diff --git a/README.md b/README.md index a626806..17f32fe 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ Nix definitions to configure our servers at home. - [nixhelm](https://github.com/farcaller/nixhelm): Nix-digestible Helm charts - [sops-nix](https://github.com/Mic92/sops-nix): Sops secret management for Nix -## Installation +## NixOS Installation ### Prerequisites @@ -28,7 +28,7 @@ Additionally, it deploys an age identity, which is later used for decrypting sec ⚠️ This will wipe your server completely ⚠️ -1. Make sure your have a [Secret service](https://www.gnu.org/software/emacs/manual/html_node/auth/Secret-Service-API.html) running (such as Keepassxc) that provides the age identity. +1. Make sure you can decrypt the Sops-encrypted secrets in `secrets/`. You can test this by running `sops -d secrets/serverKeys.yaml`. 2. Ensure you have root SSH access to the server. 3. Run nixos-anywhere: `nix run '.#bootstrap' ` @@ -37,12 +37,16 @@ Additionally, it deploys an age identity, which is later used for decrypting sec To deploy all servers at once: `nix run 'nixpkgs#deploy-rs' -- '.#' -k` To deploy only one server: `nix run 'nixpkgs#deploy-rs' -- -k --targets '.#'` -## Deploying to Kubernetes +## Kubernetes + +### Prerequisites To deploy to the Kubernetes cluster, first make sure you have an admin account on the cluster. You can generate this using `nix run '.#gen-k3s-cert' ~/.kube`, assuming you have SSH access to the master node. This puts a private key, signed certificate and a kubeconfig in the kubeconfig directory +### Bootstrapping + We are now ready to deploy to the Kubernetes cluster. Deployments are done through an experimental Kubernetes feature called [ApplySets](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#how-to-delete-objects). Each applyset is responsible for a set number of resources within a namespace. @@ -52,6 +56,8 @@ Run these deployments: - `nix run '.#bootstrap-default'` - `nix run '.#bootstrap-kube-system'` +### Deployment + Now the cluster has been initialized and we can deploy applications. To explore which applications we can deploy, run `nix flake show`. Then, for each application, run `nix run '.#'`.