qo.is/infrastructure
2
0
Fork 0
Code Issues 9 Pull requests 2 Projects Releases Packages Activity Actions
⚙️ Configuration and Deployment of qo.is infrastructure. https://docs-ops.qo.is
45 commits 3 branches 0 tags 13 MiB
Nix 94.9%
Shell 4.3%
Vim Script 0.8%
Find a file
Exact
Renovate Bot 23e4658e68
All checks were successful
CI / build (push) Successful in 2m51s
Details
Lock file maintenance
2025-01-22 18:49:07 +01:00
.github/workflows Run CI on nix 2024-10-03 15:10:12 +03:00
.vscode Migrate packages to use callPackage pattern 2024-10-19 20:00:52 +03:00
checks Commit files for public release 2024-10-02 16:57:36 +03:00
defaults Remove tierberg 2024-12-23 22:10:41 +02:00
deploy Update docs to match current structure 2024-10-02 19:27:41 +03:00
dev-shells Fix renovate submodule cloning 2025-01-22 19:44:12 +02:00
lib Commit files for public release 2024-10-02 16:57:36 +03:00
nixos-configurations Add git renovate module 2025-01-22 14:01:59 +02:00
nixos-modules Fix renovate submodule cloning 2025-01-22 19:44:12 +02:00
overlays Commit files for public release 2024-10-02 16:57:36 +03:00
packages Migrate packages to use callPackage pattern 2024-10-19 20:00:52 +03:00
private@33cf80043c Fix renovate submodule cloning 2025-01-22 19:44:12 +02:00
.envrc Commit files for public release 2024-10-02 16:57:36 +03:00
.gitignore Migrate packages to use callPackage pattern 2024-10-19 20:00:52 +03:00
.gitmodules Commit files for public release 2024-10-02 16:57:36 +03:00
.nixd.json Commit files for public release 2024-10-02 16:57:36 +03:00
backups.md Commit files for public release 2024-10-02 16:57:36 +03:00
book.toml Commit files for public release 2024-10-02 16:57:36 +03:00
email.md Commit files for public release 2024-10-02 16:57:36 +03:00
flake.lock Lock file maintenance 2025-01-22 18:49:07 +01:00
flake.nix Use attic from nixpkgs 2024-12-06 14:34:21 +02:00
README.md Add notes about changing secrets 2025-01-22 14:05:57 +02:00
renovate.json Fix renovate submodule cloning 2025-01-22 19:44:12 +02:00
robots.txt Commit files for public release 2024-10-02 16:57:36 +03:00
SUMMARY.md Remove tierberg 2024-12-23 22:10:41 +02:00
updates.md Remove tierberg 2024-12-23 22:10:41 +02:00

README.md

qo.is Infrastructure

This repository contains the infrastructure configuration and documentation sources.

Check out the current rendered documentation.

Structure

nixos-configurations: Main nixos configuration for every host.
defaults: Configuration defaults
nixos-modules: Custom modules (e.g. for vpn and routers)
private: Private configuration values (like users, sops-encrypted secrets and keys)

Building

This repository requires nix flakes

  • nix build
    Build all host configurations and docs
  • nix build .#nixosConfigurations.<hostname>.config.system.build.toplevel
    Build a single host configuration with
  • nix build .#docs
    Build the documentation website

Development

  • nix develop
    Development environment
  • nix flake check
    Execute the project's checks
  • nix fmt
    Autofix formatting

Working with the private submodule

To clone with submodules (if you have access):

git clone --recurse-submodules https://git.qo.is/qo.is/infrastructure.git

On changes:

git add private
nix flake lock --update-input private

Deployment

nix run .#deploy-qois

See Deployment for details.

Secrets

Secret management is done with nix-sops.

Secrets are stored in private/passwords.sops.yaml (sysadmin passwords), private/nixos-configurations/secrets.sops.yaml (shared secrets for all hosts) and private/nixos-configurations/<hostname>/secrets.sops.yaml (host specific secrets).

Usage:

sops $file # To edit a file
sops-rekey # To rekey all secrets, e.g. after a key rollover or new host

After changing secrets, don't forget to push the sub-repository and run nix flake update private in the infrastructure repository to use the changes in builds.