| chatgpt.md | ||
| meta.nix | ||
| README.md | ||
Metanix
Declare your infrastructure!
THIS IS STILL IN DESIGN AND EXPERIMENTATION PHASE
Description
Metanix is a nix library designed to allow a central, no-nonsense nix file to be written to allow for a Source of Truth leading to deterministic configuration identifiers like IP addresses, UIDs, GIDs, and enable quickly establishing frameworks for NixOS systems existing within an ecosystem. As such, I am trying to design this system to enable a would-be admin to answer very simple one-word questions. Sort of.
What?
Or, in other words, what systems do you want Metanix to manage or at least be aware of?
Where?
Or, in other words, what networks and subnets do you have and where do your systems/users belong?
Who?
Or, in other words, who are your users?
How?
Or, in other words, what kind of access control groups do you want or need to best control how everything is used.
Enter: THINGS
I use the term "thing" as an overall blanket classification for the four main types in the library: Locations, Systems, Users, and Groups.
Locations are networks with their own Internet access, or at the very least are networks that are supposedly physically distinct from other networks. It could be your house, your office building, an apartment, whatever. Typically, Metanix considers the fundamental defining aspects of these to be routers and subnets.
Systems are devices in any location. It can be any kind of device. PCs, servers, smart phones, game consoles. Depending on how its defined, Metanix will manage the device in some way, either through NixOS/Nix/Home Manager configurations, or through services it configures through Nix like DHCP, DNS, Headscale, etc.
Users are (usually) the people who are using the systems and participating in your networks. Depending on the context, the user will have an account on the system, perhaps a network share with their data, and specific access controls granted or restricted to them on Headscale.
Groups are, well, collections of things. Useful for providing a common configuration or access control to those things without having to do a bunch of needless extra legwork. This makes access control and security more straightforward, allows one to classify entire systems as being under a particular responsibility, etc.
More on each of these categories of things later.
Example Config
{
locations = {
cloud = {
owner = "yaro";
subnets = {
dmz = {
systems = {
janus = {
primary = true;
macAddresses =["AA:BB:CC:DD:EE:FF"];
};
};
};
main = {
systems = {
metatron = {
primary = true;
macAddresses =["11:22:33:44:55:66"];
};
};
};
};
};
home = {
owner = "yaro";
subnets = {
open = {
managed = false;
systems = {
io = {
useDHCP = true;
macAddresses =["DD:DD:DD:DD:DD:DD"];
};
};
};
dmz = {
isVLAN = true;
systems = {
io = {
primary = true;
macAddresses =["12:34:56:78:9A:BC"];
};
europa = {
macAddresses =["FE:DC:BA:98:76:54"];
};
deimos = {
primary = true;
macAddresses =["AA:AA:AA:AA:AA:AA"];
};
};
};
main = {
users = [
"alice"
"bob"
];
isVLAN = true;
systems = {
europa = {
primary = true;
macAddresses = [ "BB:BB:BB:BB:BB:BB" ];
};
phobos = {
primary = true;
macAddresses = [ "CC:CC:CC:CC:CC:CC" ];
};
terra = {
primary = true;
macAddresses = [ "EE:EE:EE:EE:EE:EE" ];
};
};
};
};
};
};
systems = {
janus = {
owner = "yaro";
nixOS = true;
role = "infrastructure";
tags = [ "router" "linode" ];
services = [ "nginx-proxy" "headscale" ];
config = {...}: { # NixOS config here, or use a path to one. };
};
metatron = {
owner = "yaro";
nixOS = true;
role = "server";
tags = ["server" "linode" "upstream"];
config = {...}: { # NixOS config here, or use a path to one. };
};
io = {
owner = "yaro";
nixOS = true;
role = "infrastructure";
tags = ["router" "downstream"];
config = {...}: { # NixOS config here, or use a path to one. };
};
europa = {
owner = "yaro";
nixOS = true;
role = "infrastructure";
tags = ["router" "downstream"];
config = {...}: { # NixOS config here, or use a path to one. };
};
deimos = {
owner = "yaro";
nixOS = true;
role = "server";
tags = ["server"];
servicesPlane = "janus";
hostPlane = "deimos";
services = [
"nextcloud"
"yaro-site"
"vaultwarden"
"jellyfin"
"forgejo"
"headscale"
];
config = {...}: { # NixOS config here, or use a path to one. };
};
phobos = {
owner = "yaro";
nixOS = true;
role = "server";
tags = ["server"];
servicesPlane = "deimos";
services = [
"mosquitto"
"home-assistant"
"sandbox"
"node-red"
];
config = {...}: { # NixOS config here, or use a path to one. };
};
terra = {
owner = "yaro";
nixOS = false;
role = "infrastructure";
};
};
users = {
yaro = {};
alice = {};
bob = {};
};
group = {
userGroups = {
programmers = {
config = { ... }: { # Home-manager config here, or use a path to one. };
};
};
systemGroups = {
storage = {
services = [
"nfs"
"isci"
];
config = { ... }: { # Home-manager config here, or use a path to one. };
};
};
};
}