From 2f51c96e9ab32d077856d7a106b00686ff4be208 Mon Sep 17 00:00:00 2001 From: waveringana Date: Tue, 3 Jun 2025 01:33:38 -0400 Subject: [PATCH] update garage, add readme --- README.md | 106 ++++++++++++++++++++++++++++++++++++++++++++ services/garage.nix | 2 +- 2 files changed, 107 insertions(+), 1 deletion(-) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..35e842f --- /dev/null +++ b/README.md @@ -0,0 +1,106 @@ +# NixOS Infrastructure Configuration + +> **Note**: If you're reading this, you're either drunk me, or someone I trust with my hardware. If the latter, I love you. If the former, you need to lose weight stop drinking. + +## Overview + +Since late May 2025, I've decided to start managing my infrastructure through NixOS. This is still a long migration process from dockerizing almost everything. + +## Infrastructure + +All machines are named after Goetic demons: + +### 🎮 Focalor (Gaming PC) +**Hardware**: AMD Ryzen 7 5800X + RTX 3070 + +**Goal**: Convert to headless NixOS host running Windows VM for gaming + local services + +**Planned Services**: +- Local LLM hosting +- Gaming VM passthrough + +### 🏠 Valefar (Home Server) +**Hardware**: AMD Ryzen 5 5600 + GTX 1650 + +**NixOS Services**: +- S3 storage via Garage, see `services/garage.nix` +- Forgejo, see `services/forgejo.nix` +- Tailscale connectivity + +**Docker Services** ([docker-compose](https://git.nekomimi.pet/waveringana/docker-compose)): +- PocketID authentication +- Affine notes +- Komodo +- Valheim server +- Vaultwarden password manager +- Beszel + +### 🥧 Morax (Raspberry Pi 4) +**Hardware**: Raspberry Pi 4 + +**Services**: +- Pi-hole DNS filtering +- Speedtest monitoring (every 10 minutes) +- Headscale connection + +**Notes**: Direct gigabit connection from router - looking to add more services to utilize bandwidth + +### 🍎 Gabriel +**Hardware**: M4 16gb Mac Mini + +**Services**: +- Runs three github actions runners for embedder, simplelink, and simplegit + +### 🏴‍☠️ Buer (LiteServer VPS) +**Hardware**: 1 core, 1GB RAM, 20TB data cap + +**Services**: +- Headscale server +- Exit node for privacy/torrenting + +**Notes**: DMCA-friendly provider + +### ☁️ Elise (Oracle Cloud VPS) +**Hardware**: 4 Ampere ARM cores, 24GB RAM, 4TB data cap + +**Status**: Currently on Oracle Linux, planning to rename to "Vine" + +**Services**: +- Komodo +- [Personal website](https://github.com/waveringana/bunsite) +- [Link shortener](https://git.nekomimi.pet/waveringana/simplelink) +- [Embedder](https://git.nekomimi.pet/waveringana/embedder) +- Minecraft server +- Reverse proxy +- Tailscale connectivity + +**Migration**: Planned conversion to NixOS, everything is under one big docker-compose file + +### Fly.io machines + +**atl** +- exit node for headscale based in atlanta + +## Future Plans + +### Authentication & Identity Management +- **LDAP Server** - Centralized user directory (considering OpenLDAP or FreeIPA) +- **Authentik Integration** - Sync PocketID with Authentik for unified SSO across all services + +### Monitoring & Observability +- **Advanced Uptime Monitoring** - Replace basic monitoring with more comprehensive solution + - Considering: StatusPage, Cachet, or custom Prometheus/Grafana setup +- **Network Monitoring** - Deep visibility into network performance and usage + - Considering: LibreNMS, Zabbix, or PRTG alternative +- **Centralized Logging** - Aggregate logs from all services (Loki + Promtail) +- **Metrics Collection** - Unified dashboards showing health across all machines + +### Infrastructure Improvements +- **Automated Backups** - Implement 3-2-1 backup strategy across all services +- **Configuration Management** - Complete migration from Docker to declarative NixOS configs +- **High Availability** - Service redundancy and failover capabilities (especially s3, can have Garage on vine + buer) + +### Service Expansion +- **Media Server** - Jellyfin or Plex for media streaming +- **CI/CD Pipeline** - Automated testing and deployment for personal projects + diff --git a/services/garage.nix b/services/garage.nix index bac8f2a..488405a 100644 --- a/services/garage.nix +++ b/services/garage.nix @@ -13,7 +13,7 @@ rpc_public_addr = "[::]:3901"; rpc_secret_file = config.age.secrets."garage-rpc-secret".path; s3_api = { - s3_region = "garage"; + s3_region = config.networking.hostName; api_bind_addr = "[::]:3900"; root_domain = ".s3.nekomimi.pet"; };