Skip to content

DanielRamosAcosta/nas

BranchesTags

Repository files navigation

# Personal NAS Server A personal NixOS-based Network Attached Storage (NAS) server configuration with Kubernetes (K3s) for running containerized home services. ## Overview This project provides a declarative, reproducible configuration for a home NAS server that combines: - **NixOS** for immutable system configuration - **K3s (Lightweight Kubernetes)** for container orchestration - **Tanka (Jsonnet)** for managing Kubernetes applications - **Agenix** for secure secrets management - **Disko** for declarative disk partitioning The setup enables running self-hosted services like media management (Immich), authentication (Authelia), file sharing (Samba, SFTPGo), and monitoring tools in a production-ready home environment. ## Features - **Declarative Infrastructure**: Entire system and application stack defined in code - **GitOps Workflow**: Version-controlled configuration with reproducible deployments - **Secrets Management**: Encrypted secrets using age/agenix - **Automated Deployment**: Single-command deployment to NAS hardware - **Hardware Monitoring**: SMART disk monitoring and fan control via liquidctl - **UPS Integration**: Power monitoring and graceful shutdown support - **Snapshot Management**: Automated Btrfs snapshots via snapper - **File Sharing**: Samba network shares for home network access ## Architecture ### System Components **NixOS Hosts:** - `nas` - Production NAS server (x86_64-linux) - `playground` - Testing/development environment (x86_64-linux) - `iso` - Installation media generator **Kubernetes Services:** - Authentication: Authelia (SSO/2FA) - Media: Immich (photo management), SFTPGo - Databases: PostgreSQL, Redis - Monitoring: Prometheus, Grafana, Kubernetes Dashboard - Ingress: Traefik ### Directory Structure ``` . � flake.nix # NixOS flake definition � hosts/ � � nas/ # NAS-specific configuration � � playground/ # Test environment � � iso/ # Installation media � � shared/ # Shared modules (k3s, services, users) � tanka/ � � environments/ # Kubernetes namespaces (auth, media, monitoring) � � lib/ # Shared jsonnet libraries � utilities/ # Pure Nix utility functions � secrets/ # Encrypted secrets (.age files) � justfile # Task automation ``` ## Quick Start ### Prerequisites - Nix with flakes enabled - SSH access to target NAS hardware - Private SSH key for secrets decryption (if managing secrets) ### Common Commands **System Management:** ```bash # Deploy NixOS configuration to NAS just deploy-nas # Install NixOS on new hardware just install # Build installation ISO just iso ``` **Kubernetes Applications:** ```bash # Build Kubernetes manifests just tanka::build-media just tanka::build-databases just tanka::build-auth # Deploy to cluster just tanka::deploy # Access Kubernetes dashboard just dashboard # Opens at https://localhost:8443 ``` **Secrets Management:** ```bash # Encrypt secrets just tanka::encrypt-secrets # Decrypt secrets (requires private key) just tanka::decrypt-secrets ``` **Development:** ```bash # Enter development shell nix develop # Run utility tests just test ``` ## Configuration ### Version Management Application versions are centrally managed in `tanka/environments/versions.json`. Update versions there and redeploy applications. ### Adding Services 1. Create or update application definitions in `tanka/lib/` 2. Import and instantiate in appropriate environment's `main.jsonnet` 3. Deploy using `just tanka::deploy` ### Secrets Secrets are encrypted with agenix using age encryption: - Public keys defined in `secrets/secrets.nix` - Encrypted files stored in `secrets/*.age` - Requires SSH private key for decryption ## Hardware The NAS configuration includes: - Custom fan control via liquidctl - it87 kernel module for hardware sensors - UPS monitoring and management - SMART monitoring for disk health ## Development This repository is developed on aarch64-linux (development machine) but targets x86_64-linux (NAS hardware). Cross-compilation is handled automatically via remote builds on the NAS host. ### Testing Run unit tests for utility functions: ```bash just test ``` ## License Personal project - all rights reserved. ## Notes This is a personal infrastructure project tailored to specific hardware and use cases. Feel free to reference for your own NAS builds, but configurations will need adjustment for different hardware and requirements.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Languages