- Reorganized emacs configuration with profiles in modules/development/emacs.nix
- Updated machine configurations to use new emacs module structure
- Cleaned up lab-tool project by removing archive, research, testing, and utils directories
- Streamlined lab-tool to focus on core deployment functionality with deploy-rs
- Added DEVELOPMENT.md documentation for lab-tool
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add ITE8353 touchpad support with I2C HID modules
- Configure libinput for proper touchpad functionality
- Add udev rules for touchpad device permissions
- Simplify AMD GPU config to use open source drivers only
- Remove ROCm and 32-bit support for cleaner configuration
- Add diagnostic script for touchpad troubleshooting
- Create modules/services/seatd.nix for clean greetd/tuigreet login experience
- Add boot log suppression options to prevent systemd messages on login screen
- Configure kernel parameters and journald to minimize console noise
- Update both little-rascal and congenital-optimist to use new seatd module
- Ensure consistent login experience across all machines
- Maintain compatibility with existing lab tool (binary name: lab)
- Add sma user module to little-rascal configuration for passwordless deployment
- Replace cosmic-greeter with greetd on both congenital-optimist and little-rascal
- Implement staggered auto-update system that updates remote machines first
- Add proper SSH user configuration for secure deployments
- Fix deployment permission issues by configuring admin user access
- Ensure orchestrator machine (congenital-optimist) reboots last to prevent SSH disconnection
- Add comprehensive error handling and update reporting
- Successfully tested lab tool deployment and auto-update on all machines
Fixes the critical issue where orchestrator reboot could break SSH connections
during multi-machine updates.
## New Machine: little-rascal
- Add Lenovo Yoga Slim 7 14ARE05 configuration (AMD Ryzen 7 4700U)
- Niri desktop with CLI login (greetd + tuigreet)
- zram swap configuration (25% of RAM with zstd)
- AMD-optimized hardware support and power management
- Based on congenital-optimist structure with laptop-specific additions
## Lab Tool Auto-Update System
- Implement Guile Scheme auto-update module (lab/auto-update.scm)
- Add health checks, logging, and safety features
- Integrate with existing deployment and machine management
- Update main CLI with auto-update and auto-update-status commands
- Create NixOS service module for automated updates
- Document complete implementation in simple-auto-update-plan.md
## MCP Integration
- Configure Task Master AI and Context7 MCP servers
- Set up local Ollama integration for AI processing
- Add proper environment configuration for existing models
## Infrastructure Updates
- Add little-rascal to flake.nix with deploy-rs support
- Fix common user configuration issues
- Create missing emacs.nix module
- Update package integrations
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Change from 'set -euo pipefail' to 'set -uo pipefail' to avoid early exits
- Add proper error handling for all commands that might fail
- Wrap pw-dump, jq, and pw-cli commands with availability checks
- Add null checks and error suppression where appropriate
- Ensure script completes with success message
- Fix RNNoise filter detection and removal logic
- The script should now run completely without abrupt termination
- Fix RNNoise configuration: use mono instead of stereo, increase VAD threshold to 95%
- Adjust quantum settings: increase min-quantum to 64 for stability
- Add comprehensive voice distortion troubleshoot script
- Create optional disable-auto-rnnoise.nix for problematic setups
- The automatic RNNoise filter can cause artifacts, script helps diagnose and fix
- Remove services.udev.packages with alsa-utils (causing udev rules conflict)
- Keep services.pipewire.alsa.enable for ALSA compatibility
- Re-enable alsa-utils in system packages for testing utilities
- ALSA compatibility maintained through PipeWire, not udev rules
- Add modules/sound/pipewire.nix with full PipeWire stack
- Include RNNoise AI-powered noise suppression
- Add EasyEffects with pre-configured presets for mic and speakers
- Include multiple GUI applications (pavucontrol, helvum, qpwgraph, pwvucontrol)
- Add helper scripts: audio-setup, microphone-test, validate-audio
- Optimize for low-latency real-time audio processing
- Enable auto-start and desktop integration
- Remove duplicate PipeWire configs from hardware-co.nix and users/common.nix
- Import sound module through desktop/common.nix for all desktop machines
✅ Completed Tasks:
- Task 6: Successfully tested deploy-rs on all machines (grey-area, reverse-proxy, congenital-optimist)
- Task 7: Added deploy-rs status monitoring to lab tool
🔧 Infrastructure Improvements:
- Added sma user to local machine for consistent SSH access
- Created shared shell-aliases.nix module to eliminate conflicts
- Enhanced lab status command with deploy-rs deployment info
- Added generation tracking, build dates, and uptime monitoring
🚀 Deploy-rs Status:
- All 4 machines successfully tested with both dry-run and actual deployments
- Automatic rollback protection working correctly
- Health checks and magic rollback functioning properly
- Tailscale connectivity verified across all nodes
📊 New Status Features:
- lab status --deploy-rs: Shows deployment details
- lab status -v: Verbose SSH connection info
- lab status -vd: Combined verbose + deploy-rs info
- Real-time generation and system closure information
The hybrid deployment approach is now fully operational with modern safety features while maintaining legacy compatibility.
- Fix ollama module by removing invalid meta section
- Update grey-area ollama service configuration:
- Change host binding to 0.0.0.0 for external access
- Remove invalid rsyslog configuration
- Enable firewall access
- Add Open WebUI module with proper configuration:
- Integrate with Ollama API at localhost:11434
- Disable authentication for development
- Open firewall on port 8080
- Successful test build of grey-area configuration
MAJOR INTEGRATION: Complete implementation of Retrieval Augmented Generation (RAG) + Model Context Protocol (MCP) + Claude Task Master AI system for the NixOS home lab, creating an intelligent development environment with AI-powered fullstack web development assistance.
🏗️ ARCHITECTURE & CORE SERVICES:
• modules/services/rag-taskmaster.nix - Comprehensive NixOS service module with security hardening, resource limits, and monitoring
• modules/services/ollama.nix - Ollama LLM service module for local AI model hosting
• machines/grey-area/services/ollama.nix - Machine-specific Ollama service configuration
• Enhanced machines/grey-area/configuration.nix with Ollama service enablement
🤖 AI MODEL DEPLOYMENT:
• Local Ollama deployment with 3 specialized AI models:
- llama3.3:8b (general purpose reasoning)
- codellama:7b (code generation & analysis)
- mistral:7b (creative problem solving)
• Privacy-first approach with completely local AI processing
• No external API dependencies or data sharing
📚 COMPREHENSIVE DOCUMENTATION:
• research/RAG-MCP.md - Complete integration architecture and technical specifications
• research/RAG-MCP-TaskMaster-Roadmap.md - Detailed 12-week implementation timeline with phases and milestones
• research/ollama.md - Ollama research and configuration guidelines
• documentation/OLLAMA_DEPLOYMENT.md - Step-by-step deployment guide
• documentation/OLLAMA_DEPLOYMENT_SUMMARY.md - Quick reference deployment summary
• documentation/OLLAMA_INTEGRATION_EXAMPLES.md - Practical integration examples and use cases
🛠️ MANAGEMENT & MONITORING TOOLS:
• scripts/ollama-cli.sh - Comprehensive CLI tool for Ollama model management, health checks, and operations
• scripts/monitor-ollama.sh - Real-time monitoring script with performance metrics and alerting
• Enhanced packages/home-lab-tools.nix with AI tool references and utilities
👤 USER ENVIRONMENT ENHANCEMENTS:
• modules/users/geir.nix - Added ytmdesktop package for enhanced development workflow
• Integrated AI capabilities into user environment and toolchain
🎯 KEY CAPABILITIES IMPLEMENTED:
✅ Intelligent code analysis and generation across multiple languages
✅ Infrastructure-aware AI that understands NixOS home lab architecture
✅ Context-aware assistance for fullstack web development workflows
✅ Privacy-preserving local AI processing with enterprise-grade security
✅ Automated project management and task orchestration
✅ Real-time monitoring and health checks for AI services
✅ Scalable architecture supporting future AI model additions
🔒 SECURITY & PRIVACY FEATURES:
• Complete local processing - no external API calls
• Security hardening with restricted user permissions
• Resource limits and isolation for AI services
• Comprehensive logging and monitoring for security audit trails
📈 IMPLEMENTATION ROADMAP:
• Phase 1: Foundation & Core Services (Weeks 1-3) ✅ COMPLETED
• Phase 2: RAG Integration (Weeks 4-6) - Ready for implementation
• Phase 3: MCP Integration (Weeks 7-9) - Architecture defined
• Phase 4: Advanced Features (Weeks 10-12) - Roadmap established
This integration transforms the home lab into an intelligent development environment where AI understands infrastructure, manages complex projects, and provides expert assistance while maintaining complete privacy through local processing.
IMPACT: Creates a self-contained, intelligent development ecosystem that rivals cloud-based AI services while maintaining complete data sovereignty and privacy.
- Add NFSv4 ID mapping configuration using services.nfs.idmapd.settings
- Configure consistent domain 'home.lab' for ID mapping across all machines
- Update sleeper-service NFS server with proper security (root_squash, all_squash)
- Create reusable NFS client module (modules/services/nfs-client.nix)
- Deploy NFS client configuration to grey-area and congenital-optimist
- Maintain consistent media group GID (993) across all machines
- Support both local (10.0.0.0/24) and Tailscale (100.64.0.0/10) networks
- Test and verify NFS connectivity and ID mapping functionality
Resolves permission management issues and enables secure file sharing
across the home lab infrastructure.
- Remove /mnt/storage/media from systemd.tmpfiles.rules (it's a ZFS dataset mount point)
- Add ExecStartPost to set proper permissions on ZFS-mounted media directory
- Update NFS research documentation with ZFS integration best practices
- Add section explaining ZFS mount point vs tmpfiles.rules conflicts
This resolves the potential conflict where tmpfiles tries to create a directory
that ZFS wants to use as a mount point for the storage/media dataset.
- Create shared media-group.nix module with fixed GID (993)
- Add both geir and sma users to media group for shared NFS access
- Update NFS server configuration to use root:media ownership with 0775 permissions
- Convert all media services to use media group instead of users group:
- Jellyfin, Calibre-web, Audiobookshelf, Transmission
- Enable group write access to all NFS shares (/mnt/storage/*)
- Maintain security with root ownership while allowing group collaboration
This resolves NFS permission issues by providing consistent group-based access
control across all media services and storage directories.
- Consolidated 25+ common CLI tools into modules/common/base.nix
- Added modern rust-based tools (eza, bat, ripgrep, etc.) system-wide
- Removed duplicated packages from user and machine configs
- Added consistent shell aliases for modern CLI tools
- Fixed gpa alias to properly push to all remotes
- Removed duplicate git-push-all alias from geir.nix
- Added comprehensive documentation in CLI_TOOLS_CONSOLIDATION.md
Benefits:
- Single source of truth for common CLI tools
- Reduced duplication across 7+ configuration files
- Improved git workflow with flexible multi-remote pushing
- Better maintainability and consistency
- Create modules/network/extraHosts.nix with Tailscale IP mappings
- Replace hardcoded networking.extraHosts in all machine configs
- Add extraHosts module import to all machines
- Enable Tailscale service by default in the module
- Use Tailscale mesh network IPs for reliable connectivity
- Remove duplicate sma user definition from incus.nix module
- The sma user is properly defined in modules/users/sma.nix with incus-admin group
- This resolves the isNormalUser/isSystemUser assertion failure blocking congenital-optimist rebuild
- Clean up grey-area configuration and modularize services
- Update SSH keys with correct IP addresses for grey-area and reverse-proxy
- Removed system/ directory, merged applications into users/geir.nix
- Simplified fonts.nix to bare minimum (users can add more)
- Moved transmission.nix to sleeper-service/services/ (machine-specific)
- Organized grey-area services into services/ directory
- Updated import paths and tested all configurations
- Added research documentation for deploy-rs and GNU Stow
- Move network-congenital-optimist.nix to machines/congenital-optimist/
- Move network-sleeper-service.nix to machines/sleeper-service/
- Update import paths in machine configurations
- Clean up modules/network/common.nix to remove SSH duplication
- Consolidate SSH configuration in modules/security/ssh-keys.nix
- Remove machine-specific networking from shared common module
This improves dependency tracking by co-locating machine-specific
network configurations with their respective machines.
- Replace ext4 with ZFS pool 'filepool' for enhanced data integrity
- Add ZFS auto-scrub and TRIM services for file server
- Configure proper ZFS datasets: root, nix, var, storage
- Add networking hostId (a1b2c3d4) required for ZFS
- Update NFS and Transmission to use ZFS mount points
- Change file ownership to 'sma' user for server configuration
- Add comprehensive ZFS setup documentation
Ready for deployment with proper file server storage backend.
