diff --git a/.github/assets/README_template.md b/.github/assets/README_template.md index dae93e3..bfad5af 100644 --- a/.github/assets/README_template.md +++ b/.github/assets/README_template.md @@ -45,9 +45,9 @@ It includes *home-manager*, *secrets*, and *custom theming* all in one place. ## Architecture -### 🏠 home (User-level configuration) +### 🏠 /home (User-level configuration) -Contains dotfiles and settings that apply to your user environment. +Contains **dotfiles and settings** that apply to your user environment. **Subfolders:** @@ -55,16 +55,16 @@ Contains dotfiles and settings that apply to your user environment. - `scripts` is a folder full of bash scripts (see [SCRIPTS.md](docs/SCRIPTS.md)) - `system` is some "desktop environment" configuration -### 🐧 nixos +### 🐧 /nixos Those are the system-level configurations. (audio, bluetooth, gpu, bootloader, ...) -### 🎨 themes +### 🎨 /themes -This folder contains all system themes. +This folder contains all system themes. Mainly [stylix](https://stylix.danth.me/) configurations. Check out the available themes and learn how to create your own in [THEMES.md](docs/THEMES.md) -### 💻 hosts +### 💻 /hosts This directory contains host-specific configurations. Each host includes: diff --git a/.github/assets/server_dashboard.png b/.github/assets/server_dashboard.png new file mode 100644 index 0000000..4a9cc42 Binary files /dev/null and b/.github/assets/server_dashboard.png differ diff --git a/docs/SERVER.md b/docs/SERVER.md index 0eda490..c792324 100644 --- a/docs/SERVER.md +++ b/docs/SERVER.md @@ -1,3 +1,54 @@ # SERVER ---- +## Overview + +This document describes the architecture and setup of the self-hosted **NixOS server**, which is securely accessible via **Tailscale**. The server is designed for private, secure, and easily manageable self-hosting of various services. + +![server dashboard](../.github/assets/server_dashboard.png) + +## **Why This Setup?** + +- **Private & Secure**: Services are only accessible through Tailscale, preventing exposure to the public internet. +- **Domain-based Access**: A custom domain (`example.org`) maps to the server's Tailscale IP, making service access simple and consistent. +- **Automatic SSL Certificates**: Using DNS-01 challenges, valid SSL certificates are generated even though the services are not publicly exposed. +- **Modular & Declarative**: Everything is managed through NixOS modules, ensuring reproducibility and easy configuration. + +## **Self-Hosted Services** + +The server hosts several key applications: + +### **Core Infrastructure** + +- **NGINX**: Reverse proxy for routing traffic to services via `example.org`. +- **Bitwarden**: A self-hosted password manager for secure credential storage. +- **Nextcloud**: A private cloud solution for file synchronization and collaboration. + +### **Networking & Security** + +- **AdGuard Home**: A self-hosted DNS ad blocker for network-wide ad and tracker filtering. + +### **Monitoring & Storage** + +- **Glance**: An awesome dashboard! (See the screenshot above) +- **Hoarder**: A self-hostable bookmark-everything app (links, notes and images) + +### **Media & Content Management** + +- **Arr Stack (Radarr, Sonarr, etc.)**: Automated media management tools for handling movies and TV shows. (legaly ofc) + +## **How It Works** + +1. **Domain Configuration** + - `example.org` is pointed to the Tailscale IP of the server. (cloudflare A record, not proxied) + - This allows for easy access without exposing services to the internet. + +2. **SSL Certificate Generation** + - Certificates are obtained using a **DNS-01 challenge**, verifying domain ownership without requiring public access. + +3. **NGINX Reverse Proxy** + - Routes incoming requests from `*.example.org` to the correct internal service. + - Ensures SSL termination and secure connections. + +4. **Access Control** + - Only devices within the Tailscale network can reach the services. + - Firewall rules restrict access further based on necessity.