diff --git a/README.adoc b/README.adoc new file mode 100644 index 0000000..8110a4a --- /dev/null +++ b/README.adoc @@ -0,0 +1,21 @@ +[[qois-infrastructure]] +qo.is Infrastructure +-------------------- + +This repository contains the infrastructure configuration. + +Structure +~~~~~~~~~ + +`hardware`:: Hardware specific configuration files, e.g. for wireless +cards. +`host`:: Main nixos `configuration.nix` for every host. The +`configuration.nix` is symlinked to the specific host file. +`role`:: Host roles, which are included from a host's configuration. +`docs`:: Documentation of the concrete qo.is infrastructure + +Development +~~~~~~~~~~~ + +* The nix files shoud be formatted using nixfmt: +** `nixfmt -c $(git ls-files *.nix)` diff --git a/role/README.adoc b/role/README.adoc new file mode 100644 index 0000000..e7aba31 --- /dev/null +++ b/role/README.adoc @@ -0,0 +1,13 @@ += Roles + +:toc: + +include::backup/README.adoc[] + +include::base/README.adoc[] + +include::dropbear/README.adoc[] + +include::router/README.adoc[] + +include::wwan/README.adoc[] diff --git a/role/backup/README.adoc b/role/backup/README.adoc new file mode 100644 index 0000000..20cbe79 --- /dev/null +++ b/role/backup/README.adoc @@ -0,0 +1,3 @@ +== Backup Role + +Creates backup to an external mount with borg backup according to a specified schedule. diff --git a/role/base/README.adoc b/role/base/README.adoc new file mode 100644 index 0000000..c5df8c7 --- /dev/null +++ b/role/base/README.adoc @@ -0,0 +1,10 @@ +== Base Role + +The base role handles basic system configuration, which includes: + +* User management +* Nix configuration +* System default settings +* Global packages (like `git` and `curl`) and sane configuration +defaults for them +* Basic networking configuration (like firewall and ssh) diff --git a/role/dropbear/README.adoc b/role/dropbear/README.adoc new file mode 100644 index 0000000..e6667ff --- /dev/null +++ b/role/dropbear/README.adoc @@ -0,0 +1,6 @@ +== Dropbear Role + +Configuration of dropbear to allow HDD decryption from a remote host. + +Note: This role requires manually creating of persistant SSH-Keys with +`dropbearkey -t -f ` diff --git a/role/router/README.adoc b/role/router/README.adoc new file mode 100644 index 0000000..ff193d2 --- /dev/null +++ b/role/router/README.adoc @@ -0,0 +1,10 @@ +== Router Role + +This role is applied on hosts which serve the rule of a SOHO router. + +Features: + +* NAT and basic Firewalling +* Recursive DNS with `unbound` (DNSSEC validated) +* Local DHCP and DNS with `dnsmasq` +* Wireless with `hostapd` diff --git a/role/wwan/README.adoc b/role/wwan/README.adoc new file mode 100644 index 0000000..1d8c9ce --- /dev/null +++ b/role/wwan/README.adoc @@ -0,0 +1,11 @@ +== WWAN Module + +This module configures WWAN adapters that support MBIM + +=== Current limitations + +* IPv4 tested only +* Currently, it is not simple to get network failures or address updates +via a hook or so. +** A systemd timer to update the configuration is executed every 2 +minutes to prevent longer downtimes.