qo.is/infrastructure
3
0
Fork 0
Code Issues 10 Pull requests Projects Activity Actions
⚙️ Configuration and Deployment of qo.is infrastructure. https://docs-ops.qo.is
76 commits 3 branches 0 tags 14 MiB
Find a file
Fabian Hauser 85ea7fe030 Improve nixosModules checks to include all modules by default.
2025-03-25 15:46:08 +02:00
.github/workflows Update build process ci and docs 2025-03-25 15:04:59 +02:00
.vscode Apply treefmt 2025-03-25 14:10:54 +02:00
checks Improve nixosModules checks to include all modules by default. 2025-03-25 15:46:08 +02:00
defaults Apply treefmt 2025-03-25 14:10:54 +02:00
deploy Apply treefmt 2025-03-25 14:10:54 +02:00
dev-shells Update build process ci and docs 2025-03-25 15:04:59 +02:00
lib Apply treefmt 2025-03-25 14:10:54 +02:00
nixos-configurations Apply treefmt 2025-03-25 14:10:54 +02:00
nixos-modules Extend package set available in git-ci-runner 2025-03-25 15:23:40 +02:00
packages Update build process ci and docs 2025-03-25 15:04:59 +02:00
private@f789cff295 Improve nixosModules checks to include all modules by default. 2025-03-25 15:46:08 +02:00
.envrc Commit files for public release 2024-10-02 16:57:36 +03:00
.gitignore Add pre-commit-hook with formatting 2025-03-25 14:32:57 +02:00
.gitmodules Commit files for public release 2024-10-02 16:57:36 +03:00
.nixd.json Apply treefmt 2025-03-25 14:10:54 +02:00
backups.md Commit files for public release 2024-10-02 16:57:36 +03:00
book.toml Commit files for public release 2024-10-02 16:57:36 +03:00
email.md Apply treefmt 2025-03-25 14:10:54 +02:00
flake.lock Improve nixosModules checks to include all modules by default. 2025-03-25 15:46:08 +02:00
flake.nix Add pre-commit-hook with formatting 2025-03-25 14:32:57 +02:00
README.md Update build process ci and docs 2025-03-25 15:04:59 +02:00
renovate.json Apply treefmt 2025-03-25 14:10:54 +02:00
robots.txt Commit files for public release 2024-10-02 16:57:36 +03:00
SUMMARY.md Apply treefmt 2025-03-25 14:10:54 +02:00
treefmt.nix Add treefmt configuration 2025-03-25 14:09:20 +02:00
updates.md Apply treefmt 2025-03-25 14:10:54 +02:00

README.md

qo.is Infrastructure

This repository contains the infrastructure configuration and documentation sources.

Check out the current rendered documentation.

Structure

nixos-configurations: Main nixos configuration for every host.
defaults: Configuration defaults
nixos-modules: Custom modules (e.g. for vpn and routers)
private: Private configuration values (like users, sops-encrypted secrets and keys)

Development

This repository requires nix flakes

  • nix flake check
    Execute the project's checks, which includes building all configurations and packages. See Tests.

  • nix build .#nixosConfigurations.<hostname>.config.system.build.toplevel
    Build a single host configuration.

  • nix build .#docs
    Build the documentation website.

  • nix develop
    Development environment

  • nix fmt
    Autofix formatting

Secrets and private Submodule

Secret management is done with nix-sops and a git submodule in private.
Make sure you have the submodule correctly available. To clone with submodules (if you have access):

git clone --recurse-submodules https://git.qo.is/qo.is/infrastructure.git
# See below for how to commit changes.

Secrets are stored in private/passwords.sops.yaml (sysadmin passwords), private/nixos-configurations/secrets.sops.yaml (shared secrets for all hosts) and private/nixos-configurations/<hostname>/secrets.sops.yaml (host specific secrets).

To modify secrets:

sops $file # To edit a file
sops-rekey # To rekey all secrets, e.g. after a key rollover or new host

After changing secrets:

# Commit changes in subrepo
pushd private
  git commit
  git push
  nix flake prefetch . # Make subrepo available in nix store. Required until nix 2.27.
popd

git add private
nix flake lock --update-input private

Deployment

See Deployment for details.