reorganized top levels

Aly Raffauf 2024-06-10 14:13:57 -04:00
parent 65c254d4df
commit de54fef058
5 changed files with 39 additions and 34 deletions

@ -1,12 +0,0 @@
## Services
| Service | Description | Source/Runtime | Domain |
|------------------|-----------------------------------|--------------------------------------|----------------------------------|
| Nix Binary Cache | LAN cache for nix derivations. | nix-serve (nixpkgs) | https://nixcache.raffauflabs.com |
| Navidrome | SubSonic-compatible music server. | nix-container (nixpkgs) | https://music.raffauflabs.com |
| Plex | Music, TV, and Movie streaming. | OCI: plexinc/pms-docker:public | https://plex.raffauflabs.com |
| Audiobookshelf | Podcasts & audiobooks. | OCI: advplyr/audiobookshelf:latest | https://podcasts.raffauflabs.com |
| FreshRSS | RSS & News reader. | OCI: freshrss/freshrss:latest | https://news.raffauflabs.com |
| Transmission | BitTorrent. | OCI: linuxserver/transmission:latest | Tailnet |
| Samba | LAN file shares. | nixpkgs | Tailnet |
| Nginx | Reverse proxy. | nixpkgs | Tailnet |
| Ollama | Runs opensource LLMs. | nixpkgs | Tailnet |

@ -1,7 +1,9 @@
1. [[Home Lab]]
1. [[Hosts]]
1. [[Networking]]
1. [[Secrets]]
1. [[nixosModules]]
1. [[homeManagerModules]]
1. [[Tips & Tricks]]
## Deploying to NixOS
> :red_circle: **Do not deploy this flake unmodified to your machine. It won't work.**

@ -18,12 +18,17 @@
| Storage | 512GB M.2 PCIe 3.0 | 1TB M.2 PCIe 3.0 |
| Desktop | Hyprland | Sway |
## Provisioning New Devices
1. Create `hosts/$HOSTNAME/default.nix` and other host-specific nix modules (e.g. `disko.nix`,`hardware.nix`, and `home.nix`).
2. Add host to `nixosConfigurations` in `flake.nix`.
3. (OPTIONAL) Generate a `cert.pem`, `key.pem`, and device ID for Syncthing with `syncthing -generate=$HOSTNAME`. Find the device ID in the generated `config.xml` and add it to `nixosModules/services/syncthing/default.nix`, encrypt the cert and key with agenix, and set them as appropriate in the host configuration.
4. Install NixOS from this flake. Secrets will _not_ be available on first boot.
5. Copy the new system's public SSH key (`/etc/ssh/ssh_host_ed25519_key.pub`) to the host configuration (`host/$HOSTNAME/ssh.pub`).
6. Add the new public key to `secrets/secrets.nix` and rekey all secrets with `agenix --rekey`.
7. Rebuild the new system from git. Secrets will be automatically decrypted and immediately available in `/run/agenix/`.
8. (OPTIONAL) Generate a new user SSH key and add it to `nixosModules/users/default.nix` in order to enable passwordless logins to other hosts.
## mauville
### Services
| Service | Description | Source/Runtime | Domain |
|------------------|-----------------------------------|--------------------------------------|----------------------------------|
| Nix Binary Cache | LAN cache for nix derivations. | nix-serve (nixpkgs) | https://nixcache.raffauflabs.com |
| Navidrome | SubSonic-compatible music server. | nix-container (nixpkgs) | https://music.raffauflabs.com |
| Plex | Music, TV, and Movie streaming. | OCI: plexinc/pms-docker:public | https://plex.raffauflabs.com |
| Audiobookshelf | Podcasts & audiobooks. | OCI: advplyr/audiobookshelf:latest | https://podcasts.raffauflabs.com |
| FreshRSS | RSS & News reader. | OCI: freshrss/freshrss:latest | https://news.raffauflabs.com |
| Transmission | BitTorrent. | OCI: linuxserver/transmission:latest | Tailnet |
| Samba | LAN file shares. | nixpkgs | Tailnet |
| Nginx | Reverse proxy. | nixpkgs | Tailnet |
| Ollama | Runs opensource LLMs. | nixpkgs | Tailnet |

@ -1,11 +0,0 @@
## WiFi
WiFi networks can be configured declratively in `nixosModules/system/wifi.nix` using `networking.networkmanager.ensureProfiles.profiles`, provided by nixpkgs.
### Generating WiFi Profiles
[nm2nix](https://github.com/janik-haag/nm2nix) can generate nix-compatible code for all the WiFi networks in `/etc/NetworkManager/system-connections/` and `/run/NetworkManager/system-connections`.
```bash
sudo su -c "cd /etc/NetworkManager/system-connections && nix --extra-experimental-features 'nix-command flakes' run github:Janik-Haag/nm2nix | nix --extra-experimental-features 'nix-command flakes' run nixpkgs#nixfmt-rfc-style"
```

21
Tips & Tricks.md Normal file

@ -0,0 +1,21 @@
## Provisioning New Devices
1. Create `hosts/$HOSTNAME/default.nix` and other host-specific nix modules (e.g. `disko.nix`,`hardware.nix`, and `home.nix`).
2. Add host to `nixosConfigurations` in `flake.nix`.
3. (OPTIONAL) Generate a `cert.pem`, `key.pem`, and device ID for Syncthing with `syncthing -generate=$HOSTNAME`. Find the device ID in the generated `config.xml` and add it to `nixosModules/services/syncthing/default.nix`, encrypt the cert and key with agenix, and set them as appropriate in the host configuration.
4. Install NixOS from this flake. Secrets will _not_ be available on first boot.
5. Copy the new system's public SSH key (`/etc/ssh/ssh_host_ed25519_key.pub`) to the host configuration (`host/$HOSTNAME/ssh.pub`).
6. Add the new public key to `secrets/secrets.nix` and rekey all secrets with `agenix --rekey`.
7. Rebuild the new system from git. Secrets will be automatically decrypted and immediately available in `/run/agenix/`.
8. (OPTIONAL) Generate a new user SSH key and add it to `nixosModules/users/default.nix` in order to enable passwordless logins to other hosts.
## WiFi
WiFi networks can be configured declratively in `nixosModules/system/wifi.nix` using `networking.networkmanager.ensureProfiles.profiles`, provided by nixpkgs.
### Generating WiFi Profiles
[nm2nix](https://github.com/janik-haag/nm2nix) can generate nix-compatible code for all the WiFi networks in `/etc/NetworkManager/system-connections/` and `/run/NetworkManager/system-connections`.
```bash
sudo su -c "cd /etc/NetworkManager/system-connections && nix --extra-experimental-features 'nix-command flakes' run github:Janik-Haag/nm2nix | nix --extra-experimental-features 'nix-command flakes' run nixpkgs#nixfmt-rfc-style"
```