From 12bf0683f57bbcbcca7bf1e3c62592bb6f540efa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Torjus=20H=C3=A5kestad?= Date: Sat, 7 Feb 2026 02:49:58 +0100 Subject: [PATCH 1/3] modules: add homelab.host for host metadata Add a shared `homelab.host` module that provides host metadata for multiple consumers: - tier: deployment tier (test/prod) for future homelab-deploy service - priority: alerting priority (high/low) for Prometheus label filtering - role: primary role of the host (dns, database, monitoring, etc.) - labels: free-form labels for additional metadata Host configurations updated with appropriate values: - ns1, ns2: role=dns with dns_role labels - nix-cache01: priority=low, role=build-host - vault01: role=vault - jump: role=bastion - template, template2, testvm01, vaulttest01: tier=test, priority=low The module is now imported via commonModules in flake.nix, making it available to all hosts including minimal configurations like template2. Co-Authored-By: Claude Opus 4.5 --- docs/plans/nats-deploy-service.md | 3 ++ docs/plans/prometheus-scrape-target-labels.md | 3 ++ flake.nix | 1 + hosts/jump/configuration.nix | 3 ++ hosts/nix-cache01/configuration.nix | 5 ++++ hosts/ns1/configuration.nix | 5 ++++ hosts/ns2/configuration.nix | 5 ++++ hosts/template/configuration.nix | 5 ++++ hosts/template2/configuration.nix | 5 ++++ hosts/testvm01/configuration.nix | 5 ++++ hosts/vault01/configuration.nix | 2 ++ hosts/vaulttest01/configuration.nix | 6 ++++ modules/homelab/default.nix | 1 + modules/homelab/host.nix | 28 +++++++++++++++++++ .../templates/configuration.nix.j2 | 5 ++++ system/default.nix | 2 -- 16 files changed, 82 insertions(+), 2 deletions(-) create mode 100644 modules/homelab/host.nix diff --git a/docs/plans/nats-deploy-service.md b/docs/plans/nats-deploy-service.md index c811cb8..dadbda7 100644 --- a/docs/plans/nats-deploy-service.md +++ b/docs/plans/nats-deploy-service.md @@ -240,6 +240,9 @@ All NKeys stored in Vault - MCP gets limited credentials, admin CLI gets full-ac Rather than defining `tier` in the listener config, use a central `homelab.host` module that provides host metadata for multiple consumers. This aligns with the approach proposed in `docs/plans/prometheus-scrape-target-labels.md`. +**Status:** The `homelab.host` module is implemented in `modules/homelab/host.nix`. +Hosts can be filtered by tier using `config.homelab.host.tier`. + **Module definition (in `modules/homelab/host.nix`):** ```nix homelab.host = { diff --git a/docs/plans/prometheus-scrape-target-labels.md b/docs/plans/prometheus-scrape-target-labels.md index 2261dc8..c0b159c 100644 --- a/docs/plans/prometheus-scrape-target-labels.md +++ b/docs/plans/prometheus-scrape-target-labels.md @@ -58,6 +58,9 @@ This implementation uses a shared `homelab.host` module that provides host metad ### 1. Create `homelab.host` module +**Status:** Step 1 (Create `homelab.host` module) is complete. The module is in +`modules/homelab/host.nix` with tier, priority, role, and labels options. + Create `modules/homelab/host.nix` with shared host metadata options: ```nix diff --git a/flake.nix b/flake.nix index 4c68d79..ebcbd6c 100644 --- a/flake.nix +++ b/flake.nix @@ -58,6 +58,7 @@ ) sops-nix.nixosModules.sops nixos-exporter.nixosModules.default + ./modules/homelab ]; allSystems = [ "x86_64-linux" diff --git a/hosts/jump/configuration.nix b/hosts/jump/configuration.nix index a0923c2..0979c9d 100644 --- a/hosts/jump/configuration.nix +++ b/hosts/jump/configuration.nix @@ -8,6 +8,9 @@ ]; nixpkgs.config.allowUnfree = true; + + homelab.host.role = "bastion"; + # Use the systemd-boot EFI boot loader. boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/sda"; diff --git a/hosts/nix-cache01/configuration.nix b/hosts/nix-cache01/configuration.nix index 097362b..7d9394b 100644 --- a/hosts/nix-cache01/configuration.nix +++ b/hosts/nix-cache01/configuration.nix @@ -13,6 +13,11 @@ homelab.dns.cnames = [ "nix-cache" "actions1" ]; + homelab.host = { + priority = "low"; + role = "build-host"; + }; + fileSystems."/nix" = { device = "/dev/disk/by-label/nixcache"; fsType = "xfs"; diff --git a/hosts/ns1/configuration.nix b/hosts/ns1/configuration.nix index 5dca77a..c5b9e88 100644 --- a/hosts/ns1/configuration.nix +++ b/hosts/ns1/configuration.nix @@ -49,6 +49,11 @@ ]; vault.enable = true; + homelab.host = { + role = "dns"; + labels.dns_role = "primary"; + }; + nix.settings.tarball-ttl = 0; environment.systemPackages = with pkgs; [ vim diff --git a/hosts/ns2/configuration.nix b/hosts/ns2/configuration.nix index 29c9697..c49c5e5 100644 --- a/hosts/ns2/configuration.nix +++ b/hosts/ns2/configuration.nix @@ -49,6 +49,11 @@ ]; vault.enable = true; + homelab.host = { + role = "dns"; + labels.dns_role = "secondary"; + }; + environment.systemPackages = with pkgs; [ vim wget diff --git a/hosts/template/configuration.nix b/hosts/template/configuration.nix index 33ec69a..e974a49 100644 --- a/hosts/template/configuration.nix +++ b/hosts/template/configuration.nix @@ -11,6 +11,11 @@ # Template host - exclude from DNS zone generation homelab.dns.enable = false; + homelab.host = { + tier = "test"; + priority = "low"; + }; + boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/sda"; diff --git a/hosts/template2/configuration.nix b/hosts/template2/configuration.nix index 97a1aef..9b921be 100644 --- a/hosts/template2/configuration.nix +++ b/hosts/template2/configuration.nix @@ -32,6 +32,11 @@ datasource_list = [ "ConfigDrive" "NoCloud" ]; }; + homelab.host = { + tier = "test"; + priority = "low"; + }; + boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/vda"; networking.hostName = "nixos-template2"; diff --git a/hosts/testvm01/configuration.nix b/hosts/testvm01/configuration.nix index f8e174c..95f9233 100644 --- a/hosts/testvm01/configuration.nix +++ b/hosts/testvm01/configuration.nix @@ -16,6 +16,11 @@ # Test VM - exclude from DNS zone generation homelab.dns.enable = false; + homelab.host = { + tier = "test"; + priority = "low"; + }; + nixpkgs.config.allowUnfree = true; boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/vda"; diff --git a/hosts/vault01/configuration.nix b/hosts/vault01/configuration.nix index 9aa7fc9..1b1faef 100644 --- a/hosts/vault01/configuration.nix +++ b/hosts/vault01/configuration.nix @@ -16,6 +16,8 @@ homelab.dns.cnames = [ "vault" ]; + homelab.host.role = "vault"; + nixpkgs.config.allowUnfree = true; boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/vda"; diff --git a/hosts/vaulttest01/configuration.nix b/hosts/vaulttest01/configuration.nix index b315e09..fd2bb57 100644 --- a/hosts/vaulttest01/configuration.nix +++ b/hosts/vaulttest01/configuration.nix @@ -39,6 +39,12 @@ in ../../common/vm ]; + homelab.host = { + tier = "test"; + priority = "low"; + role = "vault"; + }; + nixpkgs.config.allowUnfree = true; boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/vda"; diff --git a/modules/homelab/default.nix b/modules/homelab/default.nix index b945a3d..a803d45 100644 --- a/modules/homelab/default.nix +++ b/modules/homelab/default.nix @@ -2,6 +2,7 @@ { imports = [ ./dns.nix + ./host.nix ./monitoring.nix ]; } diff --git a/modules/homelab/host.nix b/modules/homelab/host.nix new file mode 100644 index 0000000..226f138 --- /dev/null +++ b/modules/homelab/host.nix @@ -0,0 +1,28 @@ +{ lib, ... }: +{ + options.homelab.host = { + tier = lib.mkOption { + type = lib.types.enum [ "test" "prod" ]; + default = "prod"; + description = "Deployment tier - controls which credentials can deploy to this host"; + }; + + priority = lib.mkOption { + type = lib.types.enum [ "high" "low" ]; + default = "high"; + description = "Alerting priority - low priority hosts have relaxed thresholds"; + }; + + role = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Primary role of this host (dns, database, monitoring, etc.)"; + }; + + labels = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + default = { }; + description = "Additional free-form labels (e.g., dns_role = 'primary')"; + }; + }; +} diff --git a/scripts/create-host/templates/configuration.nix.j2 b/scripts/create-host/templates/configuration.nix.j2 index 4135a5e..909d319 100644 --- a/scripts/create-host/templates/configuration.nix.j2 +++ b/scripts/create-host/templates/configuration.nix.j2 @@ -13,6 +13,11 @@ ../../common/vm ]; + # Host metadata (adjust as needed) + homelab.host = { + tier = "test"; # Start in test tier, move to prod after validation + }; + nixpkgs.config.allowUnfree = true; boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/vda"; diff --git a/system/default.nix b/system/default.nix index d440db3..7e3c80f 100644 --- a/system/default.nix +++ b/system/default.nix @@ -12,7 +12,5 @@ ./sops.nix ./sshd.nix ./vault-secrets.nix - - ../modules/homelab ]; } -- 2.49.1 From be2421746e9d68dfe58b5a9573a395af7014b264 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Torjus=20H=C3=A5kestad?= Date: Sat, 7 Feb 2026 02:51:27 +0100 Subject: [PATCH 2/3] gitignore: add result-* for parallel nix builds Co-Authored-By: Claude Opus 4.5 --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index fa65636..567ee61 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ .direnv/ result +result-* # Terraform/OpenTofu terraform/.terraform/ -- 2.49.1 From a926d3428789c72a5f453047dbf848801273e24c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Torjus=20H=C3=A5kestad?= Date: Sat, 7 Feb 2026 02:54:32 +0100 Subject: [PATCH 3/3] nix-cache01: set priority to high Co-Authored-By: Claude Opus 4.5 --- hosts/nix-cache01/configuration.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/hosts/nix-cache01/configuration.nix b/hosts/nix-cache01/configuration.nix index 7d9394b..c3192a8 100644 --- a/hosts/nix-cache01/configuration.nix +++ b/hosts/nix-cache01/configuration.nix @@ -13,10 +13,7 @@ homelab.dns.cnames = [ "nix-cache" "actions1" ]; - homelab.host = { - priority = "low"; - role = "build-host"; - }; + homelab.host.role = "build-host"; fileSystems."/nix" = { device = "/dev/disk/by-label/nixcache"; -- 2.49.1