History

Jay Looney 630f9b0074 even more backups of things		2025-10-28 16:11:45 -05:00
..
microvms	even more backups of things	2025-10-28 16:11:45 -05:00
secrets	even more backups of things	2025-10-28 16:11:45 -05:00
services	even more backups of things	2025-10-28 16:11:45 -05:00
configuration.nix	even more backups of things	2025-10-28 16:11:45 -05:00
default.nix	even more backups of things	2025-10-28 16:11:45 -05:00
hardware.nix	feat: split flake into multiple hosts and add homelab config	2025-06-06 22:28:42 -05:00
private-config.nix	even more backups of things	2025-10-28 16:11:45 -05:00
README.md	feat: add new host and start modularizing system configuration	2025-06-16 13:54:38 -05:00
semi-secret-vars.nix	feat: split flake into multiple hosts and add homelab config	2025-06-06 22:28:42 -05:00
sops.nix	even more backups of things	2025-10-28 16:11:45 -05:00

README.md

lithium

This is my primary homelab host/NAS, previously powered by TrueNAS Scale/k3s.

Manual Actions

Even with fully declarative Nix/Nixpkgs/NixOS at the end of the day there are still some actions that need to be taken manually.

secrets configuration (both for SOPS and git-agecrypt semi-secrets)
kanidm user management
tailscale auth key
jellyfin configuration via web-ui

Semi-Secrets

semi-secret-vars.nix is using git-agecrypt and following a pattern I discovered here:

Essentially there are some details I won't want exposed in the repository, but I do want them available to all my nix modules. The main one being the domain.

While it's not really a secret in the way a password is, consider this effort a mitigation against ddos attacks and automated requests and login attempts.