2 KiB
qo.is Infrastructure
This repository contains the infrastructure configuration and documentation sources.
Check out the current rendered documentation.
Structure
nixos-configurations: Main nixos configuration for every host.
defaults: Configuration defaults
nixos-modules: Custom modules (e.g. for vpn and routers)
private: Private configuration values (like users, sops-encrypted secrets and keys)
Development
This repository requires nix flakes
-
nix flake check
Execute the project's checks, which includes building all configurations and packages. See Tests. -
nix build .#nixosConfigurations.<hostname>.config.system.build.toplevel
Build a single host configuration. -
nix build .#docs
Build the documentation website. -
nix develop
Development environment -
nix fmt
Autofix formatting
Secrets and private Submodule
Secret management is done with nix-sops and a git submodule in private.
Make sure you have the submodule correctly available. To clone with submodules (if you have access):
git clone --recurse-submodules https://git.qo.is/qo.is/infrastructure.git
# See below for how to commit changes.
Secrets are stored in private/passwords.sops.yaml (sysadmin passwords),
private/nixos-configurations/secrets.sops.yaml (shared secrets for all hosts) and
private/nixos-configurations/<hostname>/secrets.sops.yaml (host specific secrets).
To modify secrets:
sops $file # To edit a file
sops-rekey # To rekey all secrets, e.g. after a key rollover or new host
After changing secrets:
# Commit changes in subrepo
pushd private
git commit
git push
nix flake prefetch . # Make subrepo available in nix store. Required until nix 2.27.
popd
git add private
nix flake lock --update-input private
Deployment
See Deployment for details.