| common | ||
| home/regent | ||
| hosts | ||
| modules | ||
| secrets | ||
| flake.lock | ||
| flake.nix | ||
| host-secrets.nix | ||
| README.md | ||
NixOS Infrastructure Configuration
Note
: If you're reading this, you're either drunk me, or someone I trust with my hardware. If the latter, I love you. If the former, you need to lose weight stop drinking.
Overview
Since late May 2025, I've decided to start managing my infrastructure through NixOS. This is still a long migration process from dockerizing almost everything.
Infrastructure
All machines are named after Goetic demons:
🎮 Focalor (Gaming PC)
Hardware: AMD Ryzen 7 5800X + RTX 3070
Goal: Convert to headless NixOS host running Windows VM for gaming + local services
Planned Services:
- Local LLM hosting
- Gaming VM passthrough
🏠 Valefar (Home Server)
Hardware: AMD Ryzen 5 5600 + GTX 1650
NixOS Services:
- S3 storage via Garage, see
services/garage.nix - Forgejo, see
services/forgejo.nix - Tailscale connectivity
Docker Services (docker-compose):
- PocketID authentication
- Affine notes
- Komodo
- Valheim server
- Vaultwarden password manager
- Beszel
🥧 Morax (Raspberry Pi 4)
Hardware: Raspberry Pi 4
Services:
- Pi-hole DNS filtering
- Speedtest monitoring (every 10 minutes)
- Headscale connection
Notes: Direct gigabit connection from router - looking to add more services to utilize bandwidth
🍎 Gabriel
Hardware: M4 16gb Mac Mini
Services:
- Runs three github actions runners for embedder, simplelink, and simplegit
🏴☠️ Buer (LiteServer VPS)
Hardware: 1 core, 1GB RAM, 20TB data cap
Services:
- Headscale server
- Exit node for privacy/torrenting
Notes: DMCA-friendly provider
☁️ Elise (Oracle Cloud VPS)
Hardware: 4 Ampere ARM cores, 24GB RAM, 4TB data cap
Status: Currently on Oracle Linux, planning to rename to "Vine"
Services:
- Komodo
- Personal website
- Link shortener
- Embedder
- Minecraft server
- Reverse proxy
- Tailscale connectivity
Migration: Planned conversion to NixOS, everything is under one big docker-compose file
Fly.io machines
atl
- exit node for headscale based in atlanta
Future Plans
Authentication & Identity Management
- LDAP Server - Centralized user directory (considering OpenLDAP or FreeIPA)
- Authentik Integration - Sync PocketID with Authentik for unified SSO across all services
Monitoring & Observability
- Advanced Uptime Monitoring - Replace basic monitoring with more comprehensive solution
- Considering: StatusPage, Cachet, or custom Prometheus/Grafana setup
- Network Monitoring - Deep visibility into network performance and usage
- Considering: LibreNMS, Zabbix, or PRTG alternative
- Centralized Logging - Aggregate logs from all services (Loki + Promtail)
- Metrics Collection - Unified dashboards showing health across all machines
Infrastructure Improvements
- Automated Backups - Implement 3-2-1 backup strategy across all services
- Configuration Management - Complete migration from Docker to declarative NixOS configs
- High Availability - Service redundancy and failover capabilities (especially s3, can have Garage on vine + buer)
Service Expansion
- Media Server - Jellyfin or Plex for media streaming
- CI/CD Pipeline - Automated testing and deployment for personal projects