my nix configs for my servers and desktop
nekomimi.pet
1# NixOS Infrastructure Configuration
2
3> **Note**: If you're reading this, you're either drunk me, or someone I trust with my hardware. If the latter, I love you. If the former, you need to lose weight stop drinking.
4
5## Overview
6
7Since late May 2025, I've decided to start managing my infrastructure through NixOS. This is still a long migration process from dockerizing almost everything.
8
9## Infrastructure
10
11All machines are named after Goetic demons:
12
13### 🎮 Focalor (Gaming PC)
14**Hardware**: AMD Ryzen 7 5800X + RTX 3070
15
16**Goal**: Convert to headless NixOS host running Windows VM for gaming + local services
17
18**Planned Services**:
19- Local LLM hosting
20- Gaming VM passthrough
21
22### 🏠 Valefar (Home Server)
23**Hardware**: AMD Ryzen 5 5600 + GTX 1650
24
25**NixOS Services**:
26- S3 storage via Garage, see `services/garage.nix`
27- Forgejo, see `services/forgejo.nix`
28- Tailscale connectivity
29
30**Docker Services** ([docker-compose](https://git.nekomimi.pet/waveringana/docker-compose)):
31- PocketID authentication
32- Affine notes
33- Komodo
34- Valheim server
35- Vaultwarden password manager
36- Beszel
37
38### 🥧 Morax (Raspberry Pi 4)
39**Hardware**: Raspberry Pi 4
40
41**Services**:
42- Pi-hole DNS filtering
43- Speedtest monitoring (every 10 minutes)
44- Headscale connection
45
46**Notes**: Direct gigabit connection from router - looking to add more services to utilize bandwidth
47
48### 🍎 Gabriel
49**Hardware**: M4 16gb Mac Mini
50
51**Services**:
52- Runs three github actions runners for embedder, simplelink, and simplegit
53
54### 🏴☠️ Buer (LiteServer VPS)
55**Hardware**: 1 core, 1GB RAM, 20TB data cap
56
57**Services**:
58- Headscale server
59- Exit node for privacy/torrenting
60
61**Notes**: DMCA-friendly provider
62
63### ☁️ Elise (Oracle Cloud VPS)
64**Hardware**: 4 Ampere ARM cores, 24GB RAM, 4TB data cap
65
66**Status**: Currently on Oracle Linux, planning to rename to "Vine"
67
68**Services**:
69- Komodo
70- [Personal website](https://github.com/waveringana/bunsite)
71- [Link shortener](https://git.nekomimi.pet/waveringana/simplelink)
72- [Embedder](https://git.nekomimi.pet/waveringana/embedder)
73- Minecraft server
74- Reverse proxy
75- Tailscale connectivity
76
77**Migration**: Planned conversion to NixOS, everything is under one big docker-compose file
78
79### Fly.io machines
80
81**atl**
82- exit node for headscale based in atlanta
83
84## Future Plans
85
86### Authentication & Identity Management
87- **LDAP Server** - Centralized user directory (considering OpenLDAP or FreeIPA)
88- **Authentik Integration** - Sync PocketID with Authentik for unified SSO across all services
89
90### Monitoring & Observability
91- **Advanced Uptime Monitoring** - Replace basic monitoring with more comprehensive solution
92 - Considering: StatusPage, Cachet, or custom Prometheus/Grafana setup
93- **Network Monitoring** - Deep visibility into network performance and usage
94 - Considering: LibreNMS, Zabbix, or PRTG alternative
95- **Centralized Logging** - Aggregate logs from all services (Loki + Promtail)
96- **Metrics Collection** - Unified dashboards showing health across all machines
97
98### Infrastructure Improvements
99- **Automated Backups** - Implement 3-2-1 backup strategy across all services
100- **Configuration Management** - Complete migration from Docker to declarative NixOS configs
101- **High Availability** - Service redundancy and failover capabilities (especially s3, can have Garage on vine + buer)
102
103### Service Expansion
104- **Media Server** - Jellyfin or Plex for media streaming
105- **CI/CD Pipeline** - Automated testing and deployment for personal projects
106