Commit graph

10 commits

Author SHA1 Message Date
Geir Okkenhaug Jerstad
2276dd59cd added starship to sma user 2025-06-11 09:21:19 +02:00
Geir Okkenhaug Jerstad
8884c42cf2 Consolidate CLI tools and fix git aliases
- Consolidated 25+ common CLI tools into modules/common/base.nix
- Added modern rust-based tools (eza, bat, ripgrep, etc.) system-wide
- Removed duplicated packages from user and machine configs
- Added consistent shell aliases for modern CLI tools
- Fixed gpa alias to properly push to all remotes
- Removed duplicate git-push-all alias from geir.nix
- Added comprehensive documentation in CLI_TOOLS_CONSOLIDATION.md

Benefits:
- Single source of truth for common CLI tools
- Reduced duplication across 7+ configuration files
- Improved git workflow with flexible multi-remote pushing
- Better maintainability and consistency
2025-06-08 09:28:10 +00:00
Geir Okkenhaug Jerstad
4a57978f45 fixed nfs 2025-06-07 16:33:34 +00:00
Geir Okkenhaug Jerstad
fa2b84cf65 fix: resolve sma user definition conflict between modules
- Remove duplicate sma user definition from incus.nix module
- The sma user is properly defined in modules/users/sma.nix with incus-admin group
- This resolves the isNormalUser/isSystemUser assertion failure blocking congenital-optimist rebuild
- Clean up grey-area configuration and modularize services
- Update SSH keys with correct IP addresses for grey-area and reverse-proxy
2025-06-07 16:58:22 +02:00
Geir Okkenhaug Jerstad
e69fd5856f some small notes 2025-06-06 12:22:53 +02:00
Geir Okkenhaug Jerstad
2530b918ca fix: resolve configuration conflicts
- Fixed networking defaultGateway interface specification for sleeper-service
- Resolved shell alias conflict between geir and sma users
- Changed sma aliases from 'lab' to 'homelab' to avoid conflict
2025-06-05 16:33:29 +02:00
Geir Okkenhaug Jerstad
6fe8cdb790 feat: add NFS server and Transmission service to sleeper-service
- Created modules/services/nfs.nix for network file sharing
- Updated sleeper-service configuration with NFS and Transmission
- Fixed SSH key management to use direct key configuration
- Updated hardware-configuration to use sleeper-service hostname
- Added firewall ports for Transmission RPC (9091)
2025-06-05 16:31:09 +02:00
Geir Okkenhaug Jerstad
77e6b9a501 feat: Implement two-key SSH management strategy
- Add modules/security/ssh-keys.nix for centralized SSH key management
- Generate role-specific SSH keys with geir@geokkjer.eu email:
  - Admin key (geir@geokkjer.eu-admin) for sma user server access
  - Development key (geir@geokkjer.eu-dev) for geir user and git services
- Update SSH client config with role-based host patterns
- Configure users/geir.nix and users/sma.nix with appropriate key access
- Add SSH key setup to both machine configurations
- Create scripts/setup-ssh-keys.sh for key generation automation
- Update plan.md with completed SSH security implementation

Security benefits:
- Principle of least privilege (separate admin vs dev access)
- Limited blast radius if keys are compromised
- Clear usage patterns: ssh admin-sleeper vs ssh geir@sleeper-service.home
- Maintains compatibility with existing services during transition
2025-06-05 16:25:33 +02:00
Geir Okkenhaug Jerstad
ec9efc5ca1 feat: create modular user configurations
Some checks are pending
🏠 Home Lab CI/CD Pipeline / 🔍 Validate Configuration (push) Waiting to run
🏠 Home Lab CI/CD Pipeline / 🔨 Build Configurations (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 🔒 Security Audit (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 📚 Documentation & Modules (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 🔄 Update Dependencies (push) Waiting to run
🏠 Home Lab CI/CD Pipeline / 🚀 Deploy Configuration (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 📢 Notify Results (push) Blocked by required conditions
∙
∙ User Accounts:
∙  geir - Primary user (development, desktop, multimedia)
∙  sma - Admin user (Diziet Sma, system administration)
∙  common.nix - Shared user settings and security
∙
∙ Key Features:
∙ 🔧 Culture character naming (sma = Diziet Sma, SC agent)
∙ 🔒 Security-focused admin account (SSH keys only, passwordless sudo)
∙ 🛠<fe0f> Development-focused primary user (containers, virtualization, creative tools)
∙ 📦 Modern CLI tools and shell enhancements
∙ 🎯 Role-based package selection and group memberships
∙
∙ Security Model:
∙ - SSH key authentication for admin users
∙ - Separate admin and daily-use accounts
∙ - Principle of least privilege
∙ - No root login allowed
∙
∙ Integration:
∙ - Container runtime access (podman, incus)
∙ - Virtualization management (libvirt, virt-manager)
∙ - Development workflow (git, editors, languages)
∙ - Desktop environments (GNOME, Cosmic, Sway)
∙
∙ Ready for machine-specific deployment across home lab infrastructure.
2025-06-04 16:56:22 +02:00
Geir Okkenhaug Jerstad
02fbaa761a feat: create modular user configurations
Some checks are pending
🏠 Home Lab CI/CD Pipeline / 🔍 Validate Configuration (push) Waiting to run
🏠 Home Lab CI/CD Pipeline / 🔨 Build Configurations (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 🔒 Security Audit (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 📚 Documentation & Modules (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 🔄 Update Dependencies (push) Waiting to run
🏠 Home Lab CI/CD Pipeline / 🚀 Deploy Configuration (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 📢 Notify Results (push) Blocked by required conditions
User Accounts:
 geir - Primary user (development, desktop, multimedia)
 sma - Admin user (Diziet Sma, system administration)
 common.nix - Shared user settings and security

Key Features:
🔧 Culture character naming (sma = Diziet Sma, SC agent)
🔒 Security-focused admin account (SSH keys only, passwordless sudo)
🛠️ Development-focused primary user (containers, virtualization, creative tools)
📦 Modern CLI tools and shell enhancements
🎯 Role-based package selection and group memberships

Security Model:
- SSH key authentication for admin users
- Separate admin and daily-use accounts
- Principle of least privilege
- No root login allowed

Integration:
- Container runtime access (podman, incus)
- Virtualization management (libvirt, virt-manager)
- Development workflow (git, editors, languages)
- Desktop environments (GNOME, Cosmic, Sway)

Ready for machine-specific deployment across home lab infrastructure.
2025-06-04 16:54:47 +02:00