32 lines
1.2 KiB
Markdown
32 lines
1.2 KiB
Markdown
# nixos-servers
|
|
|
|
Nix definitions to configure our physical servers.
|
|
Currently, our three main servers are all Nixified!
|
|
|
|
## Additional documentation
|
|
|
|
- [Kubernetes](docs/kubernetes.md)
|
|
|
|
## Prerequisites
|
|
|
|
1. Install the Nix package manager or NixOS ([link](https://nixos.org/download))
|
|
2. Enable flake and nix commands ([link](https://nixos.wiki/wiki/Flakes#Enable_flakes_permanently_in_NixOS))
|
|
3. Install Direnv ([link](https://direnv.net/))
|
|
4. Allow direnv for this repository: `direnv allow`
|
|
|
|
## Bootstrapping
|
|
|
|
We bootstrap our physical server using [nixos-anywhere](https://github.com/nix-community/nixos-anywhere).
|
|
This reformats the hard disk of the server and installs a fresh NixOS.
|
|
Additionally, it deploys an age identity, which is later used for decrypting secrets.
|
|
|
|
⚠️ This will wipe your server completely ⚠️
|
|
|
|
1. Make sure your have a [Secret service](https://www.gnu.org/software/emacs/manual/html_node/auth/Secret-Service-API.html) running (such as Keepassxc) that provides the age identity.
|
|
2. Ensure you have root SSH access to the server.
|
|
3. Run nixos-anywhere: `./bootstrap.sh <servername> <hostname>`
|
|
|
|
## Deployment
|
|
|
|
To deploy all servers at once: `deploy`
|
|
To deploy only one server: `deploy --targets .#<host>`
|