···
1
+
# NixOS Infrastructure Configuration
3
+
> **Note**: If you're reading this, you're either drunk me, or someone I trust with my hardware. If the latter, I love you. If the former, you need to lose weight stop drinking.
7
+
Since late May 2025, I've decided to start managing my infrastructure through NixOS. This is still a long migration process from dockerizing almost everything.
11
+
All machines are named after Goetic demons:
13
+
### 🎮 Focalor (Gaming PC)
14
+
**Hardware**: AMD Ryzen 7 5800X + RTX 3070
16
+
**Goal**: Convert to headless NixOS host running Windows VM for gaming + local services
18
+
**Planned Services**:
20
+
- Gaming VM passthrough
22
+
### 🏠 Valefar (Home Server)
23
+
**Hardware**: AMD Ryzen 5 5600 + GTX 1650
26
+
- S3 storage via Garage, see `services/garage.nix`
27
+
- Forgejo, see `services/forgejo.nix`
28
+
- Tailscale connectivity
30
+
**Docker Services** ([docker-compose](https://git.nekomimi.pet/waveringana/docker-compose)):
31
+
- PocketID authentication
35
+
- Vaultwarden password manager
38
+
### 🥧 Morax (Raspberry Pi 4)
39
+
**Hardware**: Raspberry Pi 4
42
+
- Pi-hole DNS filtering
43
+
- Speedtest monitoring (every 10 minutes)
44
+
- Headscale connection
46
+
**Notes**: Direct gigabit connection from router - looking to add more services to utilize bandwidth
49
+
**Hardware**: M4 16gb Mac Mini
52
+
- Runs three github actions runners for embedder, simplelink, and simplegit
54
+
### 🏴☠️ Buer (LiteServer VPS)
55
+
**Hardware**: 1 core, 1GB RAM, 20TB data cap
59
+
- Exit node for privacy/torrenting
61
+
**Notes**: DMCA-friendly provider
63
+
### ☁️ Elise (Oracle Cloud VPS)
64
+
**Hardware**: 4 Ampere ARM cores, 24GB RAM, 4TB data cap
66
+
**Status**: Currently on Oracle Linux, planning to rename to "Vine"
70
+
- [Personal website](https://github.com/waveringana/bunsite)
71
+
- [Link shortener](https://git.nekomimi.pet/waveringana/simplelink)
72
+
- [Embedder](https://git.nekomimi.pet/waveringana/embedder)
75
+
- Tailscale connectivity
77
+
**Migration**: Planned conversion to NixOS, everything is under one big docker-compose file
82
+
- exit node for headscale based in atlanta
86
+
### Authentication & Identity Management
87
+
- **LDAP Server** - Centralized user directory (considering OpenLDAP or FreeIPA)
88
+
- **Authentik Integration** - Sync PocketID with Authentik for unified SSO across all services
90
+
### Monitoring & Observability
91
+
- **Advanced Uptime Monitoring** - Replace basic monitoring with more comprehensive solution
92
+
- Considering: StatusPage, Cachet, or custom Prometheus/Grafana setup
93
+
- **Network Monitoring** - Deep visibility into network performance and usage
94
+
- Considering: LibreNMS, Zabbix, or PRTG alternative
95
+
- **Centralized Logging** - Aggregate logs from all services (Loki + Promtail)
96
+
- **Metrics Collection** - Unified dashboards showing health across all machines
98
+
### Infrastructure Improvements
99
+
- **Automated Backups** - Implement 3-2-1 backup strategy across all services
100
+
- **Configuration Management** - Complete migration from Docker to declarative NixOS configs
101
+
- **High Availability** - Service redundancy and failover capabilities (especially s3, can have Garage on vine + buer)
103
+
### Service Expansion
104
+
- **Media Server** - Jellyfin or Plex for media streaming
105
+
- **CI/CD Pipeline** - Automated testing and deployment for personal projects
nekomimi.pet