home/nixos-servers
home/nixos-servers
Archived
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions
Infrastructure as Code for our home servers
This repository has been archived on 2025-02-21. You can view files and clone it, but you cannot make any changes to its state, such as pushing and creating new issues, pull requests or comments.
495 commits 3 branches 0 tags 2.4 MiB
Find a file
Exact
Pim Kunis 68b79e086c Add deprecation notice
2024-12-01 16:50:32 +01:00
ansible Rename pikvm ansible playbook 2024-09-07 14:01:00 +02:00
machines Remove migrated machine Jefke 2024-12-01 15:41:11 +01:00
modules Refactor machine logic 2024-11-04 23:35:04 +01:00
scripts Format repo 2024-10-28 14:12:06 +01:00
secrets Cleanup after kubernetes deployment migration 2024-09-07 13:06:37 +02:00
utils Format repo 2024-10-28 14:12:06 +01:00
.envrc Add commit hook and flake check for formatting 2024-10-28 14:42:21 +01:00
.gitignore Git ignore .pre-commit-config.yaml 2024-10-28 14:43:32 +01:00
.sops.yaml Cleanup after kubernetes deployment migration 2024-09-07 13:06:37 +02:00
deploy.nix Refactor machine logic 2024-11-04 23:35:04 +01:00
flake.lock update nixos-facter-modules 2024-11-04 21:08:57 +01:00
flake.nix Use nixos-facter 2024-11-02 23:55:25 +01:00
formatter.nix Update git-hooks 2024-10-30 21:17:03 +01:00
nixos.nix Refactor machine logic 2024-11-04 23:35:04 +01:00
README.md Add deprecation notice 2024-12-01 16:50:32 +01:00
shell.nix Add commit hook and flake check for formatting 2024-10-28 14:42:21 +01:00
treefmt.nix Add formatter for JSON documents 2024-11-02 23:58:22 +01:00

README.md

nixos-servers

Caution

This repository has been deprecated in favor of pim/nixos-configs.

Nix definitions to configure our servers at home.

Acknowledgements

  • deploy-rs: NixOS deploy tool with rollback functionality
  • disko: declarative disk partitioning
  • dns.nix: A Nix DSL for defining DNS zones
  • flake-utils: Handy utilities to develop Nix flakes
  • nixos-hardware: Hardware-specific NixOS modules. Doing the heavy lifting for our Raspberry Pi
  • sops-nix: Sops secret management for Nix

Prerequisites

  1. Install the Nix package manager or NixOS (link)
  2. Enable flake and nix commands (link)

Bootstrapping

We bootstrap our servers using nixos-anywhere. This reformats the hard disk of the server and installs a fresh NixOS. Additionally, it deploys an age identity, which is later used for decrypting secrets.

⚠️ This will wipe your server completely ⚠️

  1. Make sure you can decrypt the Sops-encrypted secrets in secrets/. You can test this by running sops -d secrets/serverKeys.yaml.
  2. Ensure you have root SSH access to the server.
  3. Run nixos-anywhere: nix run '.#bootstrap' <servername> <hostname>

Deployment

To deploy all servers at once: nix run 'nixpkgs#deploy-rs' -- '.#' -k To deploy only one server: nix run 'nixpkgs#deploy-rs' -- -k --targets '.#<host>'

Known bugs

Rsync not available during bootstrap

The rsync command was removed from recent NixOS ISO which causes nixos-anywhere to fail when copying extra files. See this issue. Solution is to execute nix-env -iA nixos.rsync on the host.