qo.is/infrastructure
3
0
Fork 0
Code Issues 10 Pull requests Projects Activity Actions
⚙️ Configuration and Deployment of qo.is infrastructure. https://docs-ops.qo.is
70 commits 3 branches 0 tags 14 MiB
Find a file
Fabian Hauser 362fba1385
All checks were successful
CI / build (push) Successful in 2m42s
Details
fixup! Add tests documentation to docs page
2025-03-24 17:28:43 +02:00
.github/workflows Remove submodule clone from ci pipeline 2025-03-03 21:13:34 +02:00
.vscode Migrate packages to use callPackage pattern 2024-10-19 20:00:52 +03:00
checks fixup! Add tests documentation to docs page 2025-03-24 17:28:43 +02:00
defaults Remove outdated hardware configurations 2025-03-21 20:22:43 +02:00
deploy Update docs to match current structure 2024-10-02 19:27:41 +03:00
dev-shells Fix renovate submodule cloning 2025-01-22 19:44:12 +02:00
lib Commit files for public release 2024-10-02 16:57:36 +03:00
nixos-configurations Move defaults/base to nixos-modules/system/physical.nix 2025-03-21 20:19:29 +02:00
nixos-modules Implement nixos-modules/static-page test 2025-03-24 15:23:49 +02:00
overlays Commit files for public release 2024-10-02 16:57:36 +03:00
packages Migrate packages to use callPackage pattern 2024-10-19 20:00:52 +03:00
private@33cf80043c Fix renovate submodule cloning 2025-01-22 19:44:12 +02:00
.envrc Commit files for public release 2024-10-02 16:57:36 +03:00
.gitignore Implement nixos-modules/static-page test 2025-03-24 15:23:49 +02:00
.gitmodules Commit files for public release 2024-10-02 16:57:36 +03:00
.nixd.json Commit files for public release 2024-10-02 16:57:36 +03:00
backups.md Commit files for public release 2024-10-02 16:57:36 +03:00
book.toml Commit files for public release 2024-10-02 16:57:36 +03:00
email.md Commit files for public release 2024-10-02 16:57:36 +03:00
flake.lock chore(deps): lock file maintenance 2025-03-20 13:10:18 +01:00
flake.nix Use attic from nixpkgs 2024-12-06 14:34:21 +02:00
README.md Add notes about changing secrets 2025-01-22 14:05:57 +02:00
renovate.json Fix renovate submodule cloning 2025-01-22 19:44:12 +02:00
robots.txt Commit files for public release 2024-10-02 16:57:36 +03:00
SUMMARY.md Add tests documentation to docs page 2025-03-24 15:35:23 +02:00
updates.md Remove tierberg 2024-12-23 22:10:41 +02:00

README.md

qo.is Infrastructure

This repository contains the infrastructure configuration and documentation sources.

Check out the current rendered documentation.

Structure

nixos-configurations: Main nixos configuration for every host.
defaults: Configuration defaults
nixos-modules: Custom modules (e.g. for vpn and routers)
private: Private configuration values (like users, sops-encrypted secrets and keys)

Building

This repository requires nix flakes

  • nix build
    Build all host configurations and docs
  • nix build .#nixosConfigurations.<hostname>.config.system.build.toplevel
    Build a single host configuration with
  • nix build .#docs
    Build the documentation website

Development

  • nix develop
    Development environment
  • nix flake check
    Execute the project's checks
  • nix fmt
    Autofix formatting

Working with the private submodule

To clone with submodules (if you have access):

git clone --recurse-submodules https://git.qo.is/qo.is/infrastructure.git

On changes:

git add private
nix flake lock --update-input private

Deployment

nix run .#deploy-qois

See Deployment for details.

Secrets

Secret management is done with nix-sops.

Secrets are stored in private/passwords.sops.yaml (sysadmin passwords), private/nixos-configurations/secrets.sops.yaml (shared secrets for all hosts) and private/nixos-configurations/<hostname>/secrets.sops.yaml (host specific secrets).

Usage:

sops $file # To edit a file
sops-rekey # To rekey all secrets, e.g. after a key rollover or new host

After changing secrets, don't forget to push the sub-repository and run nix flake update private in the infrastructure repository to use the changes in builds.