⚙️ Configuration and Deployment of qo.is infrastructure.
https://docs-ops.qo.is
|
|
||
|---|---|---|
| .github/workflows | ||
| .vscode | ||
| checks | ||
| defaults | ||
| deploy | ||
| dev-shells | ||
| lib | ||
| nixos-configurations | ||
| nixos-modules | ||
| overlays | ||
| packages | ||
| private@9a646336c5 | ||
| .envrc | ||
| .gitignore | ||
| .gitmodules | ||
| .nixd.json | ||
| backups.md | ||
| book.toml | ||
| email.md | ||
| flake.lock | ||
| flake.nix | ||
| README.md | ||
| robots.txt | ||
| SUMMARY.md | ||
| updates.md | ||
qo.is Infrastructure
This repository contains the infrastructure configuration and documentation sources.
Check out the current rendered documentation on the deployed gitlab page.
Structure
nixos-configurations: Main nixos configuration for every host.
defaults: Configuration defaults
modules: Custom modules (e.g. for vpn and routers)
Building
This repository requires nix flakes
nix build
Build all host configurations and docsnix build .#nixosConfigurations.<hostname>.config.system.build.toplevel
Build a single host configuration withnix build .#docs
Build the documentation website
Development
nix develop
Development environmentnix flake check
Execute the project's checksnix fmt
Autofix formatting
Working with the private submodule
On changes:
git add private
nix flake lock --update-input private
Deployment
nix run .#deploy
See Deployment for details.
Secrets
Secret management is done with nix-sops.
Secrets are stored in private/passwords.sops.yaml (sysadmin passwords),
private/nixos-configurations/secrets.sops.yaml (shared secrets for all hosts) and
private/nixos-configurations/<hostname>/secrets.sops.yaml (host specific secrets).
Usage:
sops
sops-rekey