Add role documentation
This commit is contained in:
parent
0f509a7c8e
commit
5f5d6293eb
7 changed files with 74 additions and 0 deletions
21
README.adoc
Normal file
21
README.adoc
Normal file
|
|
@ -0,0 +1,21 @@
|
||||||
|
[[qois-infrastructure]]
|
||||||
|
qo.is Infrastructure
|
||||||
|
--------------------
|
||||||
|
|
||||||
|
This repository contains the infrastructure configuration.
|
||||||
|
|
||||||
|
Structure
|
||||||
|
~~~~~~~~~
|
||||||
|
|
||||||
|
`hardware`:: Hardware specific configuration files, e.g. for wireless
|
||||||
|
cards.
|
||||||
|
`host`:: Main nixos `configuration.nix` for every host. The
|
||||||
|
`configuration.nix` is symlinked to the specific host file.
|
||||||
|
`role`:: Host roles, which are included from a host's configuration.
|
||||||
|
`docs`:: Documentation of the concrete qo.is infrastructure
|
||||||
|
|
||||||
|
Development
|
||||||
|
~~~~~~~~~~~
|
||||||
|
|
||||||
|
* The nix files shoud be formatted using nixfmt:
|
||||||
|
** `nixfmt -c $(git ls-files *.nix)`
|
||||||
13
role/README.adoc
Normal file
13
role/README.adoc
Normal file
|
|
@ -0,0 +1,13 @@
|
||||||
|
= Roles
|
||||||
|
|
||||||
|
:toc:
|
||||||
|
|
||||||
|
include::backup/README.adoc[]
|
||||||
|
|
||||||
|
include::base/README.adoc[]
|
||||||
|
|
||||||
|
include::dropbear/README.adoc[]
|
||||||
|
|
||||||
|
include::router/README.adoc[]
|
||||||
|
|
||||||
|
include::wwan/README.adoc[]
|
||||||
3
role/backup/README.adoc
Normal file
3
role/backup/README.adoc
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
== Backup Role
|
||||||
|
|
||||||
|
Creates backup to an external mount with borg backup according to a specified schedule.
|
||||||
10
role/base/README.adoc
Normal file
10
role/base/README.adoc
Normal file
|
|
@ -0,0 +1,10 @@
|
||||||
|
== Base Role
|
||||||
|
|
||||||
|
The base role handles basic system configuration, which includes:
|
||||||
|
|
||||||
|
* User management
|
||||||
|
* Nix configuration
|
||||||
|
* System default settings
|
||||||
|
* Global packages (like `git` and `curl`) and sane configuration
|
||||||
|
defaults for them
|
||||||
|
* Basic networking configuration (like firewall and ssh)
|
||||||
6
role/dropbear/README.adoc
Normal file
6
role/dropbear/README.adoc
Normal file
|
|
@ -0,0 +1,6 @@
|
||||||
|
== Dropbear Role
|
||||||
|
|
||||||
|
Configuration of dropbear to allow HDD decryption from a remote host.
|
||||||
|
|
||||||
|
Note: This role requires manually creating of persistant SSH-Keys with
|
||||||
|
`dropbearkey -t <type> -f <output-keyfile>`
|
||||||
10
role/router/README.adoc
Normal file
10
role/router/README.adoc
Normal file
|
|
@ -0,0 +1,10 @@
|
||||||
|
== Router Role
|
||||||
|
|
||||||
|
This role is applied on hosts which serve the rule of a SOHO router.
|
||||||
|
|
||||||
|
Features:
|
||||||
|
|
||||||
|
* NAT and basic Firewalling
|
||||||
|
* Recursive DNS with `unbound` (DNSSEC validated)
|
||||||
|
* Local DHCP and DNS with `dnsmasq`
|
||||||
|
* Wireless with `hostapd`
|
||||||
11
role/wwan/README.adoc
Normal file
11
role/wwan/README.adoc
Normal file
|
|
@ -0,0 +1,11 @@
|
||||||
|
== WWAN Module
|
||||||
|
|
||||||
|
This module configures WWAN adapters that support MBIM
|
||||||
|
|
||||||
|
=== Current limitations
|
||||||
|
|
||||||
|
* IPv4 tested only
|
||||||
|
* Currently, it is not simple to get network failures or address updates
|
||||||
|
via a hook or so.
|
||||||
|
** A systemd timer to update the configuration is executed every 2
|
||||||
|
minutes to prevent longer downtimes.
|
||||||
Loading…
Add table
Reference in a new issue