# ๐Ÿ  NixOS Home Lab Infrastructure [![NixOS](https://img.shields.io/badge/NixOS-25.05-blue.svg)](https://nixos.org/) [![Flakes](https://img.shields.io/badge/Nix-Flakes-green.svg)](https://nixos.wiki/wiki/Flakes) [![License](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE) Infrastructure as Code for a multi-machine NixOS home lab environment using flakes and modular configuration. ## ๐Ÿš€ Quick Start ```bash # Clone the repository git clone Home-lab cd Home-lab # Check flake configuration nix flake check # Build configuration (test) sudo nixos-rebuild test --flake .#congenital-optimist # Apply configuration (permanent) sudo nixos-rebuild switch --flake .#congenital-optimist ``` ## ๐Ÿ—๏ธ Architecture Overview ### Machines - **`congenital-optimist`** - AMD Threadripper workstation (primary development) - **`sleeper-service`** - Intel Xeon E3-1230 V2 file server (network storage) ### Technology Stack - **OS**: NixOS 25.05 (Warbler) - **Configuration**: Nix Flakes with modular structure - **Virtualization**: Incus, Libvirt/QEMU, Podman - **Desktop**: GNOME, Cosmic, Sway - **Storage**: ZFS with snapshots and NFS - **Network**: Tailscale mesh networking ## ๐Ÿ“ Repository Structure ``` Home-lab/ โ”œโ”€โ”€ flake.nix # Main flake configuration โ”œโ”€โ”€ flake.lock # Locked dependency versions โ”œโ”€โ”€ machines/ # Machine-specific configurations โ”‚ โ”œโ”€โ”€ congenital-optimist/ # AMD workstation โ”‚ โ””โ”€โ”€ sleeper-service/ # Intel file server โ”œโ”€โ”€ modules/ # Reusable NixOS modules โ”‚ โ”œโ”€โ”€ common/ # Shared system configuration โ”‚ โ”œโ”€โ”€ desktop/ # Desktop environment modules โ”‚ โ”œโ”€โ”€ development/ # Development tools and editors โ”‚ โ”œโ”€โ”€ hardware/ # Hardware-specific configurations โ”‚ โ”œโ”€โ”€ services/ # Service configurations โ”‚ โ”œโ”€โ”€ system/ # Core system modules โ”‚ โ”œโ”€โ”€ users/ # User configurations โ”‚ โ””โ”€โ”€ virtualization/ # Container and VM setup โ”œโ”€โ”€ users/ # User-specific configurations โ”‚ โ””โ”€โ”€ geir/ # Primary user configuration โ”‚ โ”œโ”€โ”€ dotfiles/ # Literate configuration with org-mode โ”‚ โ””โ”€โ”€ user.nix # System-level user config โ”œโ”€โ”€ overlays/ # Nix package overlays โ”œโ”€โ”€ packages/ # Custom package definitions โ””โ”€โ”€ secrets/ # Encrypted secrets (future) ``` ## ๐Ÿ”ง Configuration Management ### Modular Design Each aspect of the system is organized into focused modules: - **Desktop Environments**: Separate modules for GNOME, Cosmic, and Sway - **Virtualization**: Independent Incus, Libvirt, and Podman configurations - **Development**: Modular tool configurations for different workflows - **Hardware**: Hardware-specific optimizations and drivers ### Literate Programming User configurations use Emacs org-mode for literate programming: - Self-documenting configuration files - Automatic tangling from `.org` to configuration files - Version-controlled documentation alongside code ## ๐Ÿš€ Deployment Workflow ### Local Development ```bash # Check configuration syntax nix flake check # Test configuration without switching sudo nixos-rebuild test --flake .# # Build configuration sudo nixos-rebuild build --flake .# # Apply configuration sudo nixos-rebuild switch --flake .# ``` ### GitOps Workflow 1. **Feature Branch**: Create branch for configuration changes 2. **Local Testing**: Test changes with `nixos-rebuild test` 3. **Pull Request**: Submit PR with configuration validation 4. **Automated Testing**: CI pipeline validates configuration 5. **Review & Merge**: Code review and merge to main 6. **Deployment**: Automated or manual deployment to machines ## ๐Ÿ” Security & Secrets ### Current Approach - No secrets in git repository - Manual secret management during initial setup - ZFS encryption for sensitive data ### Planned Improvements - **agenix** or **sops-nix** for encrypted secrets in git - **age** keys for secret encryption/decryption - **CI/CD** integration with secret management ## ๐ŸŽฏ Machine Specifications ### CongenitalOptimist (AMD Workstation) - **CPU**: AMD Threadripper (details in hardware-configuration.nix) - **GPU**: AMD (with proper drivers and virtualization passthrough) - **Storage**: ZFS pools (zpool + stuffpool) - **Use Case**: Primary development, virtualization, desktop environments - **Services**: Development tools, desktop environments, VM host ### SleeperService (Intel File Server) - **CPU**: Intel Xeon E3-1230 V2 @ 3.70GHz (4 cores, 8 threads) - **Memory**: 16GB RAM - **Storage**: ZFS with redundancy - **Use Case**: Network storage, file sharing, backup services - **Services**: NFS, Samba, automated backups, monitoring ## ๐Ÿงช Testing Strategy ### Automated Testing (Planned) - **Configuration Validation**: `nix flake check` in CI - **Build Testing**: Test builds for all machines - **Module Testing**: Individual module validation - **Integration Testing**: Full system build verification ### Manual Testing Checklist - [ ] System boots successfully - [ ] Desktop environments functional - [ ] Virtualization stack operational - [ ] Network services accessible - [ ] User environment complete - [ ] Development tools working ## ๐Ÿ“ˆ Monitoring & Maintenance ### Health Checks - System generation switching - Service status monitoring - ZFS pool health - Network connectivity - Resource utilization ### Backup Strategy - **ZFS Snapshots**: Automatic filesystem snapshots - **Configuration Backups**: Git repository with full history - **Data Backups**: Automated backup services on SleeperService - **Recovery Procedures**: Documented rollback processes ## ๐Ÿ”„ CI/CD Pipeline (Planned) ### Validation Pipeline ```yaml # Planned GitHub Actions workflow - Syntax Check: nix flake check - Build Test: nix build .#nixosConfigurations. - Security Scan: Nix security auditing - Documentation: Update system documentation ``` ### Deployment Pipeline ```yaml # Planned deployment automation - Staging: Deploy to test environment - Integration Tests: Automated system testing - Production: Deploy to production machines - Rollback: Automatic rollback on failure ``` ## ๐Ÿค Contributing ### Development Workflow 1. Fork/clone repository 2. Create feature branch 3. Make configuration changes 4. Test locally with `nixos-rebuild test` 5. Submit pull request 6. Address review feedback 7. Merge after approval ### Module Development Guidelines - Keep modules focused and single-purpose - Document module options and usage - Test modules independently when possible - Follow consistent naming conventions - Include example configurations ## ๐Ÿ“– Documentation - **[Plan](plan.md)**: Detailed migration and development plan - **[Instructions](instruction.md)**: Step-by-step setup instructions - **[Machine Documentation](machines/)**: Per-machine documentation - **[Module Documentation](modules/)**: Module-specific documentation - **[User Documentation](users/)**: User configuration documentation ## ๐ŸŽฏ Roadmap ### Phase 1: Flakes Migration โœ… - [x] Convert to flake-based configuration - [x] Modularize desktop environments - [x] Add comprehensive virtualization - [x] Set up GitOps foundation ### Phase 2: Configuration Cleanup - [ ] Optimize modular structure - [ ] Enhance documentation - [ ] Standardize module interfaces ### Phase 3: Multi-Machine Expansion - [ ] Add SleeperService configuration - [ ] Implement service modules - [ ] Set up network storage ### Phase 4: Automation & CI/CD - [ ] Implement automated testing - [ ] Set up deployment pipelines - [ ] Add monitoring and alerting ### Phase 5: Advanced Features - [ ] Secrets management - [ ] Advanced monitoring - [ ] Backup automation ## ๐Ÿ“„ License This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details. ## ๐Ÿ™ Acknowledgments - **NixOS Community** for excellent documentation and support - **Culture Ship Names** for inspiring machine nomenclature - **Emacs Community** for literate programming inspiration - **Home Lab Community** for sharing knowledge and experience --- *"The ship had decided to call itself the Arbitrary, presumably for much the same reason."*