2026-02-07 01:56:38 +00:00
17 changed files with 80 additions and 2 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
 .direnv/
 result
 result-*
 # Terraform/OpenTofu
 terraform/.terraform/
--- a/docs/plans/nats-deploy-service.md
+++ b/docs/plans/nats-deploy-service.md
@@ -240,6 +240,9 @@ All NKeys stored in Vault - MCP gets limited credentials, admin CLI gets full-ac
 Rather than defining `tier` in the listener config, use a central `homelab.host` module that provides host metadata for multiple consumers. This aligns with the approach proposed in `docs/plans/prometheus-scrape-target-labels.md`.
 **Status:** The `homelab.host` module is implemented in `modules/homelab/host.nix`.
 Hosts can be filtered by tier using `config.homelab.host.tier`.
 **Module definition (in `modules/homelab/host.nix`):**
 ```nix
 homelab.host = {
--- a/docs/plans/prometheus-scrape-target-labels.md
+++ b/docs/plans/prometheus-scrape-target-labels.md
@@ -58,6 +58,9 @@ This implementation uses a shared `homelab.host` module that provides host metad
 ### 1. Create `homelab.host` module
 **Status:** Step 1 (Create `homelab.host` module) is complete. The module is in
 `modules/homelab/host.nix` with tier, priority, role, and labels options.
 Create `modules/homelab/host.nix` with shared host metadata options:
 ```nix
--- a/flake.nix
+++ b/flake.nix
@@ -58,6 +58,7 @@
        )
        sops-nix.nixosModules.sops
        nixos-exporter.nixosModules.default
        ./modules/homelab
      ];
      allSystems = [
        "x86_64-linux"
--- a/hosts/jump/configuration.nix
+++ b/hosts/jump/configuration.nix
@@ -8,6 +8,9 @@
    ];
  nixpkgs.config.allowUnfree = true;
  homelab.host.role = "bastion";
  # Use the systemd-boot EFI boot loader.
  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/sda";
--- a/hosts/nix-cache01/configuration.nix
+++ b/hosts/nix-cache01/configuration.nix
@@ -13,6 +13,8 @@
  homelab.dns.cnames = [ "nix-cache" "actions1" ];
  homelab.host.role = "build-host";
  fileSystems."/nix" = {
    device = "/dev/disk/by-label/nixcache";
    fsType = "xfs";
--- a/hosts/ns1/configuration.nix
+++ b/hosts/ns1/configuration.nix
@@ -49,6 +49,11 @@
  ];
  vault.enable = true;
  homelab.host = {
    role = "dns";
    labels.dns_role = "primary";
  };
  nix.settings.tarball-ttl = 0;
  environment.systemPackages = with pkgs; [
    vim
--- a/hosts/ns2/configuration.nix
+++ b/hosts/ns2/configuration.nix
@@ -49,6 +49,11 @@
  ];
  vault.enable = true;
  homelab.host = {
    role = "dns";
    labels.dns_role = "secondary";
  };
  environment.systemPackages = with pkgs; [
    vim
    wget
--- a/hosts/template/configuration.nix
+++ b/hosts/template/configuration.nix
@@ -11,6 +11,11 @@
  # Template host - exclude from DNS zone generation
  homelab.dns.enable = false;
  homelab.host = {
    tier = "test";
    priority = "low";
  };
  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/sda";
--- a/hosts/template2/configuration.nix
+++ b/hosts/template2/configuration.nix
@@ -32,6 +32,11 @@
    datasource_list = [ "ConfigDrive" "NoCloud" ];
  };
  homelab.host = {
    tier = "test";
    priority = "low";
  };
  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/vda";
  networking.hostName = "nixos-template2";
--- a/hosts/testvm01/configuration.nix
+++ b/hosts/testvm01/configuration.nix
@@ -16,6 +16,11 @@
  # Test VM - exclude from DNS zone generation
  homelab.dns.enable = false;
  homelab.host = {
    tier = "test";
    priority = "low";
  };
  nixpkgs.config.allowUnfree = true;
  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/vda";
--- a/hosts/vault01/configuration.nix
+++ b/hosts/vault01/configuration.nix
@@ -16,6 +16,8 @@
  homelab.dns.cnames = [ "vault" ];
  homelab.host.role = "vault";
  nixpkgs.config.allowUnfree = true;
  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/vda";
--- a/hosts/vaulttest01/configuration.nix
+++ b/hosts/vaulttest01/configuration.nix
@@ -39,6 +39,12 @@ in
    ../../common/vm
  ];
  homelab.host = {
    tier = "test";
    priority = "low";
    role = "vault";
  };
  nixpkgs.config.allowUnfree = true;
  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/vda";
--- a/modules/homelab/default.nix
+++ b/modules/homelab/default.nix
@@ -2,6 +2,7 @@
 {
  imports = [
    ./dns.nix
    ./host.nix
    ./monitoring.nix
  ];
 }
--- a/modules/homelab/host.nix
+++ b/modules/homelab/host.nix
@@ -0,0 +1,28 @@
 { lib, ... }:
 {
  options.homelab.host = {
    tier = lib.mkOption {
      type = lib.types.enum [ "test" "prod" ];
      default = "prod";
      description = "Deployment tier - controls which credentials can deploy to this host";
    };
    priority = lib.mkOption {
      type = lib.types.enum [ "high" "low" ];
      default = "high";
      description = "Alerting priority - low priority hosts have relaxed thresholds";
    };
    role = lib.mkOption {
      type = lib.types.nullOr lib.types.str;
      default = null;
      description = "Primary role of this host (dns, database, monitoring, etc.)";
    };
    labels = lib.mkOption {
      type = lib.types.attrsOf lib.types.str;
      default = { };
      description = "Additional free-form labels (e.g., dns_role = 'primary')";
    };
  };
 }
--- a/scripts/create-host/templates/configuration.nix.j2
+++ b/scripts/create-host/templates/configuration.nix.j2
@@ -13,6 +13,11 @@
    ../../common/vm
  ];
  # Host metadata (adjust as needed)
  homelab.host = {
    tier = "test";  # Start in test tier, move to prod after validation
  };
  nixpkgs.config.allowUnfree = true;
  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/vda";
--- a/system/default.nix
+++ b/system/default.nix
@@ -12,7 +12,5 @@
    ./sops.nix
    ./sshd.nix
    ./vault-secrets.nix
    ../modules/homelab
  ];
 }