- Replace ext4 with ZFS pool 'filepool' for enhanced data integrity
- Add ZFS auto-scrub and TRIM services for file server
- Configure proper ZFS datasets: root, nix, var, storage
- Add networking hostId (a1b2c3d4) required for ZFS
- Update NFS and Transmission to use ZFS mount points
- Change file ownership to 'sma' user for server configuration
- Add comprehensive ZFS setup documentation
Ready for deployment with proper file server storage backend.
- Remove geir user module from sleeper-service configuration
- Servers should only use sma user to avoid pulling desktop packages
- Update instruction.md with user configuration strategy:
- Desktop machines: geir user (includes desktop packages)
- Server machines: sma user ONLY (minimal server config)
- This prevents servers from importing browsers and GUI applications
This change reduces server footprint and follows separation of concerns
between desktop workstations and headless servers.
- Disable Transmission service due to compilation errors in unstable
- Keep download directory creation for future re-enablement
- Remove Transmission firewall port (9091) from sleeper-service
- Focus on deploying NFS server functionality first
This allows sleeper-service deployment to proceed with NFS services
while Transmission package issues are resolved upstream.
- Created modules/services/nfs.nix for network file sharing
- Updated sleeper-service configuration with NFS and Transmission
- Fixed SSH key management to use direct key configuration
- Updated hardware-configuration to use sleeper-service hostname
- Added firewall ports for Transmission RPC (9091)
- Add modules/security/ssh-keys.nix for centralized SSH key management
- Generate role-specific SSH keys with geir@geokkjer.eu email:
- Admin key (geir@geokkjer.eu-admin) for sma user server access
- Development key (geir@geokkjer.eu-dev) for geir user and git services
- Update SSH client config with role-based host patterns
- Configure users/geir.nix and users/sma.nix with appropriate key access
- Add SSH key setup to both machine configurations
- Create scripts/setup-ssh-keys.sh for key generation automation
- Update plan.md with completed SSH security implementation
Security benefits:
- Principle of least privilege (separate admin vs dev access)
- Limited blast radius if keys are compromised
- Clear usage patterns: ssh admin-sleeper vs ssh geir@sleeper-service.home
- Maintains compatibility with existing services during transition
- Move networking configs to modules/network/ directory
- Create network-<machine-name>.nix files for each machine
- Add common.nix for shared networking configuration
- Update import paths in machine configurations
- Reduce duplication by using common networking settings
Network modules:
- modules/network/common.nix: Shared settings (nftables, SSH, tailscale)
- modules/network/network-congenital-optimist.nix: Workstation specific
- modules/network/network-sleeper-service.nix: File server specific
- Add modular flake-based NixOS configuration
- Implement GitOps foundation with CI/CD pipeline
- Create comprehensive documentation and branching strategy
- Add modular desktop environments (GNOME, Cosmic, Sway)
- Configure virtualization stack (Incus, Libvirt, Podman)
- Set up development tools and hardware-specific modules
- Establish user configuration with literate programming support
This commit represents the completion of Phase 1: Flakes Migration
with modular configuration, virtualization, and GitOps foundation.
