NixMox is a multi-container NixOS deployment system for Proxmox VE with unified management and single sign-on.
-
Core Flake Structure
- Multi-container NixOS flake setup
- Inputs for nixpkgs, sops-nix, authentik-nix, nixos-generators
- Development shell with necessary tools
- Container image generation capabilities
- Support for x86_64-linux and aarch64-linux
-
Common Module (
modules/common/default.nix)- Shared configuration for all containers
- SSH hardening with proper security settings
- Node exporter for monitoring
- Basic system utilities and packages
- Proper user management
- Fixed all NixOS module conflicts using
lib.mkForce
-
Authentik Module (
modules/authentik/default.nix)- Identity provider configuration (placeholder)
- PostgreSQL database setup
- Redis configuration (fixed Redis option names)
- Proper option definitions with defaults
- Ready for authentik-nix integration
-
Caddy Module (
modules/caddy/default.nix)- Reverse proxy with forward authentication
- TLS termination and automatic HTTPS
- Service routing configuration
- Security headers and best practices
-
Monitoring Module (
modules/monitoring/default.nix)- Prometheus configuration with alerting
- Grafana setup with dashboards
- PostgreSQL exporter
- Health checks and systemd services
-
Secrets Management
- SOPS integration for encrypted secrets
- Template for all service secrets (
secrets/default.yaml) - Age key support for decryption
-
Mail Module (
modules/mail/default.nix)- Simple NixOS Mailserver integration
- Postfix configuration
- Dovecot configuration
- SpamAssassin setup
- DKIM/DMARC configuration
- Webmail interface (Roundcube)
-
Media Module (
modules/media/default.nix)- Jellyfin media server
- Sonarr for TV shows
- Radarr for movies
- Lidarr for music
- Prowlarr for indexers
- Transmission for downloads
-
Nextcloud Module (
modules/nextcloud/default.nix)- Nextcloud installation
- PostgreSQL backend
- Redis for caching
- File storage configuration
- App store integration
-
Vaultwarden Module (
modules/vaultwarden/default.nix)- Vaultwarden (Bitwarden-compatible) server
- SQLite database
- Backup configuration
- Admin interface
-
DNS Module (
modules/dns/default.nix)- Unbound DNS resolver
- DNS over HTTPS (DoH)
- Ad blocking lists
- Local domain resolution
-
Backup Module (
modules/backup/default.nix)- Restic backup automation
- S3/Backblaze B2 integration
- Backup scheduling
- Restore procedures
-
Monitoring Enhancements
- Custom Grafana dashboards
- Alert notifications (email, Slack)
- Log aggregation (Loki)
- Service discovery
-
Go Backend (
backend/)- Proxmox API integration
- Container management
- Service deployment
- Configuration management
- REST API endpoints
-
React Frontend (
frontend/)- Service dashboard
- Container management UI
- Configuration editor
- Monitoring views
- User management
- CLI Tool (
cli/)- Command-line interface
- Deployment commands
- Configuration validation
- Health checks
-
Multi-Environment Support
- Development environment
- Staging environment
- Production environment
- Environment-specific configurations
-
Service Discovery
- Automatic service detection
- Dynamic configuration updates
- Health monitoring
- Load balancing
-
Advanced Monitoring
- Custom metrics collection
- Performance profiling
- Capacity planning
- Cost optimization
-
Security Enhancements
- Network segmentation
- Intrusion detection
- Vulnerability scanning
- Compliance reporting
-
SOPS Integration
- Fix SSH authorized keys integration with SOPS
- Research proper SOPS patterns for SSH keys
- Test SOPS deployment on remote containers
- Configure age keys for remote deployment
-
Authentik Infrastructure
- Fixed Redis configuration in Authentik module
- Configured PostgreSQL for Authentik
- Set up Redis for Authentik
- All infrastructure services running successfully
-
Authentik Service Integration
- Find alternative to authentik-nix flake (Git dependency issues)
- Complete Authentik service configuration
- Test SSO functionality
- Configure forward authentication
-
Redis Service Issues
- Fixed Redis configuration in Authentik module
- Resolved "Module Configuration detected without loadmodule directive" error
- Test Redis service startup
-
Build Issues
- Fixed Redis configuration warnings (updated option names)
- Removed nslookup package (not available)
- Fixed Grafana provisioning configuration
- Added default values for required options
- All flake configurations now build successfully
-
Deployment Tools
- Created
scripts/deploy-test.shfor building and testing configurations - Created
scripts/generate-lxc.shfor generating Proxmox LXC images - Created
scripts/deploy-remote.shfor deploying to existing NixOS containers - Created comprehensive
DEPLOYMENT.mdguide - All containers can be built and tested successfully
- Remote deployment via SCP + nixos-rebuild switch
- Created
-
SSH Configuration
- Fixed SSH key authentication for both root and nixmox users
- Configured authorized keys for both users in flake
- Deployment no longer breaks SSH access
- Both users can SSH in successfully
- Build Optimization
- Reduce build times
- Optimize container images
- Parallel builds
- Caching strategies
-
Networking Configuration
- Fixed networking services being disabled in flake.nix
- Test networking after deployment
- Add network validation to deployment script
- Create emergency recovery guide
-
SOPS Deployment Disk Space
- Remote LXC containers running out of disk space when building SOPS dependencies
- Options: increase container disk space, use pre-built SOPS binaries, or deploy without SOPS initially
- Test deployment without SOPS first, then add SOPS integration later
-
Documentation
- Deployment guide
- Configuration reference
- Troubleshooting guide
- API documentation
- Status: β COMPLETED
- Progress: 100% (5/5 modules)
- Next: Move to Phase 2
- Status: π IN PROGRESS
- Progress: 0% (0/5 modules)
- Next: Start with Mail module
- Status: π PLANNED
- Progress: 0% (0/2 components)
- Next: Begin after Phase 2 completion
- Status: π PLANNED
- Progress: 0% (0/4 features)
- Next: Begin after Phase 3 completion
-
Immediate (This Week)
- Fix remaining build issues
- Complete Authentik integration
- Start Mail module implementation
-
Short Term (Next 2 Weeks)
- Complete all service modules
- Test container deployments
- Begin management plane development
-
Medium Term (Next Month)
- Complete management plane
- Implement backup automation
- Add advanced monitoring
- Build Issues: β All build issues resolved - Redis configuration warnings fixed, nslookup package removed, Grafana provisioning simplified
- Authentication: Authentik module needs proper integration with authentik-nix
- Testing: β Ready for SSH testing - all containers build successfully, deployment tools created, remote deployment script available
- Performance: Build times are currently slow, need optimization
- TODO Tracking: β Comprehensive TODO system implemented with progress tracking
- Deployment: β Deployment guide and scripts created for easy testing
Last Updated: 2024-11-13 Current Focus: Phase 2 - Service Modules Next Milestone: Complete Mail module