From 287141c623ad28529a318f5262d2a33dc61fc9fd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Torjus=20H=C3=A5kestad?= <torjus@usit.uio.no>
Date: Mon, 9 Feb 2026 16:21:08 +0100
Subject: [PATCH] hosts: add role metadata to all hosts

Assign roles to hosts for better organization and filtering:
- ha1: home-automation
- monitoring01, monitoring02: monitoring
- jelly01: media
- nats1: messaging
- http-proxy: proxy
- testvm01-03: test

Also promote kanidm01 and monitoring02 from test to prod tier.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 hosts/ha1/configuration.nix          | 2 ++
 hosts/http-proxy/configuration.nix   | 1 +
 hosts/jelly01/configuration.nix      | 2 ++
 hosts/kanidm01/configuration.nix     | 3 +--
 hosts/monitoring01/configuration.nix | 2 ++
 hosts/monitoring02/configuration.nix | 4 ++--
 hosts/nats1/configuration.nix        | 2 ++
 hosts/testvm01/configuration.nix     | 4 ++--
 hosts/testvm02/configuration.nix     | 4 ++--
 hosts/testvm03/configuration.nix     | 4 ++--
 10 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/hosts/ha1/configuration.nix b/hosts/ha1/configuration.nix
index 181e3b7..ce96519 100644
--- a/hosts/ha1/configuration.nix
+++ b/hosts/ha1/configuration.nix
@@ -13,6 +13,8 @@
     ../../common/vm
   ];
 
+  homelab.host.role = "home-automation";
+
   nixpkgs.config.allowUnfree = true;
   # Use the systemd-boot EFI boot loader.
   boot.loader.grub = {
diff --git a/hosts/http-proxy/configuration.nix b/hosts/http-proxy/configuration.nix
index 7cf9971..75364f8 100644
--- a/hosts/http-proxy/configuration.nix
+++ b/hosts/http-proxy/configuration.nix
@@ -11,6 +11,7 @@
     ../../common/vm
   ];
 
+  homelab.host.role = "proxy";
   homelab.dns.cnames = [
     "nzbget"
     "radarr"
diff --git a/hosts/jelly01/configuration.nix b/hosts/jelly01/configuration.nix
index 2e69519..efd73a7 100644
--- a/hosts/jelly01/configuration.nix
+++ b/hosts/jelly01/configuration.nix
@@ -11,6 +11,8 @@
     ../../common/vm
   ];
 
+  homelab.host.role = "media";
+
   nixpkgs.config.allowUnfree = true;
   # Use the systemd-boot EFI boot loader.
   boot.loader.grub = {
diff --git a/hosts/kanidm01/configuration.nix b/hosts/kanidm01/configuration.nix
index 7eca883..e3b015e 100644
--- a/hosts/kanidm01/configuration.nix
+++ b/hosts/kanidm01/configuration.nix
@@ -14,9 +14,8 @@
     ../../services/kanidm
   ];
 
-  # Host metadata
   homelab.host = {
-    tier = "test";
+    tier = "prod";
     role = "auth";
   };
 
diff --git a/hosts/monitoring01/configuration.nix b/hosts/monitoring01/configuration.nix
index 32c8f48..a437e81 100644
--- a/hosts/monitoring01/configuration.nix
+++ b/hosts/monitoring01/configuration.nix
@@ -11,6 +11,8 @@
     ../../common/vm
   ];
 
+  homelab.host.role = "monitoring";
+
   nixpkgs.config.allowUnfree = true;
   # Use the systemd-boot EFI boot loader.
   boot.loader.grub = {
diff --git a/hosts/monitoring02/configuration.nix b/hosts/monitoring02/configuration.nix
index f6fc6d3..1031c36 100644
--- a/hosts/monitoring02/configuration.nix
+++ b/hosts/monitoring02/configuration.nix
@@ -13,9 +13,9 @@
     ../../common/vm
   ];
 
-  # Host metadata (adjust as needed)
   homelab.host = {
-    tier = "test";  # Start in test tier, move to prod after validation
+    tier = "prod";
+    role = "monitoring";
   };
 
   # DNS CNAME for Grafana test instance
diff --git a/hosts/nats1/configuration.nix b/hosts/nats1/configuration.nix
index aab3a48..b85727e 100644
--- a/hosts/nats1/configuration.nix
+++ b/hosts/nats1/configuration.nix
@@ -11,6 +11,8 @@
     ../../common/vm
   ];
 
+  homelab.host.role = "messaging";
+
   nixpkgs.config.allowUnfree = true;
   # Use the systemd-boot EFI boot loader.
   boot.loader.grub = {
diff --git a/hosts/testvm01/configuration.nix b/hosts/testvm01/configuration.nix
index 0fe1fa5..44e5a48 100644
--- a/hosts/testvm01/configuration.nix
+++ b/hosts/testvm01/configuration.nix
@@ -14,9 +14,9 @@
     ../../common/ssh-audit.nix
   ];
 
-  # Host metadata (adjust as needed)
   homelab.host = {
-    tier = "test";  # Start in test tier, move to prod after validation
+    tier = "test";
+    role = "test";
   };
 
   # Enable Vault integration
diff --git a/hosts/testvm02/configuration.nix b/hosts/testvm02/configuration.nix
index d63e5b5..bbf15f8 100644
--- a/hosts/testvm02/configuration.nix
+++ b/hosts/testvm02/configuration.nix
@@ -14,9 +14,9 @@
     ../../common/ssh-audit.nix
   ];
 
-  # Host metadata (adjust as needed)
   homelab.host = {
-    tier = "test";  # Start in test tier, move to prod after validation
+    tier = "test";
+    role = "test";
   };
 
   # Enable Vault integration
diff --git a/hosts/testvm03/configuration.nix b/hosts/testvm03/configuration.nix
index cd0789d..4dd08df 100644
--- a/hosts/testvm03/configuration.nix
+++ b/hosts/testvm03/configuration.nix
@@ -14,9 +14,9 @@
     ../../common/ssh-audit.nix
   ];
 
-  # Host metadata (adjust as needed)
   homelab.host = {
-    tier = "test";  # Start in test tier, move to prod after validation
+    tier = "test";
+    role = "test";
   };
 
   # Enable Vault integration