- Reorganized emacs configuration with profiles in modules/development/emacs.nix
- Updated machine configurations to use new emacs module structure
- Cleaned up lab-tool project by removing archive, research, testing, and utils directories
- Streamlined lab-tool to focus on core deployment functionality with deploy-rs
- Added DEVELOPMENT.md documentation for lab-tool
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Create modules/services/seatd.nix for clean greetd/tuigreet login experience
- Add boot log suppression options to prevent systemd messages on login screen
- Configure kernel parameters and journald to minimize console noise
- Update both little-rascal and congenital-optimist to use new seatd module
- Ensure consistent login experience across all machines
- Maintain compatibility with existing lab tool (binary name: lab)
- Add sma user module to little-rascal configuration for passwordless deployment
- Replace cosmic-greeter with greetd on both congenital-optimist and little-rascal
- Implement staggered auto-update system that updates remote machines first
- Add proper SSH user configuration for secure deployments
- Fix deployment permission issues by configuring admin user access
- Ensure orchestrator machine (congenital-optimist) reboots last to prevent SSH disconnection
- Add comprehensive error handling and update reporting
- Successfully tested lab tool deployment and auto-update on all machines
Fixes the critical issue where orchestrator reboot could break SSH connections
during multi-machine updates.
✅ Completed Tasks:
- Task 6: Successfully tested deploy-rs on all machines (grey-area, reverse-proxy, congenital-optimist)
- Task 7: Added deploy-rs status monitoring to lab tool
🔧 Infrastructure Improvements:
- Added sma user to local machine for consistent SSH access
- Created shared shell-aliases.nix module to eliminate conflicts
- Enhanced lab status command with deploy-rs deployment info
- Added generation tracking, build dates, and uptime monitoring
🚀 Deploy-rs Status:
- All 4 machines successfully tested with both dry-run and actual deployments
- Automatic rollback protection working correctly
- Health checks and magic rollback functioning properly
- Tailscale connectivity verified across all nodes
📊 New Status Features:
- lab status --deploy-rs: Shows deployment details
- lab status -v: Verbose SSH connection info
- lab status -vd: Combined verbose + deploy-rs info
- Real-time generation and system closure information
The hybrid deployment approach is now fully operational with modern safety features while maintaining legacy compatibility.
- Add NFSv4 ID mapping configuration using services.nfs.idmapd.settings
- Configure consistent domain 'home.lab' for ID mapping across all machines
- Update sleeper-service NFS server with proper security (root_squash, all_squash)
- Create reusable NFS client module (modules/services/nfs-client.nix)
- Deploy NFS client configuration to grey-area and congenital-optimist
- Maintain consistent media group GID (993) across all machines
- Support both local (10.0.0.0/24) and Tailscale (100.64.0.0/10) networks
- Test and verify NFS connectivity and ID mapping functionality
Resolves permission management issues and enables secure file sharing
across the home lab infrastructure.
- Create modules/network/extraHosts.nix with Tailscale IP mappings
- Replace hardcoded networking.extraHosts in all machine configs
- Add extraHosts module import to all machines
- Enable Tailscale service by default in the module
- Use Tailscale mesh network IPs for reliable connectivity
- Removed system/ directory, merged applications into users/geir.nix
- Simplified fonts.nix to bare minimum (users can add more)
- Moved transmission.nix to sleeper-service/services/ (machine-specific)
- Organized grey-area services into services/ directory
- Updated import paths and tested all configurations
- Added research documentation for deploy-rs and GNU Stow
- Move network-congenital-optimist.nix to machines/congenital-optimist/
- Move network-sleeper-service.nix to machines/sleeper-service/
- Update import paths in machine configurations
- Clean up modules/network/common.nix to remove SSH duplication
- Consolidate SSH configuration in modules/security/ssh-keys.nix
- Remove machine-specific networking from shared common module
This improves dependency tracking by co-locating machine-specific
network configurations with their respective machines.
- Add modules/security/ssh-keys.nix for centralized SSH key management
- Generate role-specific SSH keys with geir@geokkjer.eu email:
- Admin key (geir@geokkjer.eu-admin) for sma user server access
- Development key (geir@geokkjer.eu-dev) for geir user and git services
- Update SSH client config with role-based host patterns
- Configure users/geir.nix and users/sma.nix with appropriate key access
- Add SSH key setup to both machine configurations
- Create scripts/setup-ssh-keys.sh for key generation automation
- Update plan.md with completed SSH security implementation
Security benefits:
- Principle of least privilege (separate admin vs dev access)
- Limited blast radius if keys are compromised
- Clear usage patterns: ssh admin-sleeper vs ssh geir@sleeper-service.home
- Maintains compatibility with existing services during transition
- Remove leftover networking.nix files from machine directories
- ZFS configuration moved to machine-specific configuration where it belongs
- Network module now contains only networking-related configuration
- Improved separation of concerns between network and machine configs
- Move networking configs to modules/network/ directory
- Create network-<machine-name>.nix files for each machine
- Add common.nix for shared networking configuration
- Update import paths in machine configurations
- Reduce duplication by using common networking settings
Network modules:
- modules/network/common.nix: Shared settings (nftables, SSH, tailscale)
- modules/network/network-congenital-optimist.nix: Workstation specific
- modules/network/network-sleeper-service.nix: File server specific
- Add modular flake-based NixOS configuration
- Implement GitOps foundation with CI/CD pipeline
- Create comprehensive documentation and branching strategy
- Add modular desktop environments (GNOME, Cosmic, Sway)
- Configure virtualization stack (Incus, Libvirt, Podman)
- Set up development tools and hardware-specific modules
- Establish user configuration with literate programming support
This commit represents the completion of Phase 1: Flakes Migration
with modular configuration, virtualization, and GitOps foundation.
