home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

docs: Update readme

Browse source
This commit is contained in:
Pim Kunis 2024-07-28 14:48:09 +02:00
parent 9fe5ecbb8d
commit 8067d9a301
1 changed files with 9 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
README.md
View file

@ -13,7 +13,7 @@ Nix definitions to configure our servers at home.
- [nixhelm](https://github.com/farcaller/nixhelm): Nix-digestible Helm charts - [nixhelm](https://github.com/farcaller/nixhelm): Nix-digestible Helm charts
- [sops-nix](https://github.com/Mic92/sops-nix): Sops secret management for Nix - [sops-nix](https://github.com/Mic92/sops-nix): Sops secret management for Nix
## Installation ## NixOS
### Prerequisites ### Prerequisites
@ -28,7 +28,7 @@ Additionally, it deploys an age identity, which is later used for decrypting sec
⚠️ This will wipe your server completely ⚠️ ⚠️ This will wipe your server completely ⚠️
1. Make sure your have a [Secret service](https://www.gnu.org/software/emacs/manual/html_node/auth/Secret-Service-API.html) running (such as Keepassxc) that provides the age identity. 1. Make sure you can decrypt the Sops-encrypted secrets in `secrets/`. You can test this by running `sops -d secrets/serverKeys.yaml`.
2. Ensure you have root SSH access to the server. 2. Ensure you have root SSH access to the server.
3. Run nixos-anywhere: `nix run '.#bootstrap' <servername> <hostname>` 3. Run nixos-anywhere: `nix run '.#bootstrap' <servername> <hostname>`
@ -37,12 +37,16 @@ Additionally, it deploys an age identity, which is later used for decrypting sec
To deploy all servers at once: `nix run 'nixpkgs#deploy-rs' -- '.#' -k` To deploy all servers at once: `nix run 'nixpkgs#deploy-rs' -- '.#' -k`
To deploy only one server: `nix run 'nixpkgs#deploy-rs' -- -k --targets '.#<host>'` To deploy only one server: `nix run 'nixpkgs#deploy-rs' -- -k --targets '.#<host>'`
## Deploying to Kubernetes ## Kubernetes
### Prerequisites
To deploy to the Kubernetes cluster, first make sure you have an admin account on the cluster. To deploy to the Kubernetes cluster, first make sure you have an admin account on the cluster.
You can generate this using `nix run '.#gen-k3s-cert' <username> <servername> ~/.kube`, assuming you have SSH access to the master node. You can generate this using `nix run '.#gen-k3s-cert' <username> <servername> ~/.kube`, assuming you have SSH access to the master node.
This puts a private key, signed certificate and a kubeconfig in the kubeconfig directory This puts a private key, signed certificate and a kubeconfig in the kubeconfig directory
### Bootstrapping
We are now ready to deploy to the Kubernetes cluster. We are now ready to deploy to the Kubernetes cluster.
Deployments are done through an experimental Kubernetes feature called [ApplySets](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#how-to-delete-objects). Deployments are done through an experimental Kubernetes feature called [ApplySets](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#how-to-delete-objects).
Each applyset is responsible for a set number of resources within a namespace. Each applyset is responsible for a set number of resources within a namespace.
@ -52,6 +56,8 @@ Run these deployments:
- `nix run '.#bootstrap-default'` - `nix run '.#bootstrap-default'`
- `nix run '.#bootstrap-kube-system'` - `nix run '.#bootstrap-kube-system'`
### Deployment
Now the cluster has been initialized and we can deploy applications. Now the cluster has been initialized and we can deploy applications.
To explore which applications we can deploy, run `nix flake show`. To explore which applications we can deploy, run `nix flake show`.
Then, for each application, run `nix run '.#<application>'`. Then, for each application, run `nix run '.#<application>'`.