61 lines
1.4 KiB
Markdown
61 lines
1.4 KiB
Markdown
# qo.is Infrastructure
|
|
|
|
[This repository](https://gitlab.com/qo.is/infrastructure) contains the infrastructure configuration and documentation sources.
|
|
|
|
Check out the current [rendered documentation on the deployed gitlab page](https://docs-ops.qo.is).
|
|
|
|
## Structure
|
|
|
|
`nixos-configurations`: Main nixos configuration for every host.
|
|
`defaults`: Configuration defaults
|
|
`modules`: Custom modules (e.g. for vpn and routers)
|
|
|
|
## Building
|
|
|
|
This repository requires [nix flakes](https://nixos.wiki/wiki/Flakes)
|
|
|
|
- `nix build`
|
|
Build all host configurations and docs
|
|
- `nix build .#nixosConfigurations.<hostname>.config.system.build.toplevel`
|
|
Build a single host configuration with
|
|
- `nix build .#docs`
|
|
Build the documentation website
|
|
|
|
## Development
|
|
|
|
- `nix develop`
|
|
Development environment
|
|
- `nix flake check`
|
|
Execute the project's checks
|
|
- `nix fmt`
|
|
Autofix formatting
|
|
|
|
### Working with the private submodule
|
|
|
|
On changes:
|
|
|
|
```bash
|
|
git add private
|
|
nix flake lock --update-input private
|
|
```
|
|
|
|
## Deployment
|
|
|
|
`nix run .#deploy`
|
|
|
|
See [Deployment](deployment.md) for details.
|
|
|
|
## Secrets
|
|
|
|
Secret management is done with [nix-sops](https://github.com/Mic92/sops-nix).
|
|
|
|
Secrets are stored in `private/passwords.sops.yaml` (sysadmin passwords),
|
|
`private/nixos-configurations/secrets.sops.yaml` (shared secrets for all hosts) and
|
|
`private/nixos-configurations/<hostname>/secrets.sops.yaml` (host specific secrets).
|
|
|
|
Usage:
|
|
|
|
```bash
|
|
sops
|
|
sops-rekey
|
|
```
|