From a3e02192aa00b6af14c898b738ed52d95060c895 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Wed, 2 Oct 2024 17:37:13 +0300 Subject: [PATCH 1/3] Update inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 55ab6ad..b5e6a6c 100644 --- a/flake.lock +++ b/flake.lock @@ -50,11 +50,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1718194053, - "narHash": "sha256-FaGrf7qwZ99ehPJCAwgvNY5sLCqQ3GDiE/6uLhxxwSY=", + "lastModified": 1727447169, + "narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=", "owner": "serokell", "repo": "deploy-rs", - "rev": "3867348fa92bc892eba5d9ddb2d7a97b9e127a8a", + "rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76", "type": "github" }, "original": { @@ -70,11 +70,11 @@ ] }, "locked": { - "lastModified": 1726396892, - "narHash": "sha256-KRGuT5nGRAOT3heigRWg41tbYpTpapGhsWc+XjnIx0w=", + "lastModified": 1727872461, + "narHash": "sha256-4Pw3fVhN6xey5+2gUBm9nQJAjBqivffr+a5ZsXYjzJ8=", "owner": "nix-community", "repo": "disko", - "rev": "51e3a7e51279fedfb6669a00d21dc5936c78a6ce", + "rev": "568727a884ae7cd9f266bd19aea655def8cafd78", "type": "github" }, "original": { @@ -154,11 +154,11 @@ }, "nixpkgs-nixos-stable": { "locked": { - "lastModified": 1726320982, - "narHash": "sha256-RuVXUwcYwaUeks6h3OLrEmg14z9aFXdWppTWPMTwdQw=", + "lastModified": 1727672256, + "narHash": "sha256-9/79hjQc9+xyH+QxeMcRsA6hDyw6Z9Eo1/oxjvwirLk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8f7492cce28977fbf8bd12c72af08b1f6c7c3e49", + "rev": "1719f27dd95fd4206afb9cec9f415b539978827e", "type": "github" }, "original": { @@ -170,11 +170,11 @@ }, "nixpkgs-nixos-unstable": { "locked": { - "lastModified": 1726243404, - "narHash": "sha256-sjiGsMh+1cWXb53Tecsm4skyFNag33GPbVgCdfj3n9I=", + "lastModified": 1727634051, + "narHash": "sha256-S5kVU7U82LfpEukbn/ihcyNt2+EvG7Z5unsKW9H/yFA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "345c263f2f53a3710abe117f28a5cb86d0ba4059", + "rev": "06cf0e1da4208d3766d898b7fdab6513366d45b9", "type": "github" }, "original": { @@ -257,11 +257,11 @@ ] }, "locked": { - "lastModified": 1726218807, - "narHash": "sha256-z7CoWbSOtsOz8TmRKDnobURkKfv6nPZCo3ayolNuQGc=", + "lastModified": 1727734513, + "narHash": "sha256-i47LQwoGCVQq4upV2YHV0OudkauHNuFsv306ualB/Sw=", "owner": "Mic92", "repo": "sops-nix", - "rev": "f30b1bac192e2dc252107ac8a59a03ad25e1b96e", + "rev": "3198a242e547939c5e659353551b0668ec150268", "type": "github" }, "original": { -- 2.47.2 From 0878f6a4baebe6a623e60734d54581723177e009 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Wed, 2 Oct 2024 17:41:11 +0300 Subject: [PATCH 2/3] Update docs to match current structure --- README.md | 21 ++++++++++++++------- deploy/README.md | 19 ++++--------------- 2 files changed, 18 insertions(+), 22 deletions(-) diff --git a/README.md b/README.md index 9730ef3..3eaa3c7 100644 --- a/README.md +++ b/README.md @@ -1,14 +1,15 @@ # qo.is Infrastructure -[This repository](https://gitlab.com/qo.is/infrastructure) contains the infrastructure configuration and documentation sources. +[This repository](https://git.qo.is/qo.is/infrastructure) contains the infrastructure configuration and documentation sources. -Check out the current [rendered documentation on the deployed gitlab page](https://docs-ops.qo.is). +Check out the current [rendered documentation](https://docs-ops.qo.is). ## Structure `nixos-configurations`: Main nixos configuration for every host. `defaults`: Configuration defaults -`modules`: Custom modules (e.g. for vpn and routers) +`nixos-modules`: Custom modules (e.g. for vpn and routers) +`private`: Private configuration values (like users, sops-encrypted secrets and keys) ## Building @@ -32,6 +33,12 @@ This repository requires [nix flakes](https://nixos.wiki/wiki/Flakes) ### Working with the private submodule +To clone with submodules (if you have access): + +```bash +git clone --recurse-submodules https://git.qo.is/qo.is/infrastructure.git +``` + On changes: ```bash @@ -41,9 +48,9 @@ nix flake lock --update-input private ## Deployment -`nix run .#deploy` +`nix run .#deploy-qois` -See [Deployment](deployment.md) for details. +See [Deployment](deploy/README.md) for details. ## Secrets @@ -56,6 +63,6 @@ Secrets are stored in `private/passwords.sops.yaml` (sysadmin passwords), Usage: ```bash -sops -sops-rekey +sops $file # To edit a file +sops-rekey # To rekey all secrets, e.g. after a key rollover or new host ``` diff --git a/deploy/README.md b/deploy/README.md index b7a365e..0a5b7ab 100644 --- a/deploy/README.md +++ b/deploy/README.md @@ -5,25 +5,14 @@ Note that you have to be connected to the `vpn.qo.is` and that you need to have SSH root access to the target machines. - -#### Deploy to all hosts +## Deploy to selected target hosts ```bash -nix run .#deploy-qois +nix run .#deploy-qois .#.system .#.system ``` - -#### Deploy to selected target hosts +## Deploy with extended timeouts (sometimes required for slow APU devices) ```bash -nix run .#deploy-qois .# .# - -# e.g. -nix run .#deploy-qois .#fulberg -``` - -#### Deploy with extended timeouts (sometimes required for slow APU devices) - -```bash -nix run .#deploy-qois .#calanda -- --confirm-timeout 600 --activation-timeout 600 +nix run .#deploy-qois .#calanda.system -- --confirm-timeout 600 --activation-timeout 600 ``` -- 2.47.2 From 8fed325e0918d3b94391ff39ffff7e48fd8bafff Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Wed, 2 Oct 2024 19:33:25 +0300 Subject: [PATCH 3/3] Remove CI run for pull_requests --- .github/workflows/ci.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c923fff..e29bd9c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -2,7 +2,6 @@ name: CI on: push: - pull_request: env: ATTIC_AUTH_TOKEN: ${{ secrets.ATTIC_AUTH_TOKEN }} -- 2.47.2