From fff47629f22dc109cb67adb812101670bbb613ad Mon Sep 17 00:00:00 2001 From: Geir Okkenhaug Jerstad Date: Fri, 6 Jun 2025 18:01:26 +0200 Subject: [PATCH 1/2] small update moved some files to logical place --- machines/sleeper-service/networking.nix | 0 .../services => machines/sleeper-service}/nfs.nix | 0 .../services/SearXNG.nix | 0 notes.md | 8 ++++++-- plan.md | 15 ++++++++++++++- 5 files changed, 20 insertions(+), 3 deletions(-) delete mode 100644 machines/sleeper-service/networking.nix rename {modules/services => machines/sleeper-service}/nfs.nix (100%) rename machines/congenital-optimist/networking.nix => modules/services/SearXNG.nix (100%) diff --git a/machines/sleeper-service/networking.nix b/machines/sleeper-service/networking.nix deleted file mode 100644 index e69de29..0000000 diff --git a/modules/services/nfs.nix b/machines/sleeper-service/nfs.nix similarity index 100% rename from modules/services/nfs.nix rename to machines/sleeper-service/nfs.nix diff --git a/machines/congenital-optimist/networking.nix b/modules/services/SearXNG.nix similarity index 100% rename from machines/congenital-optimist/networking.nix rename to modules/services/SearXNG.nix diff --git a/notes.md b/notes.md index 1b925ad..934b0f6 100644 --- a/notes.md +++ b/notes.md @@ -1,5 +1,9 @@ # Notes to be use to write blog post -deployment script: rsync -av --delete /home/geir/Home-lab/ sma@sleeper-service:/tmp/home-lab-config/ and ssh sma@sleeper-service "cd /tmp/home-lab-config && sudo nixos-rebuild boot --flake .#sleeper-service" -like the best approach maye we should add a todo for making scripts or research deploy-rs \ No newline at end of file +- research deploy-rs + +# Expansion +## Hardware +- https://sipeed.com/nanocluster - ai cluster +- https://www.bee-link.com/products/beelink-me-mini-n150?variant=47599172845810 - upgrade nas/storage \ No newline at end of file diff --git a/plan.md b/plan.md index 20c1b10..10a7f5f 100644 --- a/plan.md +++ b/plan.md @@ -515,7 +515,20 @@ Home-lab/ - [ ] Configuration validation tests - [ ] Deployment automation - [ ] Monitoring and alerting -### 6.3 Writeup + +### 6.3 Advanced Deployment Strategies +- [ ] **Research deploy-rs**: Investigate deploy-rs as alternative to custom lab script + - Evaluate Rust-based deployment tool for NixOS flakes + - Compare features: parallel deployment, rollback capabilities, health checks + - Assess integration with existing SSH key management and Tailscale network + - Consider migration path from current rsync + SSH approach +- [ ] **Convert lab script to Guile Scheme**: Explore functional deployment scripting + - Research Guile Scheme for system administration scripting + - Evaluate benefits: better error handling, functional composition, extensibility + - Design modular deployment pipeline with Scheme + - Consider integration with GNU Guix deployment patterns + - Plan migration strategy from current shell script implementation +### 6.4 Writeup - [ ] Take all the knowledge we have amassed and make a blog post or a series of blog posts ### Phase 7: goin pro From e976b14d19c4cbedcc61eae7609900e89a98f989 Mon Sep 17 00:00:00 2001 From: Geir Okkenhaug Jerstad Date: Fri, 6 Jun 2025 18:08:45 +0200 Subject: [PATCH 2/2] refactor: Move network configurations to machine directories - Move network-congenital-optimist.nix to machines/congenital-optimist/ - Move network-sleeper-service.nix to machines/sleeper-service/ - Update import paths in machine configurations - Clean up modules/network/common.nix to remove SSH duplication - Consolidate SSH configuration in modules/security/ssh-keys.nix - Remove machine-specific networking from shared common module This improves dependency tracking by co-locating machine-specific network configurations with their respective machines. --- machines/congenital-optimist/configuration.nix | 2 +- .../network-congenital-optimist.nix | 2 +- machines/sleeper-service/configuration.nix | 4 ++-- .../sleeper-service}/network-sleeper-service.nix | 2 +- modules/network/common.nix | 16 ++++------------ modules/security/ssh-keys.nix | 3 +++ 6 files changed, 12 insertions(+), 17 deletions(-) rename {modules/network => machines/congenital-optimist}/network-congenital-optimist.nix (91%) rename {modules/network => machines/sleeper-service}/network-sleeper-service.nix (97%) diff --git a/machines/congenital-optimist/configuration.nix b/machines/congenital-optimist/configuration.nix index 8b2bc00..7f1b1d5 100644 --- a/machines/congenital-optimist/configuration.nix +++ b/machines/congenital-optimist/configuration.nix @@ -7,7 +7,7 @@ }: { imports = [ ./hardware-configuration.nix - ../../modules/network/network-congenital-optimist.nix + ./network-congenital-optimist.nix # Security modules ../../modules/security/ssh-keys.nix diff --git a/modules/network/network-congenital-optimist.nix b/machines/congenital-optimist/network-congenital-optimist.nix similarity index 91% rename from modules/network/network-congenital-optimist.nix rename to machines/congenital-optimist/network-congenital-optimist.nix index 83fb677..0d0e4cc 100644 --- a/modules/network/network-congenital-optimist.nix +++ b/machines/congenital-optimist/network-congenital-optimist.nix @@ -4,7 +4,7 @@ { imports = [ - ./common.nix + ../../modules/network/common.nix ]; # Machine-specific network configuration diff --git a/machines/sleeper-service/configuration.nix b/machines/sleeper-service/configuration.nix index 8ff1dcf..e52d3ee 100644 --- a/machines/sleeper-service/configuration.nix +++ b/machines/sleeper-service/configuration.nix @@ -4,9 +4,9 @@ # Security modules ../../modules/security/ssh-keys.nix # Network configuration - ../../modules/network/network-sleeper-service.nix + ./network-sleeper-service.nix # Services - ../../modules/services/nfs.nix + ./nfs.nix ../../modules/system/transmission.nix # User modules - server only needs sma user diff --git a/modules/network/network-sleeper-service.nix b/machines/sleeper-service/network-sleeper-service.nix similarity index 97% rename from modules/network/network-sleeper-service.nix rename to machines/sleeper-service/network-sleeper-service.nix index 9f3cb44..b441c0d 100644 --- a/modules/network/network-sleeper-service.nix +++ b/machines/sleeper-service/network-sleeper-service.nix @@ -4,7 +4,7 @@ { imports = [ - ./common.nix + ../../modules/network/common.nix ]; # Machine-specific network configuration diff --git a/modules/network/common.nix b/modules/network/common.nix index ccb21da..a50c853 100644 --- a/modules/network/common.nix +++ b/modules/network/common.nix @@ -1,5 +1,5 @@ # Common Network Configuration -# Shared networking settings across all machines +# Minimal shared networking settings across all machines { config, pkgs, ... }: { @@ -8,11 +8,10 @@ # Enable nftables by default for all machines nftables.enable = true; - # Common firewall settings + # Basic firewall settings (SSH handled by security/ssh-keys.nix) firewall = { enable = true; - # SSH is allowed by default on all machines - allowedTCPPorts = [ 22 ]; + # SSH port is configured in modules/security/ssh-keys.nix }; }; @@ -21,13 +20,6 @@ # Tailscale VPN for secure remote access tailscale.enable = true; - # SSH access with secure defaults - openssh = { - enable = true; - settings = { - PermitRootLogin = "no"; - PasswordAuthentication = false; - }; - }; + # Note: SSH configuration is handled by modules/security/ssh-keys.nix }; } \ No newline at end of file diff --git a/modules/security/ssh-keys.nix b/modules/security/ssh-keys.nix index 26f70d6..32668bd 100644 --- a/modules/security/ssh-keys.nix +++ b/modules/security/ssh-keys.nix @@ -3,6 +3,9 @@ { config, pkgs, lib, ... }: { + # Firewall configuration for SSH + networking.firewall.allowedTCPPorts = [ 22 ]; + # Global SSH daemon configuration services.openssh = { enable = true;