geir/home-lab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

some small notes

Browse source
This commit is contained in:
Geir Okkenhaug Jerstad 2025-06-06 12:22:53 +02:00
parent 29de5db430
commit e69fd5856f
8 changed files with 152 additions and 274 deletions
Download patch file Download diff file Expand all files Collapse all files

233
.github/workflows/ci.yml vendored
View file

@ -1,233 +0,0 @@
name: 🏠 Home Lab CI/CD Pipeline
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main ]
schedule:
# Weekly dependency updates check
- cron: '0 0 * * 0'
env:
NIXPKGS_ALLOW_UNFREE: 1
jobs:
# Lint and validate flake configuration
validate:
name: 🔍 Validate Configuration
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@main
with:
extra-conf: |
experimental-features = nix-command flakes
accept-flake-config = true
- name: Setup Nix Magic Cache
uses: DeterminateSystems/magic-nix-cache-action@main
- name: Check flake syntax
run: nix flake check --all-systems
- name: Format check
run: |
nix fmt
git diff --exit-code
# Build configurations for all machines
build:
name: 🔨 Build Configurations
runs-on: ubuntu-latest
needs: validate
strategy:
matrix:
machine: [congenital-optimist, sleeper-service]
fail-fast: false
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@main
with:
extra-conf: |
experimental-features = nix-command flakes
accept-flake-config = true
- name: Setup Nix Magic Cache
uses: DeterminateSystems/magic-nix-cache-action@main
- name: Build ${{ matrix.machine }} configuration
run: |
nix build .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel
- name: Check configuration size
run: |
nix path-info -S .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel
# Security and dependency auditing
security:
name: 🔒 Security Audit
runs-on: ubuntu-latest
needs: validate
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@main
with:
extra-conf: |
experimental-features = nix-command flakes
accept-flake-config = true
- name: Setup Nix Magic Cache
uses: DeterminateSystems/magic-nix-cache-action@main
- name: Run security audit
run: |
echo "TODO: Implement security auditing"
# Future: nix-audit or similar security tools
# Check for known vulnerabilities in dependencies
- name: Check for secrets in repository
run: |
echo "Checking for accidentally committed secrets..."
if grep -r "PRIVATE KEY\|password\|secret" . --exclude-dir=.git --exclude="*.md" --exclude=".github"; then
echo "❌ Potential secrets found in repository"
exit 1
else
echo "✅ No obvious secrets found"
fi
# Documentation and module validation
documentation:
name: 📚 Documentation & Modules
runs-on: ubuntu-latest
needs: validate
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@main
with:
extra-conf: |
experimental-features = nix-command flakes
accept-flake-config = true
- name: Setup Nix Magic Cache
uses: DeterminateSystems/magic-nix-cache-action@main
- name: Validate module structure
run: |
echo "Validating module structure..."
# Check that all modules have proper structure
for module in modules/*/*.nix; do
echo "Checking $module"
nix eval --file "$module" || echo "Warning: $module may have syntax issues"
done
- name: Generate documentation
run: |
echo "TODO: Generate system documentation"
# Future: Automatically generate module documentation
# Update README with current system state
# Update flake.lock and test
update-dependencies:
name: 🔄 Update Dependencies
runs-on: ubuntu-latest
if: github.event_name == 'schedule'
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@main
with:
extra-conf: |
experimental-features = nix-command flakes
accept-flake-config = true
- name: Setup Nix Magic Cache
uses: DeterminateSystems/magic-nix-cache-action@main
- name: Update flake.lock
run: |
nix flake update
- name: Test updated dependencies
run: |
nix flake check
- name: Create Pull Request
uses: peter-evans/create-pull-request@v5
with:
token: ${{ secrets.GITHUB_TOKEN }}
commit-message: "🔄 Update flake.lock - Automated dependency update"
title: "Automated dependency update"
body: |
## 🔄 Automated Dependency Update
This PR updates the flake.lock file with the latest versions of all inputs.
### Changes
- Updated all flake inputs to latest versions
- Ran `nix flake check` to ensure compatibility
### Validation
- [x] Flake syntax validation passed
- [x] Build tests completed successfully
Please review and test locally before merging.
branch: automated/update-dependencies
delete-branch: true
# Deployment (for self-hosted runners on actual machines)
deploy:
name: 🚀 Deploy Configuration
runs-on: self-hosted
needs: [validate, build, security]
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
environment: production
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Deploy to machines
run: |
echo "TODO: Implement deployment strategy"
# Future: Implement actual deployment
# This would require self-hosted runners on each machine
# or remote deployment via SSH
echo "Would deploy to:"
echo "- congenital-optimist"
echo "- sleeper-service"
# Notification on completion
notify:
name: 📢 Notify Results
runs-on: ubuntu-latest
needs: [validate, build, security, documentation]
if: always()
steps:
- name: Notify status
run: |
echo "Pipeline completed"
echo "Validate: ${{ needs.validate.result }}"
echo "Build: ${{ needs.build.result }}"
echo "Security: ${{ needs.security.result }}"
echo "Documentation: ${{ needs.documentation.result }}"
# Future: Send notifications to Discord/Slack/Email
# if any jobs failed

4
machines/grey-area/nixos/configuration.nix
View file

@ -47,7 +47,7 @@
services.fwupd.enable = true;
# Networking
networking.hostName = "apps";
networking.hostName = "grey-area";
networking.networkmanager.enable = true;
# Set your time zone.
@ -92,6 +92,6 @@
networking.firewall.allowedTCPPorts = [ 22 19999 23231];
networking.firewall.allowedUDPPorts = [ 22 23231 ];
networking.nftables.enable = true;
system.stateVersion = "23.05";
system.stateVersion = "23.05"; # Do not change this, it maintains data compatibility.
}

9
modules/system/applications.nix
View file

@ -1,6 +1,13 @@
{ config, pkgs, ... }: {
{ config, pkgs, ... }:
let
# Import custom packages from the flake
homeLabPackages = import ../../packages { inherit pkgs; };
in {
# System applications and utilities
environment.systemPackages = with pkgs; [
# Home lab management tools
homeLabPackages.lab
# Terminal applications
kitty
terminator

2
modules/users/geir.nix
View file

@ -118,7 +118,7 @@
# Shell aliases
shellAliases = {
# Development workflow
"lab" = "z /home/geir/Home-lab";
"home-lab" = "z /home/geir/Home-lab";
"configs" = "z /home/geir/Home-lab/user_configs/geir";
"emacs-config" = "emacs /home/geir/Home-lab/user_configs/geir/emacs.org";

16
modules/users/sma.nix
View file

@ -83,10 +83,13 @@
# Admin-focused aliases
shellAliases = {
# System management
"rebuild" = "sudo nixos-rebuild switch --flake /home/geir/Home-lab";
"rebuild-test" = "sudo nixos-rebuild test --flake /home/geir/Home-lab";
"rebuild-boot" = "sudo nixos-rebuild boot --flake /home/geir/Home-lab";
# System management (use current system configuration)
"rebuild" = "sudo nixos-rebuild switch";
"rebuild-test" = "sudo nixos-rebuild test";
"rebuild-boot" = "sudo nixos-rebuild boot";
"rebuild-flake" = "cd /tmp/home-lab-config && sudo nixos-rebuild switch --flake .";
"rebuild-flake-test" = "cd /tmp/home-lab-config && sudo nixos-rebuild test --flake .";
"rebuild-flake-boot" = "cd /tmp/home-lab-config && sudo nixos-rebuild boot --flake .";
# Container management
"pods" = "podman ps -a";
@ -102,11 +105,6 @@
"ports" = "ss -tulpn";
"connections" = "ss -tuln";
# Git for infrastructure
"homelab" = "cd /home/geir/Home-lab";
"homelab-status" = "cd /home/geir/Home-lab && git status";
"homelab-pull" = "cd /home/geir/Home-lab && git pull";
# Security
"audit-users" = "cat /etc/passwd | grep -E '/bin/(bash|zsh|fish)'";
"audit-sudo" = "cat /etc/sudoers.d/*";

4
notes.md
View file

@ -1,3 +1,5 @@
# Notes to be use to write blog post
ssh sma@sleeper-service "cd /tmp/home-lab-config && sudo nixos-rebuild boot --flake .#sleeper-service" this seems like the best approach maye we should add a todo for making scripts or research deploy-rs
deployment script: rsync -av --delete /home/geir/Home-lab/ sma@sleeper-service:/tmp/home-lab-config/ and ssh sma@sleeper-service "cd /tmp/home-lab-config && sudo nixos-rebuild boot --flake .#sleeper-service"
like the best approach maye we should add a todo for making scripts or research deploy-rs

4
packages/default.nix
View file

@ -3,8 +3,8 @@
{
# Custom packages for Home-lab infrastructure
# Home-lab specific tools and utilities
home-lab-tools = pkgs.callPackage ./home-lab-tools.nix { };
# Home-lab administration command-line tool
lab = pkgs.callPackage ./home-lab-tools.nix { };
# Re-export commonly used packages with custom configurations
inherit (pkgs)

152
packages/home-lab-tools.nix
View file

@ -1,38 +1,142 @@
{ lib, stdenv, writeShellScriptBin, ... }:
{ lib, stdenv, writeShellScriptBin, rsync, openssh, ... }:
writeShellScriptBin "home-lab-tools" ''
writeShellScriptBin "lab" ''
#!/usr/bin/env bash
# Home-lab administration tools
# Placeholder for custom utilities and scripts
# Deploy and manage NixOS configurations across home lab infrastructure
case "$1" in
"status")
echo "Home-lab infrastructure status:"
echo " congenital-optimist: $(systemctl is-active tailscale || echo 'unknown')"
echo " sleeper-service: Checking connectivity..."
set -euo pipefail
# Configuration
HOMELAB_ROOT="/home/geir/Home-lab"
TEMP_CONFIG_DIR="/tmp/home-lab-config"
# Color output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
log() {
echo -e "''${BLUE}[lab]''${NC} $1"
}
success() {
echo -e "''${GREEN}[lab]''${NC} $1"
}
warn() {
echo -e "''${YELLOW}[lab]''${NC} $1"
}
error() {
echo -e "''${RED}[lab]''${NC} $1" >&2
}
# Deployment function
deploy_machine() {
local machine="$1"
local mode="''${2:-boot}" # boot, test, or switch
case "$machine" in
"sleeper-service")
local target_host="sma@sleeper-service"
;;
"backup")
echo "Initiating backup procedures..."
echo "This would trigger backup scripts across the infrastructure"
"grey-area")
local target_host="sma@grey-area"
;;
"monitor")
echo "System monitoring overview:"
echo "Use this space for custom monitoring commands"
;;
"deploy")
echo "Deploying configurations..."
echo "This would handle nixos-rebuild across machines"
"reverse-proxy")
local target_host="sma@reverse-proxy"
;;
*)
echo "Home-lab Tools"
echo "Usage: $0 {status|backup|monitor|deploy}"
error "Unknown machine: $machine"
error "Available machines: sleeper-service, grey-area, reverse-proxy"
exit 1
;;
esac
log "Deploying $machine (mode: $mode)"
# Sync configuration to target machine
log "Syncing configuration to $target_host..."
if ! ${rsync}/bin/rsync -av --delete "$HOMELAB_ROOT/" "$target_host:$TEMP_CONFIG_DIR/"; then
error "Failed to sync configuration to $machine"
exit 1
fi
# Deploy the configuration
log "Running nixos-rebuild $mode on $machine..."
if ! ${openssh}/bin/ssh "$target_host" "cd $TEMP_CONFIG_DIR && sudo nixos-rebuild $mode --flake .#$machine"; then
error "Failed to deploy configuration to $machine"
exit 1
fi
success "Successfully deployed $machine"
}
# Show deployment status
show_status() {
log "Home-lab infrastructure status:"
# Check congenital-optimist (local)
if /run/current-system/sw/bin/systemctl is-active --quiet tailscaled; then
success " congenital-optimist: Online (local)"
else
warn " congenital-optimist: Tailscale inactive"
fi
# Check remote machines
for machine in sleeper-service grey-area reverse-proxy; do
if ${openssh}/bin/ssh -o ConnectTimeout=5 -o BatchMode=yes "sma@$machine" "echo OK" >/dev/null 2>&1; then
success " $machine: Online"
else
warn " $machine: Unreachable"
fi
done
}
# Main command handling
case "''${1:-}" in
"deploy")
if [[ $# -lt 2 ]]; then
error "Usage: lab deploy <machine> [mode]"
error "Machines: sleeper-service, grey-area, reverse-proxy"
error "Modes: boot (default), test, switch"
exit 1
fi
machine="$2"
mode="''${3:-boot}"
if [[ ! "$mode" =~ ^(boot|test|switch)$ ]]; then
error "Invalid mode: $mode. Use boot, test, or switch"
exit 1
fi
deploy_machine "$machine" "$mode"
;;
"status")
show_status
;;
*)
echo "Home-lab Management Tool"
echo ""
echo "Usage: lab <command> [options]"
echo ""
echo "Available commands:"
echo " status - Check infrastructure status"
echo " backup - Run backup procedures"
echo " monitor - Show monitoring overview"
echo " deploy - Deploy configurations"
echo " deploy <machine> [mode] - Deploy configuration to a machine"
echo " Machines: sleeper-service, grey-area, reverse-proxy"
echo " Modes: boot (default), test, switch"
echo " status - Check infrastructure connectivity"
echo ""
echo "Examples:"
echo " lab deploy sleeper-service boot # Deploy and set for next boot"
echo " lab deploy grey-area switch # Deploy and switch immediately"
echo " lab status # Check all machines"
;;
esac
''