feat: initial NixOS home lab infrastructure setup

- Add modular flake-based NixOS configuration
- Implement GitOps foundation with CI/CD pipeline
- Create comprehensive documentation and branching strategy
- Add modular desktop environments (GNOME, Cosmic, Sway)
- Configure virtualization stack (Incus, Libvirt, Podman)
- Set up development tools and hardware-specific modules
- Establish user configuration with literate programming support

This commit represents the completion of Phase 1: Flakes Migration
with modular configuration, virtualization, and GitOps foundation.
This commit is contained in:
Geir Okkenhaug Jerstad 2025-06-04 16:10:13 +02:00
commit f30013723e
43 changed files with 4220 additions and 0 deletions

View file

@ -0,0 +1,103 @@
#+TITLE: CongenitalOptimist Workstation
#+DESCRIPTION: AMD Threadripper 1920X based development workstation for Home-lab
#+AUTHOR: geir
#+DATE: 2024
* CongenitalOptimist: A GSV, for a machine you hope will always perform well.
** Hardware Specifications
- *CPU*: AMD Ryzen Threadripper 1920X @ 3.50GHz (12 cores, 24 threads)
- *GPU*: AMD Radeon RX Vega [Discrete]
- *RAM*: 64GB DDR4 (currently 28.85 GiB used / 62.68 GiB total)
- *Architecture*: x86_64
- *Platform*: AMD TR4 Socket
- *Form Factor*: High-End Desktop (HEDT)
** Role & Purpose
CongenitalOptimist serves as the primary development workstation and creative powerhouse for the Home-lab infrastructure. True to its Culture name, it approaches every computational challenge with unwavering optimism and substantial processing capability.
*** Primary Functions
- Software development and compilation
- Virtual machine hosting and testing
- Container orchestration and development
- Creative workloads (video editing, 3D rendering)
- Multi-desktop environment testing
*** Secondary Functions
- Network storage client (NFS from SleeperService)
- Build server for NixOS configurations
- Media consumption and streaming
- Gaming and entertainment
- System administration hub
** Software Configuration
- *OS*: NixOS 25.05
- *Hostname*: congenital-optimist
- *Desktop Environments*: GNOME, Cosmic, Sway
- *Shell*: Zsh with modern CLI tools
- *Editor Stack*: Emacs, Neovim, VSCode, Zed
- *Containerization*: Podman, Incus
- *Virtualization*: libvirt/KVM with virt-manager
** Network Configuration
- *Tailscale*: Enabled for secure remote access
- *NFS Client*: Mounts from SleeperService file server
- *SSH*: Enabled for remote development
- *Firewall*: NFTables with restrictive default rules
- *DNS*: Systemd-resolved with custom entries
** Storage Architecture
- *Root Filesystem*: ZFS (zpool/root)
- *Nix Store*: ZFS (zpool/nix)
- *User Data*: ZFS (zpool/home)
- *Variable Data*: ZFS (zpool/var)
- *Games*: ZFS (stuffpool/games)
- *VMs*: ZFS (stuffpool/virtual)
- *Network Storage*: NFS mount from SleeperService
** Development Environment
CongenitalOptimist embodies the Culture's optimistic approach to problem-solving. With 24 threads of Threadripper processing power and abundant memory, it tackles complex development tasks with confidence and capability.
*** Configured Development Tools
- Multiple language runtimes (Rust, Python, Go, Guile)
- Language servers for intelligent code completion
- Container development with Podman
- VM development with libvirt
- Git workflow with GitHub CLI integration
- AI-assisted development with GitHub Copilot
*** Desktop Experience
- GNOME: Full-featured desktop for productivity
- Cosmic: Modern System76 desktop experience
- Sway: Tiling window manager for focused development
- Consistent theming and font configuration
- Modern CLI tools (eza, bat, ripgrep, starship)
** Culture Context
Like its namesake GSV, CongenitalOptimist believes that with sufficient processing power and well-designed software, any problem can be solved. It maintains an optimistic outlook even during intensive compilation tasks or complex virtualization scenarios.
The Threadripper architecture mirrors the Culture's philosophy of abundant resources applied intelligently - why have 4 cores when you can have 24? Why settle for basic graphics when you can have Vega-class rendering?
** Operational Philosophy
- *Performance*: Leverage all 24 threads for parallel workloads
- *Reliability*: ZFS ensures data integrity and snapshot capabilities
- *Flexibility*: Multiple desktop environments for different tasks
- *Integration*: Seamless interaction with SleeperService file server
- *Optimization*: NixOS configuration management for reproducible setups
** Power Profile
- High-performance desktop configuration
- Always-on development environment
- Efficient resource utilization across cores
- Temperature monitoring for sustained workloads
- Balanced performance and power consumption
** Future Expansion
- Additional memory for larger virtual machine workloads
- NVMe storage expansion for local high-speed storage
- GPU compute acceleration for AI/ML workloads
- Network upgrade for faster SleeperService connectivity
- Multi-monitor setup expansion
* "The ship had been constructed to be a tool, to do a job of work; and the fact that it had been invested with intelligence had not changed the essence of what it was."
*- Iain M. Banks, describing the optimistic spirit that drives CongenitalOptimist*

View file

@ -0,0 +1,54 @@
{
config,
pkgs,
inputs,
unstable,
...
}: {
imports = [
./hardware-configuration.nix
# System modules
../../modules/system/fonts.nix
../../modules/system/network.nix
../../modules/system/applications.nix
# Hardware modules
../../modules/hardware/amd-workstation.nix
# Desktop environments
../../modules/desktop/common.nix
../../modules/desktop/gnome.nix
../../modules/desktop/cosmic.nix
../../modules/desktop/sway.nix
# Development tools
../../modules/development/tools.nix
# User configuration
../../modules/users/geir.nix
# Virtualization configuration
../../modules/virtualization/incus.nix
../../modules/virtualization/libvirt.nix
../../modules/virtualization/podman.nix
];
# Boot configuration
boot.loader.grub = {
enable = true;
zfsSupport = true;
efiSupport = true;
efiInstallAsRemovable = true;
mirroredBoots = [
{
devices = ["nodev"];
path = "/boot";
}
];
};
# Basic system configuration
nixpkgs.config.allowUnfree = true;
system.stateVersion = "23.11"; # DO NOT CHANGE - maintains data compatibility
}

View file

@ -0,0 +1,68 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "zpool/root";
fsType = "zfs";
};
fileSystems."/nix" =
{ device = "zpool/nix";
fsType = "zfs";
};
fileSystems."/var" =
{ device = "zpool/var";
fsType = "zfs";
};
fileSystems."/home" =
{ device = "zpool/home";
fsType = "zfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/257B-AB7E";
fsType = "vfat";
};
fileSystems."/home/geir/games" =
{ device = "stuffpool/games";
fsType = "zfs";
};
fileSystems."/home/geir/virtual" =
{ device = "stuffpool/virtual";
fsType = "zfs";
};
fileSystems."/mnt/storage/media" =
{ device = "files:/mnt/storage";
fsType = "nfs";
options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp6s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

View file

@ -0,0 +1,57 @@
#+TITLE: SleeperService File Server
#+DESCRIPTION: Intel Xeon E3-1230 V2 based file server for Home-lab network storage
#+AUTHOR: geir
#+DATE: 2025
* SleeperService: A massive GSV with a reputation for taking on unusual tasks.
** Hardware Specifications
- *CPU*: Intel Xeon E3-1230 V2 @ 3.70GHz (4 cores, 8 threads)
- *RAM*: 16GB DDR3
- *Architecture*: x86_64
- *Form Factor*: Server/Tower
- *Age*: Legacy hardware, proven reliability
** Role & Purpose
SleeperService serves as the primary network storage and file server for the Home-lab infrastructure. True to its Culture name, it quietly handles the essential but unglamorous tasks that keep the network running smoothly.
*** Primary Functions
- Network File System (NFS) server
- Centralized backup repository
- System monitoring and alerting hub
- Data redundancy and integrity management
*** Secondary Functions
- Log aggregation and analysis
- Network service monitoring
- Automated backup orchestration
** Network Configuration
- *Hostname*: sleeper-service
- *Domain*: home-lab.local
- *Tailscale*: Enabled for secure remote access
- *SSH*: Primary access method (headless operation)
- *Firewall*: Restrictive, service-specific ports only
** Storage Philosophy
SleeperService embodies the Culture principle of quiet competence. It doesn't need the latest hardware to excel at its mission - reliable, continuous service. The Xeon architecture provides ECC memory support and enterprise-grade reliability perfect for 24/7 file serving operations.
** Culture Context
Like its namesake GSV, SleeperService takes on the "unusual tasks" that other machines might find mundane. It's the dependable workhorse that ensures data is always available, backups are current, and the network storage needs of CongenitalOptimist and future machines are met without fanfare.
** Operational Notes
- Headless operation - no GUI required
- Designed for continuous uptime
- Energy efficient for 24/7 operation
- Minimal resource requirements for maximum stability
- Perfect for background services and automation
** Future Expansion
- Additional storage capacity as needed
- Container services for lightweight applications
- Monitoring dashboard hosting
- Potential media streaming services
- Network infrastructure services (DNS, DHCP)
* "The ship had been constructed over a hundred years before, and was generally reckoned to be slightly eccentric."
*- Iain M. Banks, describing vessels much like SleeperService*

View file

@ -0,0 +1,73 @@
{ config, pkgs, inputs, unstable, ... }: {
imports = [
./hardware-configuration.nix
];
# Boot configuration
boot.loader.grub = {
enable = true;
efiSupport = true;
efiInstallAsRemovable = true;
devices = [ "nodev" ];
};
# Network configuration
networking.hostName = "sleeper-service";
networking.networkmanager.enable = true;
services.tailscale.enable = true;
networking.firewall.enable = true;
# Time and locale
time.timeZone = "Europe/Oslo";
i18n.defaultLocale = "en_US.UTF-8";
# Console configuration
console = {
font = "Lat2-Terminus16";
keyMap = "no";
};
# Enable unfree packages
nixpkgs.config.allowUnfree = true;
# SSH access (headless server)
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
};
};
# Basic system packages
environment.systemPackages = with pkgs; [
wget
curl
git
htop
eza
bat
ripgrep
du-dust
fd
ncdu
tree
];
# Users
users.users.geir = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" ];
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
# Add SSH public keys here
];
};
programs.zsh.enable = true;
# Firewall configuration
networking.firewall.allowedTCPPorts = [ 22 ];
system.stateVersion = "25.05";
}

View file

@ -0,0 +1,37 @@
# Do not modify this file! It was generated by 'nixos-generate-config'
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/12345678-1234-1234-1234-123456789abc";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/ABCD-1234";
fsType = "vfat";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s25.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

View file

@ -0,0 +1,20 @@
{ config, pkgs, ... }:
{
services.transmission = {
enable = true;
user = "geir";
group = "users";
#home = "/mnt/storage/";
settings.rpc-port = 9091;
settings.rpc-bind-address = "0.0.0.0";
#openRPCPort = true;
downloadDirPermissions = "770";
settings = {
download-dir = "/mnt/storage";
#rpc-whitelist-enabled = true;
rpc-whitelist = "127.0.0.1,10.0.0.*,100.*.*.*";
rpc-host-whitelist = "idea,files,nixos-work,server1";
};
};
}