Commit files for public release

2024-10-02 16:52:04 +03:00 · 2024-10-02 16:52:04 +03:00 · fef2377502
commit fef2377502
174 changed files with 7423 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,61 @@
+# qo.is Infrastructure
+
+[This repository](https://gitlab.com/qo.is/infrastructure) contains the infrastructure configuration and documentation sources.
+
+Check out the current [rendered documentation on the deployed gitlab page](https://docs-ops.qo.is).
+
+## Structure
+
+`nixos-configurations`: Main nixos configuration for every host.  
+`defaults`: Configuration defaults  
+`modules`: Custom modules (e.g. for vpn and routers)
+
+## Building
+
+This repository requires [nix flakes](https://nixos.wiki/wiki/Flakes)
+
+- `nix build`  
+  Build all host configurations and docs
+- `nix build .#nixosConfigurations.<hostname>.config.system.build.toplevel`  
+  Build a single host configuration with
+- `nix build .#docs`  
+  Build the documentation website
+
+## Development
+
+- `nix develop`  
+  Development environment
+- `nix flake check`  
+  Execute the project's checks
+- `nix fmt`  
+  Autofix formatting
+
+### Working with the private submodule
+
+On changes:
+
+```bash
+git add private
+nix flake lock --update-input private
+```
+
+## Deployment 
+
+`nix run .#deploy`
+
+See [Deployment](deployment.md) for details.
+
+## Secrets
+
+Secret management is done with [nix-sops](https://github.com/Mic92/sops-nix).
+
+Secrets are stored in `private/passwords.sops.yaml` (sysadmin passwords),
+`private/nixos-configurations/secrets.sops.yaml` (shared secrets for all hosts) and
+`private/nixos-configurations/<hostname>/secrets.sops.yaml` (host specific secrets).
+
+Usage:
+
+```bash
+sops
+sops-rekey
+```