geir/home-lab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
123 commits 1 branch 0 tags 2.6 MiB
Find a file
Geir Okkenhaug Jerstad 1ad4663e6e created dsahboard project vue3 empty for now
2025-06-24 09:22:45 +02:00
.cursor/rules fix: resolve Taskmaster AI MCP integration with local Ollama models 2025-06-18 16:16:27 +02:00
.github/PULL_REQUEST_TEMPLATE feat: infrastructure updates and documentation improvements 2025-06-07 17:45:47 +00:00
.roo worked on raskmaster integration with ollama 2025-06-14 16:40:07 +02:00
.taskmaster fix: resolve Taskmaster AI MCP integration with local Ollama models 2025-06-18 16:16:27 +02:00
assets feat: add NixOS logo to README and assets 2025-06-08 08:29:39 +00:00
documentation feat: Complete Ollama CPU optimization and TaskMaster consolidation 2025-06-18 14:22:08 +02:00
dotfiles some work on sound anf noise suppression and research into netdata 2025-06-19 21:15:24 +02:00
machines Add comprehensive PipeWire audio configuration with noise suppression 2025-06-18 20:57:39 +02:00
modules added aider-chat for testing 2025-06-21 13:19:22 +02:00
overlays feat: Complete Ollama CPU optimization for TaskMaster AI 2025-06-18 13:08:24 +02:00
packages created dsahboard project vue3 empty for now 2025-06-24 09:22:45 +02:00
research some research and loose thoughts 2025-06-20 15:32:34 +02:00
scripts feat: Complete Ollama CPU optimization for TaskMaster AI 2025-06-18 13:08:24 +02:00
.aider.conf.yml before 2025-06-24 09:19:33 +02:00
.env.example worked on raskmaster integration with ollama 2025-06-14 16:40:07 +02:00
.env.taskmaster fix: resolve Taskmaster AI MCP integration with local Ollama models 2025-06-18 16:16:27 +02:00
.gitignore before 2025-06-24 09:19:33 +02:00
.gitmessage docs: update templates and documentation to professional tone 2025-06-07 17:39:39 +00:00
.roomodes worked on raskmaster integration with ollama 2025-06-14 16:40:07 +02:00
.windsurfrules feat: Complete Ollama CPU optimization and TaskMaster consolidation 2025-06-18 14:22:08 +02:00
CONVENTIONS.md before 2025-06-24 09:19:33 +02:00
flake.lock before 2025-06-24 09:19:33 +02:00
flake.nix feat: Complete deploy-rs integration project (90% complete) 2025-06-15 20:55:32 +02:00
instruction.md grokking simplicity and refactoring 2025-06-16 13:43:21 +02:00
LICENSE feat: initial NixOS home lab infrastructure setup 2025-06-04 16:10:13 +02:00
names.md feat: initial NixOS home lab infrastructure setup 2025-06-04 16:10:13 +02:00
notes.md small update moved some files to logical place 2025-06-06 18:01:26 +02:00
plan.md feat: infrastructure updates and documentation improvements 2025-06-07 17:45:47 +00:00
README.md feat: Complete migration to GNU Guile Scheme with MCP integration 2025-06-15 22:17:47 +02:00

README.md

NixOS Logo

NixOS Home Lab Infrastructure

NixOS Flakes License

Modular NixOS flake configuration for multi-machine home lab infrastructure. Features declarative system configuration, centralized user management, and scalable service deployment across development workstations and server infrastructure.

Vibe DevSecOpsing with claude-sonnet 4 and github-copilot

A project about handling pets. If you want to handle sheep, look elsewhere :-)

Quick Start

# Clone repository
git clone <repository-url> Home-lab
cd Home-lab

# Validate configuration
nix flake check

# Test configuration (temporary, reverts on reboot)
sudo nixos-rebuild test --flake .#<machine-name>

# Apply configuration permanently  
sudo nixos-rebuild switch --flake .#<machine-name>

Architecture Overview

Machine Types

  • Development Workstation - High-performance development environment with desktop environments
  • File Server - ZFS storage with NFS services and media management
  • Application Server - Containerized services (Git hosting, media server, web applications)
  • Reverse Proxy - External gateway with SSL termination and service routing

Technology Stack

  • Base OS: NixOSNixOS 25.05 with Nix Flakes
  • Configuration: Modular, declarative system configuration
  • Virtualization: Incus containers, Libvirt/QEMU VMs, Podman containers
  • Desktop: GNOME, Cosmic, Sway window managers
  • Storage: ZFS with snapshots, automated mounting, NFS network storage
  • Network: Tailscale mesh VPN with centralized hostname resolution

Project Structure

Modular configuration organized for scalability and maintainability:

Home-lab/
├── flake.nix              # Main flake configuration
├── flake.lock             # Dependency lock file
├── machines/              # Machine-specific configurations
│   ├── workstation/       # Development machine config
│   ├── file-server/       # NFS storage server
│   ├── app-server/        # Containerized services
│   └── reverse-proxy/     # External gateway
├── modules/               # Reusable NixOS modules
│   ├── common/           # Base system configuration
│   ├── desktop/          # Desktop environment modules
│   ├── development/      # Development tools
│   ├── services/         # Service configurations
│   ├── users/            # User management
│   └── virtualization/   # Container and VM setup
├── packages/             # Custom packages and tools
└── research/             # Documentation and analysis

Configuration Philosophy

NixOS

Modular Design

  • Single Responsibility: Each module handles one aspect of system configuration
  • Composable: Modules can be mixed and matched per machine requirements
  • Testable: Individual modules can be validated independently
  • Documented: Clear documentation for module purpose and configuration

User Management Strategy

  • Role-based Users: Separate users for desktop vs server administration
  • Centralized Configuration: Consistent user setup across all machines
  • Security Focus: SSH key management and privilege separation
  • Literate Dotfiles: Org-mode documentation for complex configurations

Network Architecture

  • Mesh VPN: Tailscale for secure inter-machine communication
  • Service Discovery: Centralized hostname resolution
  • Firewall Management: Service-specific port configuration
  • External Access: Reverse proxy with SSL termination

Development Workflow

Local Testing

# Validate configuration syntax
nix flake check

# Build without applying changes
nix build .#nixosConfigurations.<machine>.config.system.build.toplevel

# Test configuration (temporary)
sudo nixos-rebuild test --flake .#<machine>

# Apply configuration permanently
sudo nixos-rebuild switch --flake .#<machine>

Git Workflow

  1. Feature Branch: Create branch for configuration changes
  2. Local Testing: Validate changes with nixos-rebuild test
  3. Pull Request: Submit changes for review
  4. Deploy: Apply configuration to target machines

Remote Deployment

  • SSH-based: Remote deployment via secure shell
  • Atomic Updates: Complete success or automatic rollback
  • Health Checks: Service validation after deployment
  • Centralized Management: Single repository for all infrastructure

Service Architecture

Core Services

  • Git Hosting: Self-hosted Git with CI/CD capabilities
  • Media Server: Streaming with transcoding support
  • File Storage: NFS network storage with ZFS snapshots
  • Web Gateway: Reverse proxy with SSL and external access
  • Container Platform: Podman for containerized applications

Service Discovery

  • Internal DNS: Tailscale for mesh network resolution
  • External DNS: Public domain with SSL certificates
  • Service Mesh: Inter-service communication via secure network
  • Load Balancing: Traffic distribution and failover

Data Management

  • ZFS Storage: Copy-on-write filesystem with snapshots
  • Network Shares: NFS for cross-machine file access
  • Backup Strategy: Automated snapshots and external backup
  • Data Integrity: Checksums and redundancy

Security Model

Network Security

  • VPN Mesh: All inter-machine traffic via Tailscale
  • Firewall Rules: Service-specific port restrictions
  • SSH Hardening: Key-based authentication only
  • Fail2ban: Automated intrusion prevention

User Security

  • Role Separation: Administrative vs daily-use accounts
  • Key Management: Centralized SSH key distribution
  • Privilege Escalation: Sudo access only where needed
  • Service Accounts: Dedicated accounts for automated services

Infrastructure Security

  • Configuration as Code: All changes tracked in version control
  • Atomic Deployments: Rollback capability for failed changes
  • Secret Management: Encrypted secrets with controlled access
  • Security Updates: Regular dependency updates

Testing Strategy

Automated Testing

  • Syntax Validation: Nix flake syntax checking
  • Build Testing: Configuration build verification
  • Module Testing: Individual component validation
  • Integration Testing: Full system deployment tests

Manual Testing

  • Boot Validation: System startup verification
  • Service Health: Application functionality checks
  • Network Connectivity: Inter-service communication tests
  • User Environment: Desktop and development tool validation

Deployment Status

Infrastructure Maturity

  • Multi-machine Configuration: 4 machines deployed
  • Service Integration: Git hosting, media server, file storage
  • Network Mesh: Secure VPN with service discovery
  • External Access: Public services with SSL termination
  • Centralized Management: Single repository for all infrastructure

Current Capabilities

  • Development Environment: Full IDE setup with multiple desktop options
  • File Services: Network storage with 900GB+ media library
  • Git Hosting: Self-hosted with external access
  • Media Streaming: Movie and TV series streaming with transcoding
  • Container Platform: Podman-based containerized services

Documentation

License

MIT License - see LICENSE for details.

NixOS Logo
Infrastructure designed for reliability, security, and maintainability.