# qo.is Infrastructure

[This repository](https://gitlab.com/qo.is/infrastructure) contains the infrastructure configuration and documentation sources.

Check out the current [rendered documentation on the deployed gitlab page](https://docs-ops.qo.is).

## Structure

`nixos-configurations`: Main nixos configuration for every host.  
`defaults`: Configuration defaults  
`modules`: Custom modules (e.g. for vpn and routers)

## Building

This repository requires [nix flakes](https://nixos.wiki/wiki/Flakes)

- `nix build`  
  Build all host configurations and docs
- `nix build .#nixosConfigurations.<hostname>.config.system.build.toplevel`  
  Build a single host configuration with
- `nix build .#docs`  
  Build the documentation website

## Development

- `nix develop`  
  Development environment
- `nix flake check`  
  Execute the project's checks
- `nix fmt`  
  Autofix formatting

### Working with the private submodule

On changes:

```bash
git add private
nix flake lock --update-input private
```

## Deployment 

`nix run .#deploy`

See [Deployment](deployment.md) for details.

## Secrets

Secret management is done with [nix-sops](https://github.com/Mic92/sops-nix).

Secrets are stored in `private/passwords.sops.yaml` (sysadmin passwords),
`private/nixos-configurations/secrets.sops.yaml` (shared secrets for all hosts) and
`private/nixos-configurations/<hostname>/secrets.sops.yaml` (host specific secrets).

Usage:

```bash
sops
sops-rekey
```