Project Overview: nas

I decided to treat this repo as an operations control plane for nas, while keeping the true NixOS system source on the host itself (/home/kristian/nixos-config). This gives me a stable place to capture routing, storage, and service decisions so future changes are safer and faster.

What We Built

  • A documented control surface for a Tailscale-reachable NixOS host, centered on clear operator access (ssh nas) and host identity (nas).
  • A baseline map of where configuration lives on the machine, including hosts/nas/configuration.nix, services.nix, containers.nix, and samba.nix under the flake.
  • A practical topology snapshot covering network interfaces (eno1, tailscale0, podman2), storage layout (ZFS pool valhalla), and service data roots under /valhalla.
  • An ingress model that distinguishes internal access (http://nas via Nginx to glance-internal) from external access through Cloudflare Tunnel.

Why We Built It

  • The main decision is operational clarity: I want one place that explains how to reach, reason about, and recover this host without guessing.
  • Keeping host configuration on nas and documenting it here reduces drift between “what is running” and “what we think is running.”
  • The initial session established this baseline so later automation and incident response can build on explicit topology instead of ad-hoc memory.
  • This approach matches the repo’s purpose as a logbook: concise, decision-first notes over heavy platform machinery.

How It Works

  • I use this repo as the human/agent-facing runbook, and I treat /home/kristian/nixos-config on nas as the machine-facing source of truth.
  • Access starts with SSH over Tailscale, then changes flow through the host module files and flake definition for nixosConfigurations.nas.
  • Internal dashboard traffic stays local (Nginx :80 to 127.0.0.1:8081), while internet-facing services are published through cloudflared to localhost ports.
  • The documented public routes include freemans.house, nas.freemans.house, jellyfin.freemans.house, and requests.freemans.house, with additional services routed the same way.