# Home lab configuration
The nix based configuration for my home lab.


## Deploying a new VM
1. Create a clone of the template VM in proxmox.
2. Change cloud-init config of the clone to contain the new IP address.
3. Create the configuration file in the `hosts/` folder.
4. Make sure the IPs match between the configuration file and the cloud-init config.
5. Create a secrets file with `sops edit secrets/HOSTNAME.yml` and put all required secrets in there.
6. Commit changes to git.
7. Start the VM.
8. Deploy the configuration with `colmena apply HOSTNAME`.
9. (Optional) If the VM requires an update to traefik run `colmena apply` to update all hosts.


## Updating packages
1. Run `nix flake update`.
2. Commit the changes to git.
3. Run `colmena apply`.


## File Organization
```
- hosts/        # Host definitions files
- roles/        # Role definition files
- secrets/      # Encrypted secrets for each host
- systems/base/ # Base system configuration shared by all hosts

- confgi.nix    # Global configuration options
```
## TODO:

### Services
**For sure**:
- FreshRSS: RSS server/reader
- Gramps: Family tree
- hoarder: Bookmark manager
- immich: Fotos
- Jellyfin: Watching media files
- Nextcloud: Files, contacts, calendar, etc
- Pterodactyl panel: Game servers
- Pterodactyl wings: Backend daemon for game servers
- Vaultwarden: Password manager

- Forgejo actions runner:

**Needs to run over VPN:**
- Prowlarr: 
- Radarr:
- Lidarr: 
- Sonarr:
- Transmission: Torrent clients (Different client maybe?)

**Websites**:
Might want to look at using something to host these + other self hosted projects like coolify on its own machine

- kallestruik.nl
- dchat.kallestruik.nl
- dconfig.kallestruik.nl
- shs.khs.li
- shs-gc.khs.li

**Maybe**:
- Hedgedoc: Shared markdown note editing
- Linkwarden: Shared link collections
- Mastodon: Federated social media
- Matrix: Federated chat
- Paperless: Document storage
- Stirling PDF: PDF tools

**Monitoring**:
Currently grafana for dashboard with other things supplying data into it. Might want to look at some options before using it again.

**Bastion**:
- VPN
- SSH jumphost to the rest of the network