some small notes

2025-06-06 12:22:53 +02:00 · 2025-06-06 12:22:53 +02:00 · e69fd5856f
commit e69fd5856f
parent 29de5db430
8 changed files with 152 additions and 274 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -1,233 +0,0 @@
 name: 🏠 Home Lab CI/CD Pipeline
 on:
  push:
    branches: [ main, develop ]
  pull_request:
    branches: [ main ]
  schedule:
    # Weekly dependency updates check
    - cron: '0 0 * * 0'
 env:
  NIXPKGS_ALLOW_UNFREE: 1
 jobs:
  # Lint and validate flake configuration
  validate:
    name: 🔍 Validate Configuration
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@main
        with:
          extra-conf: |
            experimental-features = nix-command flakes
            accept-flake-config = true
      - name: Setup Nix Magic Cache
        uses: DeterminateSystems/magic-nix-cache-action@main
      - name: Check flake syntax
        run: nix flake check --all-systems
      - name: Format check
        run: |
          nix fmt
          git diff --exit-code
  # Build configurations for all machines
  build:
    name: 🔨 Build Configurations
    runs-on: ubuntu-latest
    needs: validate
    strategy:
      matrix:
        machine: [congenital-optimist, sleeper-service]
      fail-fast: false
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@main
        with:
          extra-conf: |
            experimental-features = nix-command flakes
            accept-flake-config = true
      - name: Setup Nix Magic Cache
        uses: DeterminateSystems/magic-nix-cache-action@main
      - name: Build ${{ matrix.machine }} configuration
        run: |
          nix build .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel
      - name: Check configuration size
        run: |
          nix path-info -S .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel
  # Security and dependency auditing
  security:
    name: 🔒 Security Audit
    runs-on: ubuntu-latest
    needs: validate
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@main
        with:
          extra-conf: |
            experimental-features = nix-command flakes
            accept-flake-config = true
      - name: Setup Nix Magic Cache
        uses: DeterminateSystems/magic-nix-cache-action@main
      - name: Run security audit
        run: |
          echo "TODO: Implement security auditing"
          # Future: nix-audit or similar security tools
          # Check for known vulnerabilities in dependencies
      - name: Check for secrets in repository
        run: |
          echo "Checking for accidentally committed secrets..."
          if grep -r "PRIVATE KEY\|password\|secret" . --exclude-dir=.git --exclude="*.md" --exclude=".github"; then
            echo "❌ Potential secrets found in repository"
            exit 1
          else
            echo "✅ No obvious secrets found"
          fi
  # Documentation and module validation
  documentation:
    name: 📚 Documentation & Modules
    runs-on: ubuntu-latest
    needs: validate
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@main
        with:
          extra-conf: |
            experimental-features = nix-command flakes
            accept-flake-config = true
      - name: Setup Nix Magic Cache
        uses: DeterminateSystems/magic-nix-cache-action@main
      - name: Validate module structure
        run: |
          echo "Validating module structure..."
          # Check that all modules have proper structure
          for module in modules/*/*.nix; do
            echo "Checking $module"
            nix eval --file "$module" || echo "Warning: $module may have syntax issues"
          done
      - name: Generate documentation
        run: |
          echo "TODO: Generate system documentation"
          # Future: Automatically generate module documentation
          # Update README with current system state
  # Update flake.lock and test
  update-dependencies:
    name: 🔄 Update Dependencies
    runs-on: ubuntu-latest
    if: github.event_name == 'schedule'
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@main
        with:
          extra-conf: |
            experimental-features = nix-command flakes
            accept-flake-config = true
      - name: Setup Nix Magic Cache
        uses: DeterminateSystems/magic-nix-cache-action@main
      - name: Update flake.lock
        run: |
          nix flake update
      - name: Test updated dependencies
        run: |
          nix flake check
      - name: Create Pull Request
        uses: peter-evans/create-pull-request@v5
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          commit-message: "🔄 Update flake.lock - Automated dependency update"
          title: "Automated dependency update"
          body: |
            ## 🔄 Automated Dependency Update
            This PR updates the flake.lock file with the latest versions of all inputs.
            ### Changes
            - Updated all flake inputs to latest versions
            - Ran `nix flake check` to ensure compatibility
            ### Validation
            - [x] Flake syntax validation passed
            - [x] Build tests completed successfully
            Please review and test locally before merging.
          branch: automated/update-dependencies
          delete-branch: true
  # Deployment (for self-hosted runners on actual machines)
  deploy:
    name: 🚀 Deploy Configuration
    runs-on: self-hosted
    needs: [validate, build, security]
    if: github.ref == 'refs/heads/main' && github.event_name == 'push'
    environment: production
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      - name: Deploy to machines
        run: |
          echo "TODO: Implement deployment strategy"
          # Future: Implement actual deployment
          # This would require self-hosted runners on each machine
          # or remote deployment via SSH
          echo "Would deploy to:"
          echo "- congenital-optimist"
          echo "- sleeper-service"
  # Notification on completion
  notify:
    name: 📢 Notify Results
    runs-on: ubuntu-latest
    needs: [validate, build, security, documentation]
    if: always()
    steps:
      - name: Notify status
        run: |
          echo "Pipeline completed"
          echo "Validate: ${{ needs.validate.result }}"
          echo "Build: ${{ needs.build.result }}"
          echo "Security: ${{ needs.security.result }}"
          echo "Documentation: ${{ needs.documentation.result }}"
          # Future: Send notifications to Discord/Slack/Email
          # if any jobs failed
--- a/machines/grey-area/nixos/configuration.nix
+++ b/machines/grey-area/nixos/configuration.nix
@ -47,7 +47,7 @@
  services.fwupd.enable = true;
  # Networking
-  networking.hostName = "apps"; 
+  networking.hostName = "grey-area"; 
  networking.networkmanager.enable = true;  
  # Set your time zone.
@ -92,6 +92,6 @@
  networking.firewall.allowedTCPPorts = [ 22 19999 23231];
  networking.firewall.allowedUDPPorts = [ 22 23231 ];
  networking.nftables.enable = true;
-  system.stateVersion = "23.05"; 
+  system.stateVersion = "23.05"; # Do not change this, it maintains data compatibility.
 }
--- a/modules/system/applications.nix
+++ b/modules/system/applications.nix
@ -1,6 +1,13 @@
-{ config, pkgs, ... }: {
+{ config, pkgs, ... }: 
 let
  # Import custom packages from the flake
  homeLabPackages = import ../../packages { inherit pkgs; };
 in {
  # System applications and utilities
  environment.systemPackages = with pkgs; [
    # Home lab management tools
    homeLabPackages.lab
    # Terminal applications
    kitty
    terminator
--- a/modules/users/geir.nix
+++ b/modules/users/geir.nix
@ -118,7 +118,7 @@
    # Shell aliases
    shellAliases = {
      # Development workflow
-      "lab" = "z /home/geir/Home-lab";
+      "home-lab" = "z /home/geir/Home-lab";
      "configs" = "z /home/geir/Home-lab/user_configs/geir";
      "emacs-config" = "emacs /home/geir/Home-lab/user_configs/geir/emacs.org";
--- a/modules/users/sma.nix
+++ b/modules/users/sma.nix
@ -83,10 +83,13 @@
    # Admin-focused aliases
    shellAliases = {
-      # System management
+      # System management (use current system configuration)
-      "rebuild" = "sudo nixos-rebuild switch --flake /home/geir/Home-lab";
+      "rebuild" = "sudo nixos-rebuild switch";
-      "rebuild-test" = "sudo nixos-rebuild test --flake /home/geir/Home-lab";
+      "rebuild-test" = "sudo nixos-rebuild test";
-      "rebuild-boot" = "sudo nixos-rebuild boot --flake /home/geir/Home-lab";
+      "rebuild-boot" = "sudo nixos-rebuild boot";
      "rebuild-flake" = "cd /tmp/home-lab-config && sudo nixos-rebuild switch --flake .";
      "rebuild-flake-test" = "cd /tmp/home-lab-config && sudo nixos-rebuild test --flake .";
      "rebuild-flake-boot" = "cd /tmp/home-lab-config && sudo nixos-rebuild boot --flake .";
      # Container management
      "pods" = "podman ps -a";
@ -102,11 +105,6 @@
      "ports" = "ss -tulpn";
      "connections" = "ss -tuln";
      # Git for infrastructure
      "homelab" = "cd /home/geir/Home-lab";
      "homelab-status" = "cd /home/geir/Home-lab && git status";
      "homelab-pull" = "cd /home/geir/Home-lab && git pull";
      # Security
      "audit-users" = "cat /etc/passwd | grep -E '/bin/(bash|zsh|fish)'";
      "audit-sudo" = "cat /etc/sudoers.d/*";
--- a/notes.md
+++ b/notes.md
@ -1,3 +1,5 @@
 # Notes to be use to write blog post 
-ssh sma@sleeper-service "cd /tmp/home-lab-config && sudo nixos-rebuild boot --flake .#sleeper-service" this seems like the best approach maye we should add a todo for making scripts or research deploy-rs
+deployment script: rsync -av --delete /home/geir/Home-lab/ sma@sleeper-service:/tmp/home-lab-config/ and ssh sma@sleeper-service "cd /tmp/home-lab-config && sudo nixos-rebuild boot --flake .#sleeper-service"
 like the best approach maye we should add a todo for making scripts or research deploy-rs
--- a/packages/default.nix
+++ b/packages/default.nix
@ -3,8 +3,8 @@
 {
  # Custom packages for Home-lab infrastructure
-  # Home-lab specific tools and utilities
+  # Home-lab administration command-line tool
-  home-lab-tools = pkgs.callPackage ./home-lab-tools.nix { };
+  lab = pkgs.callPackage ./home-lab-tools.nix { };
  # Re-export commonly used packages with custom configurations
  inherit (pkgs)
--- a/packages/home-lab-tools.nix
+++ b/packages/home-lab-tools.nix
@ -1,38 +1,142 @@
-{ lib, stdenv, writeShellScriptBin, ... }:
+{ lib, stdenv, writeShellScriptBin, rsync, openssh, ... }:
-writeShellScriptBin "home-lab-tools" ''
+writeShellScriptBin "lab" ''
  #!/usr/bin/env bash
  # Home-lab administration tools
-  # Placeholder for custom utilities and scripts
+  # Deploy and manage NixOS configurations across home lab infrastructure
-  case "$1" in
+  set -euo pipefail
-    "status")
+  
-      echo "Home-lab infrastructure status:"
+  # Configuration
-      echo "  congenital-optimist: $(systemctl is-active tailscale || echo 'unknown')"
+  HOMELAB_ROOT="/home/geir/Home-lab"
-      echo "  sleeper-service: Checking connectivity..."
+  TEMP_CONFIG_DIR="/tmp/home-lab-config"
-      ;;
+  
-    "backup")
+  # Color output
-      echo "Initiating backup procedures..."
+  RED='\033[0;31m'
-      echo "This would trigger backup scripts across the infrastructure"
+  GREEN='\033[0;32m'
-      ;;
+  YELLOW='\033[1;33m'
-    "monitor")
+  BLUE='\033[0;34m'
-      echo "System monitoring overview:"
+  NC='\033[0m' # No Color
-      echo "Use this space for custom monitoring commands"
+  
-      ;;
+  log() {
    echo -e "''${BLUE}[lab]''${NC} $1"
  }
  success() {
    echo -e "''${GREEN}[lab]''${NC} $1"
  }
  warn() {
    echo -e "''${YELLOW}[lab]''${NC} $1"
  }
  error() {
    echo -e "''${RED}[lab]''${NC} $1" >&2
  }
  # Deployment function
  deploy_machine() {
    local machine="$1"
    local mode="''${2:-boot}"  # boot, test, or switch
    case "$machine" in
      "sleeper-service")
        local target_host="sma@sleeper-service"
        ;;
      "grey-area")
        local target_host="sma@grey-area"
        ;;
      "reverse-proxy")
        local target_host="sma@reverse-proxy"
        ;;
      *)
        error "Unknown machine: $machine"
        error "Available machines: sleeper-service, grey-area, reverse-proxy"
        exit 1
        ;;
    esac
    log "Deploying $machine (mode: $mode)"
    # Sync configuration to target machine
    log "Syncing configuration to $target_host..."
    if ! ${rsync}/bin/rsync -av --delete "$HOMELAB_ROOT/" "$target_host:$TEMP_CONFIG_DIR/"; then
      error "Failed to sync configuration to $machine"
      exit 1
    fi
    # Deploy the configuration
    log "Running nixos-rebuild $mode on $machine..."
    if ! ${openssh}/bin/ssh "$target_host" "cd $TEMP_CONFIG_DIR && sudo nixos-rebuild $mode --flake .#$machine"; then
      error "Failed to deploy configuration to $machine"
      exit 1
    fi
    success "Successfully deployed $machine"
  }
  # Show deployment status
  show_status() {
    log "Home-lab infrastructure status:"
    # Check congenital-optimist (local)
    if /run/current-system/sw/bin/systemctl is-active --quiet tailscaled; then
      success "  congenital-optimist: ✓ Online (local)"
    else
      warn "  congenital-optimist: ⚠ Tailscale inactive"
    fi
    # Check remote machines
    for machine in sleeper-service grey-area reverse-proxy; do
      if ${openssh}/bin/ssh -o ConnectTimeout=5 -o BatchMode=yes "sma@$machine" "echo OK" >/dev/null 2>&1; then
        success "  $machine: ✓ Online"
      else
        warn "  $machine: ⚠ Unreachable"
      fi
    done
  }
  # Main command handling
  case "''${1:-}" in
    "deploy")
-      echo "Deploying configurations..."
+      if [[ $# -lt 2 ]]; then
-      echo "This would handle nixos-rebuild across machines"
+        error "Usage: lab deploy <machine> [mode]"
        error "Machines: sleeper-service, grey-area, reverse-proxy"
        error "Modes: boot (default), test, switch"
        exit 1
      fi
      machine="$2"
      mode="''${3:-boot}"
      if [[ ! "$mode" =~ ^(boot|test|switch)$ ]]; then
        error "Invalid mode: $mode. Use boot, test, or switch"
        exit 1
      fi
      deploy_machine "$machine" "$mode"
      ;;
    "status")
      show_status
      ;;
    *)
-      echo "Home-lab Tools"
+      echo "Home-lab Management Tool"
-      echo "Usage: $0 {status|backup|monitor|deploy}"
+      echo ""
      echo "Usage: lab <command> [options]"
      echo ""
      echo "Available commands:"
-      echo "  status  - Check infrastructure status"
+      echo "  deploy <machine> [mode]  - Deploy configuration to a machine"
-      echo "  backup  - Run backup procedures"
+      echo "                            Machines: sleeper-service, grey-area, reverse-proxy"  
-      echo "  monitor - Show monitoring overview"
+      echo "                            Modes: boot (default), test, switch"
-      echo "  deploy  - Deploy configurations"
+      echo "  status                   - Check infrastructure connectivity"
      echo ""
      echo "Examples:"
      echo "  lab deploy sleeper-service boot    # Deploy and set for next boot"
      echo "  lab deploy grey-area switch        # Deploy and switch immediately"
      echo "  lab status                         # Check all machines"
      ;;
  esac
 ''