jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

doc remediation

Browse Source
This commit is contained in:
Danilo Reyes
2026-02-06 08:22:40 -06:00
parent 005addff1b
commit b7c4e38148
8 changed files with 16 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
specs/004-vps-migration/plan.md
View File

@@ -5,18 +5,18 @@
## Summary
Migrate VPS responsibilities to the new NixOS host by making it the primary reverse-proxy host (nginx only), mirroring the existing iptables ruleset, enabling wireguard with secret-managed keys, and restoring SSH/service-user access, while keeping all services running on the host server. Provide validation steps, review historical configs for gaps, and document analytics data migration.
Migrate VPS responsibilities to the new NixOS host by making it the primary reverse-proxy host (nginx only), mirroring the existing iptables ruleset via nftables/NixOS equivalents, enabling wireguard with secret-managed keys, and restoring SSH/service-user access, while keeping all services running on the host server. Provide validation steps, review historical configs for gaps, and document analytics data migration.
## Technical Context
**Language/Version**: Nix (flakes; nixpkgs 25.11)
**Primary Dependencies**: NixOS modules, sops-nix, nginx, wireguard, openssh, iptables
**Primary Dependencies**: NixOS modules, sops-nix, nginx, wireguard, openssh, nftables (iptables reference)
**Storage**: Files (configuration and secrets)
**Testing**: Manual validation steps (no automated test harness)
**Target Platform**: Linux server (NixOS)
**Project Type**: configuration repo
**Performance Goals**: N/A (configuration change)
**Constraints**: Services remain on host server; VPS only terminates proxy and exposes wireguard port; iptables parity required
**Constraints**: Services remain on host server; VPS only terminates proxy and exposes wireguard port; nftables parity required
**Scale/Scope**: Single VPS + host server, small set of VPN peers and admin SSH principals
## Constitution Check
@@ -45,8 +45,8 @@ specs/004-vps-migration/
hosts/
modules/
secrets/
iptables
iptables (reference ruleset)
scripts/
```
**Structure Decision**: Use the existing NixOS configuration layout (`hosts/`, `modules/`, `secrets/`) and the root `iptables` ruleset file.
**Structure Decision**: Use the existing NixOS configuration layout (`hosts/`, `modules/`, `secrets/`) and the root `iptables` ruleset file as the reference for nftables parity.