .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel - - # Security and dependency auditing - security: - name: 🔒 Security Audit - runs-on: ubuntu-latest - needs: validate - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@main - with: - extra-conf: | - experimental-features = nix-command flakes - accept-flake-config = true - - - name: Setup Nix Magic Cache - uses: DeterminateSystems/magic-nix-cache-action@main - - - name: Run security audit - run: | - echo "TODO: Implement security auditing" - # Future: nix-audit or similar security tools - # Check for known vulnerabilities in dependencies - - - name: Check for secrets in repository - run: | - echo "Checking for accidentally committed secrets..." - if grep -r "PRIVATE KEY\|password\|secret" . --exclude-dir=.git --exclude="*.md" --exclude=".github"; then - echo "❌ Potential secrets found in repository" - exit 1 - else - echo "✅ No obvious secrets found" - fi - - # Documentation and module validation - documentation: - name: 📚 Documentation & Modules - runs-on: ubuntu-latest - needs: validate - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@main - with: - extra-conf: | - experimental-features = nix-command flakes - accept-flake-config = true - - - name: Setup Nix Magic Cache - uses: DeterminateSystems/magic-nix-cache-action@main - - - name: Validate module structure - run: | - echo "Validating module structure..." - - # Check that all modules have proper structure - for module in modules/*/*.nix; do - echo "Checking $module" - nix eval --file "$module" || echo "Warning: $module may have syntax issues" - done - - - name: Generate documentation - run: | - echo "TODO: Generate system documentation" - # Future: Automatically generate module documentation - # Update README with current system state - - # Update flake.lock and test - update-dependencies: - name: 🔄 Update Dependencies - runs-on: ubuntu-latest - if: github.event_name == 'schedule' - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@main - with: - extra-conf: | - experimental-features = nix-command flakes - accept-flake-config = true - - - name: Setup Nix Magic Cache - uses: DeterminateSystems/magic-nix-cache-action@main - - - name: Update flake.lock - run: | - nix flake update - - - name: Test updated dependencies - run: | - nix flake check - - - name: Create Pull Request - uses: peter-evans/create-pull-request@v5 - with: - token: ${{ secrets.GITHUB_TOKEN }} - commit-message: "🔄 Update flake.lock - Automated dependency update" - title: "Automated dependency update" - body: | - ## 🔄 Automated Dependency Update - - This PR updates the flake.lock file with the latest versions of all inputs. - - ### Changes - - Updated all flake inputs to latest versions - - Ran `nix flake check` to ensure compatibility - - ### Validation - - [x] Flake syntax validation passed - - [x] Build tests completed successfully - - Please review and test locally before merging. - branch: automated/update-dependencies - delete-branch: true - - # Deployment (for self-hosted runners on actual machines) - deploy: - name: 🚀 Deploy Configuration - runs-on: self-hosted - needs: [validate, build, security] - if: github.ref == 'refs/heads/main' && github.event_name == 'push' - environment: production - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Deploy to machines - run: | - echo "TODO: Implement deployment strategy" - # Future: Implement actual deployment - # This would require self-hosted runners on each machine - # or remote deployment via SSH - - echo "Would deploy to:" - echo "- congenital-optimist" - echo "- sleeper-service" - - # Notification on completion - notify: - name: 📢 Notify Results - runs-on: ubuntu-latest - needs: [validate, build, security, documentation] - if: always() - steps: - - name: Notify status - run: | - echo "Pipeline completed" - echo "Validate: ${{ needs.validate.result }}" - echo "Build: ${{ needs.build.result }}" - echo "Security: ${{ needs.security.result }}" - echo "Documentation: ${{ needs.documentation.result }}" - - # Future: Send notifications to Discord/Slack/Email - # if any jobs failed diff --git a/machines/grey-area/nixos/configuration.nix b/machines/grey-area/nixos/configuration.nix index 5c4bff1..55c1c87 100644 --- a/machines/grey-area/nixos/configuration.nix +++ b/machines/grey-area/nixos/configuration.nix @@ -47,7 +47,7 @@ services.fwupd.enable = true; # Networking - networking.hostName = "apps"; + networking.hostName = "grey-area"; networking.networkmanager.enable = true; # Set your time zone. @@ -92,6 +92,6 @@ networking.firewall.allowedTCPPorts = [ 22 19999 23231]; networking.firewall.allowedUDPPorts = [ 22 23231 ]; networking.nftables.enable = true; - system.stateVersion = "23.05"; + system.stateVersion = "23.05"; # Do not change this, it maintains data compatibility. } diff --git a/modules/system/applications.nix b/modules/system/applications.nix index e218e79..3a762a0 100644 --- a/modules/system/applications.nix +++ b/modules/system/applications.nix @@ -1,6 +1,13 @@ -{ config, pkgs, ... }: { +{ config, pkgs, ... }: +let + # Import custom packages from the flake + homeLabPackages = import ../../packages { inherit pkgs; }; +in { # System applications and utilities environment.systemPackages = with pkgs; [ + # Home lab management tools + homeLabPackages.lab + # Terminal applications kitty terminator diff --git a/modules/users/geir.nix b/modules/users/geir.nix index aeba29a..861c965 100644 --- a/modules/users/geir.nix +++ b/modules/users/geir.nix @@ -118,7 +118,7 @@ # Shell aliases shellAliases = { # Development workflow - "lab" = "z /home/geir/Home-lab"; + "home-lab" = "z /home/geir/Home-lab"; "configs" = "z /home/geir/Home-lab/user_configs/geir"; "emacs-config" = "emacs /home/geir/Home-lab/user_configs/geir/emacs.org"; diff --git a/modules/users/sma.nix b/modules/users/sma.nix index 9673839..7a6f100 100644 --- a/modules/users/sma.nix +++ b/modules/users/sma.nix @@ -83,10 +83,13 @@ # Admin-focused aliases shellAliases = { - # System management - "rebuild" = "sudo nixos-rebuild switch --flake /home/geir/Home-lab"; - "rebuild-test" = "sudo nixos-rebuild test --flake /home/geir/Home-lab"; - "rebuild-boot" = "sudo nixos-rebuild boot --flake /home/geir/Home-lab"; + # System management (use current system configuration) + "rebuild" = "sudo nixos-rebuild switch"; + "rebuild-test" = "sudo nixos-rebuild test"; + "rebuild-boot" = "sudo nixos-rebuild boot"; + "rebuild-flake" = "cd /tmp/home-lab-config && sudo nixos-rebuild switch --flake ."; + "rebuild-flake-test" = "cd /tmp/home-lab-config && sudo nixos-rebuild test --flake ."; + "rebuild-flake-boot" = "cd /tmp/home-lab-config && sudo nixos-rebuild boot --flake ."; # Container management "pods" = "podman ps -a"; @@ -102,11 +105,6 @@ "ports" = "ss -tulpn"; "connections" = "ss -tuln"; - # Git for infrastructure - "homelab" = "cd /home/geir/Home-lab"; - "homelab-status" = "cd /home/geir/Home-lab && git status"; - "homelab-pull" = "cd /home/geir/Home-lab && git pull"; - # Security "audit-users" = "cat /etc/passwd | grep -E '/bin/(bash|zsh|fish)'"; "audit-sudo" = "cat /etc/sudoers.d/*"; diff --git a/notes.md b/notes.md index 23831cb..1b925ad 100644 --- a/notes.md +++ b/notes.md @@ -1,3 +1,5 @@ # Notes to be use to write blog post -ssh sma@sleeper-service "cd /tmp/home-lab-config && sudo nixos-rebuild boot --flake .#sleeper-service" this seems like the best approach maye we should add a todo for making scripts or research deploy-rs \ No newline at end of file +deployment script: rsync -av --delete /home/geir/Home-lab/ sma@sleeper-service:/tmp/home-lab-config/ and ssh sma@sleeper-service "cd /tmp/home-lab-config && sudo nixos-rebuild boot --flake .#sleeper-service" + +like the best approach maye we should add a todo for making scripts or research deploy-rs \ No newline at end of file diff --git a/packages/default.nix b/packages/default.nix index f09c75a..0cdf5b9 100644 --- a/packages/default.nix +++ b/packages/default.nix @@ -3,8 +3,8 @@ { # Custom packages for Home-lab infrastructure - # Home-lab specific tools and utilities - home-lab-tools = pkgs.callPackage ./home-lab-tools.nix { }; + # Home-lab administration command-line tool + lab = pkgs.callPackage ./home-lab-tools.nix { }; # Re-export commonly used packages with custom configurations inherit (pkgs) diff --git a/packages/home-lab-tools.nix b/packages/home-lab-tools.nix index c310a4a..c2f2c89 100644 --- a/packages/home-lab-tools.nix +++ b/packages/home-lab-tools.nix @@ -1,38 +1,142 @@ -{ lib, stdenv, writeShellScriptBin, ... }: +{ lib, stdenv, writeShellScriptBin, rsync, openssh, ... }: -writeShellScriptBin "home-lab-tools" '' +writeShellScriptBin "lab" '' #!/usr/bin/env bash # Home-lab administration tools - # Placeholder for custom utilities and scripts + # Deploy and manage NixOS configurations across home lab infrastructure - case "$1" in - "status") - echo "Home-lab infrastructure status:" - echo " congenital-optimist: $(systemctl is-active tailscale || echo 'unknown')" - echo " sleeper-service: Checking connectivity..." - ;; - "backup") - echo "Initiating backup procedures..." - echo "This would trigger backup scripts across the infrastructure" - ;; - "monitor") - echo "System monitoring overview:" - echo "Use this space for custom monitoring commands" - ;; + set -euo pipefail + + # Configuration + HOMELAB_ROOT="/home/geir/Home-lab" + TEMP_CONFIG_DIR="/tmp/home-lab-config" + + # Color output + RED='\033[0;31m' + GREEN='\033[0;32m' + YELLOW='\033[1;33m' + BLUE='\033[0;34m' + NC='\033[0m' # No Color + + log() { + echo -e "''${BLUE}[lab]''${NC} $1" + } + + success() { + echo -e "''${GREEN}[lab]''${NC} $1" + } + + warn() { + echo -e "''${YELLOW}[lab]''${NC} $1" + } + + error() { + echo -e "''${RED}[lab]''${NC} $1" >&2 + } + + # Deployment function + deploy_machine() { + local machine="$1" + local mode="''${2:-boot}" # boot, test, or switch + + case "$machine" in + "sleeper-service") + local target_host="sma@sleeper-service" + ;; + "grey-area") + local target_host="sma@grey-area" + ;; + "reverse-proxy") + local target_host="sma@reverse-proxy" + ;; + *) + error "Unknown machine: $machine" + error "Available machines: sleeper-service, grey-area, reverse-proxy" + exit 1 + ;; + esac + + log "Deploying $machine (mode: $mode)" + + # Sync configuration to target machine + log "Syncing configuration to $target_host..." + if ! ${rsync}/bin/rsync -av --delete "$HOMELAB_ROOT/" "$target_host:$TEMP_CONFIG_DIR/"; then + error "Failed to sync configuration to $machine" + exit 1 + fi + + # Deploy the configuration + log "Running nixos-rebuild $mode on $machine..." + if ! ${openssh}/bin/ssh "$target_host" "cd $TEMP_CONFIG_DIR && sudo nixos-rebuild $mode --flake .#$machine"; then + error "Failed to deploy configuration to $machine" + exit 1 + fi + + success "Successfully deployed $machine" + } + + # Show deployment status + show_status() { + log "Home-lab infrastructure status:" + + # Check congenital-optimist (local) + if /run/current-system/sw/bin/systemctl is-active --quiet tailscaled; then + success " congenital-optimist: ✓ Online (local)" + else + warn " congenital-optimist: ⚠ Tailscale inactive" + fi + + # Check remote machines + for machine in sleeper-service grey-area reverse-proxy; do + if ${openssh}/bin/ssh -o ConnectTimeout=5 -o BatchMode=yes "sma@$machine" "echo OK" >/dev/null 2>&1; then + success " $machine: ✓ Online" + else + warn " $machine: ⚠ Unreachable" + fi + done + } + + # Main command handling + case "''${1:-}" in "deploy") - echo "Deploying configurations..." - echo "This would handle nixos-rebuild across machines" + if [[ $# -lt 2 ]]; then + error "Usage: lab deploy [mode]" + error "Machines: sleeper-service, grey-area, reverse-proxy" + error "Modes: boot (default), test, switch" + exit 1 + fi + + machine="$2" + mode="''${3:-boot}" + + if [[ ! "$mode" =~ ^(boot|test|switch)$ ]]; then + error "Invalid mode: $mode. Use boot, test, or switch" + exit 1 + fi + + deploy_machine "$machine" "$mode" ;; + + "status") + show_status + ;; + *) - echo "Home-lab Tools" - echo "Usage: $0 {status|backup|monitor|deploy}" + echo "Home-lab Management Tool" + echo "" + echo "Usage: lab [options]" echo "" echo "Available commands:" - echo " status - Check infrastructure status" - echo " backup - Run backup procedures" - echo " monitor - Show monitoring overview" - echo " deploy - Deploy configurations" + echo " deploy [mode] - Deploy configuration to a machine" + echo " Machines: sleeper-service, grey-area, reverse-proxy" + echo " Modes: boot (default), test, switch" + echo " status - Check infrastructure connectivity" + echo "" + echo "Examples:" + echo " lab deploy sleeper-service boot # Deploy and set for next boot" + echo " lab deploy grey-area switch # Deploy and switch immediately" + echo " lab status # Check all machines" ;; esac '' \ No newline at end of file