⚙️ Configuration and Deployment of qo.is infrastructure. https://docs-ops.qo.is

Find a file

Renovate Bot 155e365caa All checks were successful CI / build (push) Successful in 52s Details CI / deploy (docs-ops.qo.is) (push) Successful in 53s Details CI / deploy (system-vm) (push) Successful in 1m32s Details CI / deploy (system-physical) (push) Successful in 5m19s Details CI / deploy-ci (push) Successful in 39s Details chore(deps): lock file maintenance		2025-10-27 18:00:43 +01:00
.github/workflows	Deploy CI hosts after all other deployments	2025-06-29 21:01:54 +03:00
.vscode	Apply treefmt	2025-03-25 14:10:54 +02:00
checks	Fix fmt	2025-07-23 22:55:39 +03:00
defaults	Update lindberg-webapps configurations	2025-06-14 21:07:20 +03:00
deploy	Create script to auto-deploy with retries	2025-04-19 17:12:53 +03:00
dev-shells	Remove vscode from devshell	2025-05-18 20:14:44 +03:00
lib	Apply treefmt	2025-03-25 14:10:54 +02:00
nixos-configurations	Add tunnel user to lindberg	2025-08-10 16:52:23 +03:00
nixos-modules	Fix sendmail wrapper for smartd	2025-10-16 15:09:54 +03:00
packages	Fix fmt	2025-07-23 22:55:39 +03:00
private@5f8ba20258	Update lindberg-webapps configurations	2025-06-14 21:07:20 +03:00
.envrc	Commit files for public release	2024-10-02 16:57:36 +03:00
.gitignore	Add pre-commit-hook with formatting	2025-03-25 14:32:57 +02:00
.gitmodules	Commit files for public release	2024-10-02 16:57:36 +03:00
.nixd.json	Apply treefmt	2025-03-25 14:10:54 +02:00
backups.md	Commit files for public release	2024-10-02 16:57:36 +03:00
book.toml	Commit files for public release	2024-10-02 16:57:36 +03:00
email.md	Apply treefmt	2025-03-25 14:10:54 +02:00
flake.lock	chore(deps): lock file maintenance	2025-10-27 18:00:43 +01:00
flake.nix	chore(deps): update nixpkgs to nixos-25.05	2025-06-29 18:10:30 +02:00
README.md	Fix formatting	2025-04-27 16:02:33 +03:00
renovate.json	Switch renovate automerge to branch to prevent noise	2025-05-18 20:18:58 +03:00
robots.txt	Commit files for public release	2024-10-02 16:57:36 +03:00
SUMMARY.md	Remove host stompert	2025-05-18 23:11:52 +03:00
treefmt.nix	Fix fmt	2025-07-23 22:55:39 +03:00
updates.md	Add note about nextcloud update checking.	2025-04-19 19:44:08 +03:00

README.md

qo.is Infrastructure

This repository contains the infrastructure configuration and documentation sources.

Check out the current rendered documentation.

Structure

nixos-configurations: Main nixos configuration for every host.
defaults: Configuration defaults
nixos-modules: Custom modules (e.g. for vpn and routers)
private: Private configuration values (like users, sops-encrypted secrets and keys)

Development

This repository requires nix flakes

nix flake check
Execute the project's checks, which includes building all configurations and packages. See Tests.
nix build .#nixosConfigurations.<hostname>.config.system.build.toplevel
Build a single host configuration.
nix build .#docs
Build the documentation website.
nix develop
Development environment
nix fmt
Autofix formatting

Secrets and `private` Submodule

Secret management is done with nix-sops and a git submodule in private.
Make sure you have the submodule correctly available. To clone with submodules (if you have access):

git clone --recurse-submodules https://git.qo.is/qo.is/infrastructure.git
# See below for how to commit changes.

Secrets are stored in private/passwords.sops.yaml (sysadmin passwords), private/nixos-modules/shared-secrets/default.sops.yaml (shared secrets for all hosts) and private/nixos-configurations/<hostname>/secrets.sops.yaml (host specific secrets).

To modify secrets:

sops $file # To edit a file
sops-rekey # To rekey all secrets, e.g. after a key rollover or new host

After changing secrets:

# Commit changes in subrepo
pushd private
  git commit
  git push
  nix flake prefetch . # Make subrepo available in nix store. Required until nix 2.27.
popd

git add private
nix flake lock --update-input private

Deployment

See Deployment for details.