qo.is/infrastructure
1
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Activity Actions
⚙️ Configuration and Deployment of qo.is infrastructure. https://docs-ops.qo.is
34 commits 1 branch 0 tags 13 MiB
Nix 94.8%
Shell 4.4%
Vim Script 0.8%
Find a file
Fabian Hauser e6f9fc1371
All checks were successful
CI / build (push) Successful in 2m31s
Details
Remove tierberg
2024-12-23 22:10:41 +02:00
.github/workflows Run CI on nix 2024-10-03 15:10:12 +03:00
.vscode Migrate packages to use callPackage pattern 2024-10-19 20:00:52 +03:00
checks Commit files for public release 2024-10-02 16:57:36 +03:00
defaults Remove tierberg 2024-12-23 22:10:41 +02:00
deploy Update docs to match current structure 2024-10-02 19:27:41 +03:00
dev-shells Migrate packages to use callPackage pattern 2024-10-19 20:00:52 +03:00
lib Commit files for public release 2024-10-02 16:57:36 +03:00
nixos-configurations Remove tierberg 2024-12-23 22:10:41 +02:00
nixos-modules Make cyprianspitz ip static 2024-12-13 20:55:25 +02:00
overlays Commit files for public release 2024-10-02 16:57:36 +03:00
packages Migrate packages to use callPackage pattern 2024-10-19 20:00:52 +03:00
private@18d3b3b703 Remove tierberg 2024-12-23 22:10:41 +02:00
.envrc Commit files for public release 2024-10-02 16:57:36 +03:00
.gitignore Migrate packages to use callPackage pattern 2024-10-19 20:00:52 +03:00
.gitmodules Commit files for public release 2024-10-02 16:57:36 +03:00
.nixd.json Commit files for public release 2024-10-02 16:57:36 +03:00
backups.md Commit files for public release 2024-10-02 16:57:36 +03:00
book.toml Commit files for public release 2024-10-02 16:57:36 +03:00
email.md Commit files for public release 2024-10-02 16:57:36 +03:00
flake.lock Update inputs 2024-12-13 21:37:42 +02:00
flake.nix Use attic from nixpkgs 2024-12-06 14:34:21 +02:00
README.md Update docs to match current structure 2024-10-02 19:27:41 +03:00
robots.txt Commit files for public release 2024-10-02 16:57:36 +03:00
SUMMARY.md Remove tierberg 2024-12-23 22:10:41 +02:00
updates.md Remove tierberg 2024-12-23 22:10:41 +02:00

README.md

qo.is Infrastructure

This repository contains the infrastructure configuration and documentation sources.

Check out the current rendered documentation.

Structure

nixos-configurations: Main nixos configuration for every host.
defaults: Configuration defaults
nixos-modules: Custom modules (e.g. for vpn and routers)
private: Private configuration values (like users, sops-encrypted secrets and keys)

Building

This repository requires nix flakes

  • nix build
    Build all host configurations and docs
  • nix build .#nixosConfigurations.<hostname>.config.system.build.toplevel
    Build a single host configuration with
  • nix build .#docs
    Build the documentation website

Development

  • nix develop
    Development environment
  • nix flake check
    Execute the project's checks
  • nix fmt
    Autofix formatting

Working with the private submodule

To clone with submodules (if you have access):

git clone --recurse-submodules https://git.qo.is/qo.is/infrastructure.git

On changes:

git add private
nix flake lock --update-input private

Deployment

nix run .#deploy-qois

See Deployment for details.

Secrets

Secret management is done with nix-sops.

Secrets are stored in private/passwords.sops.yaml (sysadmin passwords), private/nixos-configurations/secrets.sops.yaml (shared secrets for all hosts) and private/nixos-configurations/<hostname>/secrets.sops.yaml (host specific secrets).

Usage:

sops $file # To edit a file
sops-rekey # To rekey all secrets, e.g. after a key rollover or new host