geir/home-lab

Fork 0

History

Geir Okkenhaug Jerstad ec9efc5ca1 Some checks are pending 🏠 Home Lab CI/CD Pipeline / 🔍 Validate Configuration (push) Waiting to run Details 🏠 Home Lab CI/CD Pipeline / 🔨 Build Configurations (push) Blocked by required conditions Details 🏠 Home Lab CI/CD Pipeline / 🔒 Security Audit (push) Blocked by required conditions Details 🏠 Home Lab CI/CD Pipeline / 📚 Documentation & Modules (push) Blocked by required conditions Details 🏠 Home Lab CI/CD Pipeline / 🔄 Update Dependencies (push) Waiting to run Details 🏠 Home Lab CI/CD Pipeline / 🚀 Deploy Configuration (push) Blocked by required conditions Details 🏠 Home Lab CI/CD Pipeline / 📢 Notify Results (push) Blocked by required conditions Details feat: create modular user configurations ∙ ∙ User Accounts: ∙ ✅ geir - Primary user (development, desktop, multimedia) ∙ ✅ sma - Admin user (Diziet Sma, system administration) ∙ ✅ common.nix - Shared user settings and security ∙ ∙ Key Features: ∙ 🔧 Culture character naming (sma = Diziet Sma, SC agent) ∙ 🔒 Security-focused admin account (SSH keys only, passwordless sudo) ∙ 🛠<fe0f> Development-focused primary user (containers, virtualization, creative tools) ∙ 📦 Modern CLI tools and shell enhancements ∙ 🎯 Role-based package selection and group memberships ∙ ∙ Security Model: ∙ - SSH key authentication for admin users ∙ - Separate admin and daily-use accounts ∙ - Principle of least privilege ∙ - No root login allowed ∙ ∙ Integration: ∙ - Container runtime access (podman, incus) ∙ - Virtualization management (libvirt, virt-manager) ∙ - Development workflow (git, editors, languages) ∙ - Desktop environments (GNOME, Cosmic, Sway) ∙ ∙ Ready for machine-specific deployment across home lab infrastructure.	2025-06-04 16:56:22 +02:00
..
geir	feat: create modular user configurations	2025-06-04 16:56:22 +02:00
README.md	feat: add reverse-proxy and grey-area machines	2025-06-04 16:31:24 +02:00

Geir Okkenhaug Jerstad ec9efc5ca1

🏠 Home Lab CI/CD Pipeline / 🔍 Validate Configuration (push) Waiting to run

Details

🏠 Home Lab CI/CD Pipeline / 🔨 Build Configurations (push) Blocked by required conditions

Details

🏠 Home Lab CI/CD Pipeline / 🔒 Security Audit (push) Blocked by required conditions

Details

🏠 Home Lab CI/CD Pipeline / 📚 Documentation & Modules (push) Blocked by required conditions

Details

🏠 Home Lab CI/CD Pipeline / 🔄 Update Dependencies (push) Waiting to run

Details

🏠 Home Lab CI/CD Pipeline / 🚀 Deploy Configuration (push) Blocked by required conditions

Details

🏠 Home Lab CI/CD Pipeline / 📢 Notify Results (push) Blocked by required conditions

Details

feat: create modular user configurations

∙
∙ User Accounts:
∙ ✅ geir - Primary user (development, desktop, multimedia)
∙ ✅ sma - Admin user (Diziet Sma, system administration)
∙ ✅ common.nix - Shared user settings and security
∙
∙ Key Features:
∙ 🔧 Culture character naming (sma = Diziet Sma, SC agent)
∙ 🔒 Security-focused admin account (SSH keys only, passwordless sudo)
∙ 🛠<fe0f> Development-focused primary user (containers, virtualization, creative tools)
∙ 📦 Modern CLI tools and shell enhancements
∙ 🎯 Role-based package selection and group memberships
∙
∙ Security Model:
∙ - SSH key authentication for admin users
∙ - Separate admin and daily-use accounts
∙ - Principle of least privilege
∙ - No root login allowed
∙
∙ Integration:
∙ - Container runtime access (podman, incus)
∙ - Virtualization management (libvirt, virt-manager)
∙ - Development workflow (git, editors, languages)
∙ - Desktop environments (GNOME, Cosmic, Sway)
∙
∙ Ready for machine-specific deployment across home lab infrastructure.

2025-06-04 16:56:22 +02:00

geir

feat: create modular user configurations

2025-06-04 16:56:22 +02:00

README.md

feat: add reverse-proxy and grey-area machines

2025-06-04 16:31:24 +02:00

README.md

Users Directory Structure

This directory contains per-user configurations and dotfiles for the Home-lab infrastructure, organized to support multiple users across multiple machines.

Directory Organization

`geir/`

Primary user configuration for geir:

user.nix - NixOS user configuration (packages, groups, shell)
dotfiles/ - Literate programming dotfiles using org-mode
- README.org - Main literate configuration file
- emacs/ - Emacs-specific configurations
- shell/ - Shell configurations (zsh, bash, etc.)
- editors/ - Editor configurations (neovim, vscode)

Future Users

Additional user directories will follow the same pattern:

admin/ - Administrative user for system management
service/ - Service accounts for automation
guest/ - Temporary/guest user configurations

User Configuration Philosophy

NixOS Integration

Each user has a user.nix file that defines:

User account settings (shell, groups, home directory)
User-specific packages
System-level user configurations
Integration with home lab services

Literate Dotfiles

Each user's dotfiles/README.org serves as:

Single source of truth for all user configurations
Self-documenting setup with rationale
Auto-tangling to generate actual dotfiles
Version-controlled configuration history

Multi-Machine Consistency

User configurations are designed to work across machines:

congenital-optimist: Full development environment
sleeper-service: Minimal server access
Future machines: Consistent user experience

Dotfiles Structure

`dotfiles/README.org`

Main literate configuration file containing:

Shell configuration (zsh, starship, aliases)
Editor configurations (emacs, neovim)
Development tool settings
Git configuration
Machine-specific customizations

Subdirectories

emacs/ - Generated Emacs configuration files
shell/ - Generated shell configuration files
editors/ - Generated editor configuration files

Usage Examples

Importing User Configuration

# In machine configuration
imports = [
  ../../users/geir/user.nix
];

Adding New User

Create user directory: users/newuser/
Copy and adapt user.nix template
Create dotfiles/README.org with user-specific configs
Import in machine configurations as needed

Tangling Dotfiles

# From user's dotfiles directory
cd users/geir/dotfiles
emacs --batch -l org --eval "(org-babel-tangle-file \"README.org\")"

Design Principles

User Isolation: Each user's configs are self-contained
Machine Agnostic: Configs work across different machines
Literate Programming: All configs are documented and explained
Version Control: Full history of configuration changes
Automation: Auto-tangling and deployment workflows

Security Considerations

User-specific secrets managed separately
Limited cross-user access
Machine-appropriate privilege levels
Service account isolation

Naming Convention

User Directories: lowercase (e.g., geir/, admin/)
Configuration Files: descriptive names (e.g., user.nix, README.org)
Generated Files: follow target application conventions