From 2120e90b7b8413dbc14631780be3e80a1de005cb Mon Sep 17 00:00:00 2001 From: Yan Lin Date: Mon, 8 Sep 2025 22:05:22 +0200 Subject: [PATCH] Update readme --- README.md | 92 ++++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 78 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index f965eeb..f0cf6b5 100644 --- a/README.md +++ b/README.md @@ -26,14 +26,16 @@ home-manager switch --flake github:Logan-Lin/nix-config#yanlin@iMac ``` ### NixOS -For NixOS systems (like the `hs` home server): +For NixOS systems: ```bash -# NixOS system configuration +# Home server (hs) sudo nixos-rebuild switch --flake github:Logan-Lin/nix-config#hs - -# Home Manager configuration home-manager switch --flake github:Logan-Lin/nix-config#yanlin@hs + +# VPS server (vps) +sudo nixos-rebuild switch --flake github:Logan-Lin/nix-config#vps +home-manager switch --flake github:Logan-Lin/nix-config#yanlin@vps ``` ## 📁 Configuration Architecture @@ -53,11 +55,20 @@ home-manager switch --flake github:Logan-Lin/nix-config#yanlin@hs │ │ └── home.nix # Home configuration (imports ../home-default.nix) │ └── nixos/ # NixOS hosts │ ├── home-default.nix # Common home configuration for NixOS -│ └── hs/ # Home server configuration +│ ├── hs/ # Home server configuration +│ │ ├── system.nix # NixOS system configuration +│ │ ├── home.nix # Home configuration (imports ../home-default.nix) +│ │ ├── hardware-configuration.nix # Hardware detection results +│ │ ├── disk-config.nix # ZFS and filesystem configuration +│ │ ├── containers.nix # Container service definitions +│ │ └── proxy.nix # Traefik reverse proxy configuration +│ └── vps/ # VPS server configuration │ ├── system.nix # NixOS system configuration │ ├── home.nix # Home configuration (imports ../home-default.nix) │ ├── hardware-configuration.nix # Hardware detection results -│ └── disk-config.nix # ZFS and filesystem configuration +│ ├── disk-config.nix # Disk and filesystem configuration +│ ├── containers.nix # Container service definitions (web, notifications) +│ └── proxy.nix # Traefik reverse proxy configuration ├── modules/ # Home Manager configuration modules │ ├── git.nix # Git configuration with aliases and settings │ ├── lazygit.nix # Lazygit with gruvbox theme and custom keybindings @@ -1039,20 +1050,69 @@ All services accessible via Tailscale VPN with SSL certificates: | qBittorrent | `qbit.hs.yanlincs.com` | BitTorrent client | | Syncthing | `syncthing.hs.yanlincs.com` | File synchronization | +## 🌐 VPS Server (`vps` Host) + +The `vps` NixOS configuration provides a public-facing web server with notification services and automated backups. + +### 🌍 Web Services + +#### Public Website & Blog +- **Homepage**: Static Nginx server hosting main website at `www.yanlincs.com` +- **Blog**: Static Nginx server hosting personal blog at `blog.yanlincs.com` +- **SSL Certificates**: Automatic certificate generation via Traefik with Cloudflare DNS challenge +- **Domain Configuration**: Wildcard certificates for `*.yanlincs.com` + +### 📱 Notification System + +#### Gotify Server +- **Purpose**: Self-hosted notification server for system alerts and monitoring +- **Features**: REST API for sending notifications, web UI for management +- **Integration**: Connected to backup systems for status notifications +- **Access**: `notify.yanlincs.com` + +#### iGotify Assistant +- **Purpose**: iOS notification bridge for Gotify server +- **Features**: Push notifications to iOS devices via Apple Push Notification service +- **Access**: `inotify.yanlincs.com` + +### 🔒 Security & Backup + +#### Automated Backups +- **Borg Backup**: Daily encrypted backups to Hetzner Storage Box +- **Backup Paths**: `/home` and `/var/lib/containers` +- **Retention Policy**: 7 daily, 4 weekly, 6 monthly, 2 yearly +- **Notifications**: Gotify integration for backup status alerts + +#### Security Configuration +- **SSH Hardening**: Key-based authentication only, root login via keys +- **Firewall**: Only SSH (22), HTTP (80), and HTTPS (443) ports open +- **Container Security**: No new privileges, security-opt configurations + +### 📍 VPS Service Access + +All VPS services accessible via public domain with SSL certificates: + +| Service | URL | Purpose | +|---------|-----|---------| +| Homepage | `www.yanlincs.com` | Main personal website | +| Blog | `blog.yanlincs.com` | Personal blog | +| Gotify | `notify.yanlincs.com` | Notification server | +| iGotify | `inotify.yanlincs.com` | iOS notification assistant | + ## 💻 Machine Configurations ### Darwin Hosts (macOS) - **`iMac`**: iMac configuration - **`MacBook-Air`**: MacBook Air configuration -### NixOS Host +### NixOS Hosts - **`hs`**: Home server configuration featuring: - - **ZFS Storage**: Mirrored boot pool with cache pool and auto-snapshots - - **Data Protection**: SnapRAID parity across 12TB drives with 16TB parity drive - - **Containerized Services**: Comprehensive media, automation, and productivity services - - **Network Services**: Traefik reverse proxy, Samba shares, Tailscale networking - - **Monitoring**: Automated disk health monitoring with alerts - - **Storage**: MergerFS union filesystem combining multiple drives +- **`vps`**: VPS server configuration featuring: + - **Web Services**: Public website and blog hosting with Nginx + - **Notification System**: Gotify server for system notifications and alerts + - **Automated Backups**: Borg backup with Gotify integration for status notifications + - **SSL Certificates**: Traefik reverse proxy with Cloudflare DNS challenge + - **Security**: Hardened SSH configuration and firewall settings All hosts use a consistent configuration structure with separate system and home management. @@ -1089,11 +1149,15 @@ sudo darwin-rebuild switch --flake .#imac home-manager switch --flake .#yanlin@imac ``` -#### NixOS Host: +#### NixOS Hosts: ```bash # For home server (hs) sudo nixos-rebuild switch --flake .#hs home-manager switch --flake .#yanlin@hs + +# For VPS server (vps) +sudo nixos-rebuild switch --flake .#vps +home-manager switch --flake .#yanlin@vps ``` The separation of system and home configurations provides: