- Reorganized emacs configuration with profiles in modules/development/emacs.nix
- Updated machine configurations to use new emacs module structure
- Cleaned up lab-tool project by removing archive, research, testing, and utils directories
- Streamlined lab-tool to focus on core deployment functionality with deploy-rs
- Added DEVELOPMENT.md documentation for lab-tool
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Port 1337 appears to be blocked by VPS provider
- Port 2222 is more commonly allowed for SSH services
- Update both reverse-proxy and Forgejo configurations
- This should resolve the SSH timeout issues
- Consolidated 25+ common CLI tools into modules/common/base.nix
- Added modern rust-based tools (eza, bat, ripgrep, etc.) system-wide
- Removed duplicated packages from user and machine configs
- Added consistent shell aliases for modern CLI tools
- Fixed gpa alias to properly push to all remotes
- Removed duplicate git-push-all alias from geir.nix
- Added comprehensive documentation in CLI_TOOLS_CONSOLIDATION.md
Benefits:
- Single source of truth for common CLI tools
- Reduced duplication across 7+ configuration files
- Improved git workflow with flexible multi-remote pushing
- Better maintainability and consistency
- Update Forgejo service configuration on grey-area
- Refine reverse-proxy network configuration
- Add README_new.md with enhanced documentation structure
- Update instruction.md with latest workflow guidelines
- Enhance plan.md with additional deployment considerations
- Complete PR template restructuring for professional tone
These changes improve service reliability and documentation clarity
while maintaining infrastructure consistency across all machines.
- Create modules/network/extraHosts.nix with Tailscale IP mappings
- Replace hardcoded networking.extraHosts in all machine configs
- Add extraHosts module import to all machines
- Enable Tailscale service by default in the module
- Use Tailscale mesh network IPs for reliable connectivity
- Remove duplicate sma user definition from incus.nix module
- The sma user is properly defined in modules/users/sma.nix with incus-admin group
- This resolves the isNormalUser/isSystemUser assertion failure blocking congenital-optimist rebuild
- Clean up grey-area configuration and modularize services
- Update SSH keys with correct IP addresses for grey-area and reverse-proxy
- Add nginx stream configuration on reverse-proxy to forward port 2222 to apps:22
- Update firewall rules to allow port 2222 for Git SSH access
- Configure Forgejo to use SSH_PORT = 2222 for Git operations
- Add comprehensive SSH forwarding research documentation
- Enable Git operations via git@git.geokkjer.eu:2222
Phase 1 implementation using nginx stream module complete.
Ready for testing and potential Phase 2 migration to HAProxy.
- Removed system/ directory, merged applications into users/geir.nix
- Simplified fonts.nix to bare minimum (users can add more)
- Moved transmission.nix to sleeper-service/services/ (machine-specific)
- Organized grey-area services into services/ directory
- Updated import paths and tested all configurations
- Added research documentation for deploy-rs and GNU Stow
- Create reverse-proxy machine configuration for VPS edge server
- Configure SSH access only via Tailscale (100.96.189.104)
- Implement strict DMZ firewall rules (HTTP/HTTPS only externally)
- Add enhanced fail2ban settings for DMZ environment
- Include sma user with SSH key management
- Configure Nginx reverse proxy with Let's Encrypt SSL
- Add reverse-proxy to flake.nix nixosConfigurations
Security features:
- SSH only accessible through Tailscale interface
- Aggressive fail2ban settings (24h ban, 3 max retries)
- Firewall rejects all non-essential traffic
- No common network config to avoid security conflicts
- Create reverse-proxy machine configuration for VPS edge server
- Configure SSH access only via Tailscale (100.96.189.104)
- Implement strict DMZ firewall rules (HTTP/HTTPS only externally)
- Add enhanced fail2ban settings for DMZ environment
- Include sma user with SSH key management
- Configure Nginx reverse proxy with Let's Encrypt SSL
- Add reverse-proxy to flake.nix nixosConfigurations
Security features:
- SSH only accessible through Tailscale interface
- Aggressive fail2ban settings (24h ban, 3 max retries)
- Firewall rejects all non-essential traffic
- No common network config to avoid security conflicts
- Add reverse-proxy machine for SSL/TLS termination and external routing
- Add grey-area application server with Forgejo as primary service
- Create comprehensive About.org documentation for both machines
- Update plan.md with detailed infrastructure notes and service modules
New Infrastructure:
✅ reverse-proxy: Edge server with Nginx/Traefik, Let's Encrypt, security
✅ grey-area: Multi-purpose app server (Culture GCU name)
- Primary: Forgejo Git hosting and CI/CD
- Secondary: Jellyfin, Nextcloud, Grafana
- Container-focused architecture with PostgreSQL
Updated service modules planning:
- reverse-proxy.nix, forgejo.nix, media.nix, applications.nix
- Central Git hosting for all home lab development projects
- Complete CI/CD pipeline integration
Ready for NixOS configuration implementation in next phase.
