77e6b9a501
- Add modules/security/ssh-keys.nix for centralized SSH key management - Generate role-specific SSH keys with geir@geokkjer.eu email: - Admin key (geir@geokkjer.eu-admin) for sma user server access - Development key (geir@geokkjer.eu-dev) for geir user and git services - Update SSH client config with role-based host patterns - Configure users/geir.nix and users/sma.nix with appropriate key access - Add SSH key setup to both machine configurations - Create scripts/setup-ssh-keys.sh for key generation automation - Update plan.md with completed SSH security implementation Security benefits: - Principle of least privilege (separate admin vs dev access) - Limited blast radius if keys are compromised - Clear usage patterns: ssh admin-sleeper vs ssh geir@sleeper-service.home - Maintains compatibility with existing services during transition |
||
|---|---|---|
| .. | ||
| common | ||
| desktop | ||
| development | ||
| hardware | ||
| network | ||
| security | ||
| system | ||
| users | ||
| virtualization | ||
| README.md | ||
NixOS Modules Directory Structure
This directory contains reusable NixOS modules organized by functional domain for the Home-lab infrastructure.
Directory Organization
common/
Core modules shared across all machines in the home lab:
base.nix- Modern CLI tools, aliases, and essential packagestty.nix- Console configuration and themingnix.nix- Nix/flakes configuration and optimization settingsssh.nix- SSH server and security configurationsnetworking.nix- Basic networking and firewall settings
desktop/
Desktop environment configurations for workstation machines:
gnome.nix- GNOME desktop environment setupcosmic.nix- System76 COSMIC desktop configurationsway.nix- Sway window manager and Wayland setupfonts.nix- Font packages and configurationsaudio.nix- PipeWire/audio system setup
development/
Development tools and environments:
editors.nix- Text editors (Emacs, Neovim, VSCode)languages.nix- Programming languages and runtimestools.nix- Development utilities and CLI toolscontainers.nix- Development container toolsgit.nix- Git configuration and tools
virtualization/
Virtualization and containerization:
podman.nix- Podman container runtimelibvirt.nix- KVM/QEMU virtualizationincus.nix- System container managementdocker.nix- Docker runtime (if needed)
services/
Network services primarily for SleeperService file server:
nfs.nix- Network File System serversamba.nix- SMB/CIFS file sharingbackup.nix- Automated backup servicesmonitoring.nix- System monitoring and alertingstorage.nix- ZFS and storage managementmedia.nix- Media server services (Jellyfin/Plex)
users/
User management and shared user configurations:
common.nix- Shared user settings across machinesgroups.nix- System groups and permissionssecurity.nix- User security policies
Usage
Modules are imported in machine configurations like:
imports = [
../../modules/common/base.nix
../../modules/desktop/gnome.nix
../../modules/virtualization/podman.nix
];
Design Philosophy
- Modular: Each module has a single, clear responsibility
- Reusable: Modules work across different machine types
- Composable: Mix and match modules for different machine roles
- Documented: Each module includes usage examples and options
- Testable: Modules can be tested independently
Machine Profiles
CongenitalOptimist (Workstation)
- All desktop modules
- Development tools
- Virtualization stack
- User-focused configurations
sleeper-service (File Server)
- Common base only
- Service modules (NFS, Samba, backup)
- No desktop environment
- Server-focused configurations