Update docs to match current structure
This commit is contained in:
parent
a3e02192aa
commit
0878f6a4ba
2 changed files with 18 additions and 22 deletions
21
README.md
21
README.md
|
|
@ -1,14 +1,15 @@
|
||||||
# qo.is Infrastructure
|
# qo.is Infrastructure
|
||||||
|
|
||||||
[This repository](https://gitlab.com/qo.is/infrastructure) contains the infrastructure configuration and documentation sources.
|
[This repository](https://git.qo.is/qo.is/infrastructure) contains the infrastructure configuration and documentation sources.
|
||||||
|
|
||||||
Check out the current [rendered documentation on the deployed gitlab page](https://docs-ops.qo.is).
|
Check out the current [rendered documentation](https://docs-ops.qo.is).
|
||||||
|
|
||||||
## Structure
|
## Structure
|
||||||
|
|
||||||
`nixos-configurations`: Main nixos configuration for every host.
|
`nixos-configurations`: Main nixos configuration for every host.
|
||||||
`defaults`: Configuration defaults
|
`defaults`: Configuration defaults
|
||||||
`modules`: Custom modules (e.g. for vpn and routers)
|
`nixos-modules`: Custom modules (e.g. for vpn and routers)
|
||||||
|
`private`: Private configuration values (like users, sops-encrypted secrets and keys)
|
||||||
|
|
||||||
## Building
|
## Building
|
||||||
|
|
||||||
|
|
@ -32,6 +33,12 @@ This repository requires [nix flakes](https://nixos.wiki/wiki/Flakes)
|
||||||
|
|
||||||
### Working with the private submodule
|
### Working with the private submodule
|
||||||
|
|
||||||
|
To clone with submodules (if you have access):
|
||||||
|
|
||||||
|
```bash
|
||||||
|
git clone --recurse-submodules https://git.qo.is/qo.is/infrastructure.git
|
||||||
|
```
|
||||||
|
|
||||||
On changes:
|
On changes:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
|
|
@ -41,9 +48,9 @@ nix flake lock --update-input private
|
||||||
|
|
||||||
## Deployment
|
## Deployment
|
||||||
|
|
||||||
`nix run .#deploy`
|
`nix run .#deploy-qois`
|
||||||
|
|
||||||
See [Deployment](deployment.md) for details.
|
See [Deployment](deploy/README.md) for details.
|
||||||
|
|
||||||
## Secrets
|
## Secrets
|
||||||
|
|
||||||
|
|
@ -56,6 +63,6 @@ Secrets are stored in `private/passwords.sops.yaml` (sysadmin passwords),
|
||||||
Usage:
|
Usage:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sops
|
sops $file # To edit a file
|
||||||
sops-rekey
|
sops-rekey # To rekey all secrets, e.g. after a key rollover or new host
|
||||||
```
|
```
|
||||||
|
|
|
||||||
|
|
@ -5,25 +5,14 @@ Note that you have to be connected to the `vpn.qo.is`
|
||||||
and that you need to have SSH root access to the target machines.
|
and that you need to have SSH root access to the target machines.
|
||||||
|
|
||||||
|
|
||||||
|
## Deploy to selected target hosts
|
||||||
#### Deploy to all hosts
|
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
nix run .#deploy-qois
|
nix run .#deploy-qois .#<hostname>.system .#<hostname2>.system
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Deploy with extended timeouts (sometimes required for slow APU devices)
|
||||||
#### Deploy to selected target hosts
|
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
nix run .#deploy-qois .#<hostname> .#<hostname2>
|
nix run .#deploy-qois .#calanda.system -- --confirm-timeout 600 --activation-timeout 600
|
||||||
|
|
||||||
# e.g.
|
|
||||||
nix run .#deploy-qois .#fulberg
|
|
||||||
```
|
|
||||||
|
|
||||||
#### Deploy with extended timeouts (sometimes required for slow APU devices)
|
|
||||||
|
|
||||||
```bash
|
|
||||||
nix run .#deploy-qois .#calanda -- --confirm-timeout 600 --activation-timeout 600
|
|
||||||
```
|
```
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue