# Cryodev NixOS Configuration Documentation

Willkommen zur Dokumentation der **cryodev** NixOS-Infrastruktur.

## Quick Links

### Getting Started

- [Voraussetzungen](getting-started/prerequisites.md) - Benötigte Tools
- [Neuen Raspberry Pi hinzufügen](getting-started/new-client.md) - Kompletter Workflow für neue Clients
- [SD-Image Referenz](getting-started/sd-image.md) - Details zum Image-Build
- [Erstinstallation (Server)](getting-started/first-install.md) - Bootstrap für x86_64 Hosts
- [Neuinstallation](getting-started/reinstall.md) - Reinstall mit Hardware-Änderungen

### Services

- [SOPS Secrets](services/sops.md) - Geheimnisverwaltung mit sops-nix
- [Headscale](services/headscale.md) - Self-hosted Tailscale Server
- [Headplane](services/headplane.md) - Web-UI für Headscale
- [Tailscale](services/tailscale.md) - Mesh-VPN Client
- [Mailserver](services/mailserver.md) - E-Mail Stack (Postfix/Dovecot)
- [Forgejo](services/forgejo.md) - Git-Hosting mit CI/CD
- [Netdata](services/netdata.md) - Monitoring und Alerting

### Deployment

- [Continuous Deployment](deployment/cd.md) - Push- und Pull-basiertes Deployment
- [DNS-Konfiguration](deployment/dns.md) - Benötigte DNS-Einträge

## Architektur

```
                    Internet
                        |
                   cryodev.xyz
                        |
              +-------------------+
              |   cryodev-main    |
              |   (x86_64 Server) |
              +-------------------+
              | - Headscale       |
              | - Headplane       |
              | - Forgejo         |
              | - Mailserver      |
              | - Netdata Parent  |
              +-------------------+
                        |
               Tailscale Mesh VPN
                        |
              +-------------------+
              |   cryodev-pi      |
              | (Raspberry Pi 4)  |
              +-------------------+
              | - Tailscale       |
              | - Netdata Child   |
              | - Comin (GitOps)  |
              +-------------------+
```

## Installations-Szenarien

| Szenario | Beschreibung | Anleitung |
|----------|--------------|-----------|
| **Neuer Raspberry Pi** | Config erstellen → Image bauen → Flashen | [new-client.md](getting-started/new-client.md) |
| **Erstinstallation (Server)** | x86_64 Host, manuelle Installation | [first-install.md](getting-started/first-install.md) |
| **Neuinstallation** | Bestehender Host, neue Hardware | [reinstall.md](getting-started/reinstall.md) |

Für Raspberry Pi: [SD-Image Referenz](getting-started/sd-image.md)

## Verzeichnisstruktur

```
.
├── flake.nix           # Entry point, inputs and outputs
├── constants.nix       # Zentrale Config (Domains, IPs, Ports)
├── hosts/              # Host-spezifische Konfigurationen
│   ├── cryodev-main/
│   └── cryodev-pi/
├── modules/            # Wiederverwendbare NixOS-Module
│   └── nixos/
├── pkgs/               # Eigene Pakete
├── overlays/           # Nixpkgs Overlays
├── templates/          # Templates für neue Hosts
├── scripts/            # Helper-Scripts (install.sh)
├── apps/               # Nix Apps (rebuild)
└── lib/                # Helper-Funktionen (utils.nix)
```

## Deployment-Strategien

| Host | Strategie | Tool | Beschreibung |
|------|-----------|------|--------------|
| `cryodev-main` | Push-basiert | deploy-rs via Forgejo Actions | Sofortige Updates bei Push |
| `cryodev-pi` | Pull-basiert | Comin | Pollt Repository auf Änderungen |