diff --git a/Home Lab.md b/Home Lab.md new file mode 100644 index 0000000..8b4a429 --- /dev/null +++ b/Home Lab.md @@ -0,0 +1,12 @@ +## Services +| Service | Description | Source/Runtime | Domain | +|------------------|-----------------------------------|--------------------------------------|----------------------------------| +| Nix Binary Cache | LAN cache for nix derivations. | nix-serve (nixpkgs) | https://nixcache.raffauflabs.com | +| Navidrome | SubSonic-compatible music server. | nix-container (nixpkgs) | https://music.raffauflabs.com | +| Plex | Music, TV, and Movie streaming. | OCI: plexinc/pms-docker:public | https://plex.raffauflabs.com | +| Audiobookshelf | Podcasts & audiobooks. | OCI: advplyr/audiobookshelf:latest | https://podcasts.raffauflabs.com | +| FreshRSS | RSS & News reader. | OCI: freshrss/freshrss:latest | https://news.raffauflabs.com | +| Transmission | BitTorrent. | OCI: linuxserver/transmission:latest | Tailnet | +| Samba | LAN file shares. | nixpkgs | Tailnet | +| Nginx | Reverse proxy. | nixpkgs | Tailnet | +| Ollama | Runs opensource LLMs. | nixpkgs | Tailnet | \ No newline at end of file diff --git a/Home.md b/Home.md index 7ebd658..1999d27 100644 --- a/Home.md +++ b/Home.md @@ -1 +1,33 @@ -1. [[Networking]] \ No newline at end of file +1. [[Home Lab]] +1. [[Hosts]] +1. [[Networking]] +1. [[Secrets]] + +## Deploying to NixOS +> :red_circle: **Do not deploy this flake unmodified to your machine. It won't work.** +> This is my own [NixOS](https://nixos.org/) and [home-manager](https://github.com/nix-community/home-manager) flake for my personal devices. +> Each hardware configuration is host-specific. If you fork this repository, replace them with the hardware-configuration that NixOS generates for you. + +### Enabling Flakes +While widely used and considered stable, [flakes](https://nixos.wiki/wiki/Flakes) are still considered experimental. To enable Flakes, add the following lines to your `configuration.nix` and rebuild. +```nix +nix.settings.experimental-features = [ "nix-command" "flakes" ]; +``` + +Alternatively, pass `--experimental-features "nix-command flakes"` to `nix` to temporarily use flakes. + +### Building Flake +In order to deploy this Flake on your host, run the following command: +```console +sudo nixos-rebuild boot --flake github:alyraffauf/nixcfg#$HOSTNAME +``` +Substitute `$HOSTNAME` for whichever hostname you have chosen. Reboot to apply the flake's configuration for the chosen host. + +### Installing from Live USB +> :red_circle: **This will erase your computer's disk** as specified by the host configuration, installing a fresh copy of NixOS. Backup first! + +If you want to install NixOS from this flake, run the following commands, ideally from a NixOS live environment, substituting `$HOSTNAME` with a NixOS configuration specified in `flake.nix`. +```console +sudo nix --experimental-features "nix-command flakes" run github:alyraffauf/nixcfg -- $HOSTNAME +``` + diff --git a/Hosts.md b/Hosts.md new file mode 100644 index 0000000..7fd10f6 --- /dev/null +++ b/Hosts.md @@ -0,0 +1,31 @@ +## Hosts + +| Host | lavaridge | petalburg | rustboro | +|---------|----------------------|-------------------------|------------------------| +| Model | Framework Laptop 13 | Lenovo Yoga 9i Gen 8 | ThinkPad T440p | +| Display | 13.5" 2256x1504 60Hz | 14" 2880x1800 90hz OLED | 14" 1920x1080 60hz | +| CPU | AMD Ryzen 7640U | Intel Core i7-1360P | Intel Core i5-4210M | +| RAM | 32GB DDR5-5600Mhz | 16GB LPDDR5-5200Mhz | 16GB DDR3L-1600Mhz | +| GPU | AMD Radeon 760M | Intel Iris Xe Graphics | Intel HD Graphics 4600 | +| Storage | 1TB Sk hynix P41 | 512GB M.2 PCIe 4.0 | 512GB SATA SSD | +| Desktop | Hyprland | Sway (tablet mode) | Sway | + +| Host | fallarbor | mauville | +|---------|------------------------|-------------------------| +| Model | Framework Laptop 13 | Custom Mini-ITX Desktop | +| Display | 13.5" 2256x1504 60Hz | 34" 3440x1440 160Hz VA | +| CPU | Intel Core i5-1135G7 | AMD Ryzen 5 2600 | +| RAM | 16GB DDR4-3200Mhz | 16GB DDR4-3200Mhz | +| GPU | Intel Iris Xe Graphics | AMD Radeon Rx 6700 | +| Storage | 512GB M.2 PCIe 3.0 | 1TB M.2 PCIe 3.0 | +| Desktop | Hyprland | Sway | + +## Provisioning New Hosts +1. Create `hosts/$HOSTNAME/default.nix` and other host-specific nix modules (e.g. `disko.nix`,`hardware.nix`, and `home.nix`). +2. Add host to `nixosConfigurations` in `flake.nix`. +3. (OPTIONAL) Generate a `cert.pem`, `key.pem`, and device ID for Syncthing with `syncthing -generate=$HOSTNAME`. Find the device ID in the generated `config.xml` and add it to `nixosModules/services/syncthing/default.nix`, encrypt the cert and key with agenix, and set them as appropriate in the host configuration. +4. Install NixOS from this flake. Secrets will _not_ be available on first boot. +5. Copy the new system's public SSH key (`/etc/ssh/ssh_host_ed25519_key.pub`) to the host configuration (`host/$HOSTNAME/ssh.pub`). +6. Add the new public key to `secrets/secrets.nix` and rekey all secrets with `agenix --rekey`. +7. Rebuild the new system from git. Secrets will be automatically decrypted and immediately available in `/run/agenix/`. +8. (OPTIONAL) Generate a new user SSH key and add it to `nixosModules/users/default.nix` in order to enable passwordless logins to other hosts. \ No newline at end of file