# NixOS Infrastructure Configuration

> **Note**: If you're reading this, you're either drunk me, or someone I trust with my hardware. If the latter, I love you. If the former, you need to lose weight stop drinking.

## Overview

Since late May 2025, I've decided to start managing my infrastructure through NixOS. This is still a long migration process from dockerizing almost everything.

## Infrastructure

All machines are named after Goetic demons:

### 🎮 Focalor (Gaming PC)
**Hardware**: AMD Ryzen 7 5800X + RTX 3070

**Goal**: Convert to headless NixOS host running Windows VM for gaming + local services

**Planned Services**:
- Local LLM hosting
- Gaming VM passthrough

### 🏠 Valefar (Home Server)
**Hardware**: AMD Ryzen 5 5600 + GTX 1650

**NixOS Services**:
- S3 storage via Garage, see `services/garage.nix`
- Forgejo, see `services/forgejo.nix`
- Tailscale connectivity

**Docker Services** ([docker-compose](https://git.nekomimi.pet/waveringana/docker-compose)):
- PocketID authentication
- Affine notes
- Komodo
- Valheim server
- Vaultwarden password manager
- Beszel

### 🍎 Gabriel
**Hardware**: M4 16gb Mac Mini

**Services**:
- Runs three github actions runners for embedder, simplelink, and simplegit

### 🏴‍☠️ Buer (LiteServer VPS)
**Hardware**: 1 core, 1GB RAM, 20TB data cap

**Services**:
- Headscale server
- Exit node for privacy/torrenting

**Notes**: DMCA-friendly provider

### ☁️ Elise (Oracle Cloud VPS)
**Hardware**: 4 Ampere ARM cores, 24GB RAM, 4TB data cap

**Status**: Currently on Oracle Linux, planning to rename to "Vine"

**Services**:
- Komodo
- [Personal website](https://github.com/waveringana/bunsite)
- [Link shortener](https://git.nekomimi.pet/waveringana/simplelink)
- [Embedder](https://git.nekomimi.pet/waveringana/embedder)
- Minecraft server
- Reverse proxy
- Tailscale connectivity

**Migration**: Planned conversion to NixOS, everything is under one big docker-compose file

### Fly.io machines

**atl**
- exit node for headscale based in atlanta

## Future Plans

### Authentication & Identity Management
- **LDAP Server** - Centralized user directory (considering OpenLDAP or FreeIPA)
- **Authentik Integration** - Sync PocketID with Authentik for unified SSO across all services

### Monitoring & Observability
- **Advanced Uptime Monitoring** - Replace basic monitoring with more comprehensive solution
  - Considering: StatusPage, Cachet, or custom Prometheus/Grafana setup
- **Network Monitoring** - Deep visibility into network performance and usage
  - Considering: LibreNMS, Zabbix, or PRTG alternative
- **Centralized Logging** - Aggregate logs from all services (Loki + Promtail)
- **Metrics Collection** - Unified dashboards showing health across all machines

### Infrastructure Improvements
- **Automated Backups** - Implement 3-2-1 backup strategy across all services
- **Configuration Management** - Complete migration from Docker to declarative NixOS configs
- **High Availability** - Service redundancy and failover capabilities (especially s3, can have Garage on vine + buer)

### Service Expansion
- **Media Server** - Jellyfin or Plex for media streaming
- **CI/CD Pipeline** - Automated testing and deployment for personal projects