From 0878f6a4baebe6a623e60734d54581723177e009 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Wed, 2 Oct 2024 17:41:11 +0300 Subject: [PATCH] Update docs to match current structure --- README.md | 21 ++++++++++++++------- deploy/README.md | 19 ++++--------------- 2 files changed, 18 insertions(+), 22 deletions(-) diff --git a/README.md b/README.md index 9730ef3..3eaa3c7 100644 --- a/README.md +++ b/README.md @@ -1,14 +1,15 @@ # qo.is Infrastructure -[This repository](https://gitlab.com/qo.is/infrastructure) contains the infrastructure configuration and documentation sources. +[This repository](https://git.qo.is/qo.is/infrastructure) contains the infrastructure configuration and documentation sources. -Check out the current [rendered documentation on the deployed gitlab page](https://docs-ops.qo.is). +Check out the current [rendered documentation](https://docs-ops.qo.is). ## Structure `nixos-configurations`: Main nixos configuration for every host. `defaults`: Configuration defaults -`modules`: Custom modules (e.g. for vpn and routers) +`nixos-modules`: Custom modules (e.g. for vpn and routers) +`private`: Private configuration values (like users, sops-encrypted secrets and keys) ## Building @@ -32,6 +33,12 @@ This repository requires [nix flakes](https://nixos.wiki/wiki/Flakes) ### Working with the private submodule +To clone with submodules (if you have access): + +```bash +git clone --recurse-submodules https://git.qo.is/qo.is/infrastructure.git +``` + On changes: ```bash @@ -41,9 +48,9 @@ nix flake lock --update-input private ## Deployment -`nix run .#deploy` +`nix run .#deploy-qois` -See [Deployment](deployment.md) for details. +See [Deployment](deploy/README.md) for details. ## Secrets @@ -56,6 +63,6 @@ Secrets are stored in `private/passwords.sops.yaml` (sysadmin passwords), Usage: ```bash -sops -sops-rekey +sops $file # To edit a file +sops-rekey # To rekey all secrets, e.g. after a key rollover or new host ``` diff --git a/deploy/README.md b/deploy/README.md index b7a365e..0a5b7ab 100644 --- a/deploy/README.md +++ b/deploy/README.md @@ -5,25 +5,14 @@ Note that you have to be connected to the `vpn.qo.is` and that you need to have SSH root access to the target machines. - -#### Deploy to all hosts +## Deploy to selected target hosts ```bash -nix run .#deploy-qois +nix run .#deploy-qois .#.system .#.system ``` - -#### Deploy to selected target hosts +## Deploy with extended timeouts (sometimes required for slow APU devices) ```bash -nix run .#deploy-qois .# .# - -# e.g. -nix run .#deploy-qois .#fulberg -``` - -#### Deploy with extended timeouts (sometimes required for slow APU devices) - -```bash -nix run .#deploy-qois .#calanda -- --confirm-timeout 600 --activation-timeout 600 +nix run .#deploy-qois .#calanda.system -- --confirm-timeout 600 --activation-timeout 600 ```