Infrastructure as Code for our home servers
Find a file
Pim Kunis 6bcdd774ac enable firewall again
replace iptables with nftables
disable reverse path filtering for all hosts
allow port 5353 for host running dnsmasq
closes #31
2024-01-12 22:31:15 +01:00
docs restructure documentation 2023-12-29 12:51:42 +01:00
legacy remove hermes virtual machines 2024-01-07 22:39:34 +01:00
nixos enable firewall again 2024-01-12 22:31:15 +01:00
.envrc add psql env variables to .envrc 2023-11-25 14:43:37 +01:00
.gitignore WIP: nixos-anywhere for virtual machines 2023-11-25 21:00:21 +01:00
bootstrap.sh move age keys to /etc 2024-01-08 20:47:12 +01:00
flake.lock use dns.nix voor zone file generation 2024-01-07 20:24:12 +01:00
flake.nix use dns.nix voor zone file generation 2024-01-07 20:24:12 +01:00
README.md restructure documentation 2023-12-29 12:51:42 +01:00

nixos-servers

Nix definitions to configure our physical servers. Currently, only one physical server (named jefke) is implemented but more are planned!

Additional documentation

Prerequisites

  1. Install the Nix package manager or NixOS (link)
  2. Enable flake and nix commands (link)
  3. Install Direnv (link)
  4. Allow direnv for this repository: direnv allow

Bootstrapping

We bootstrap our physical server using nixos-anywhere. This reformats the hard disk of the server and installs a fresh NixOS. Additionally, it deploys an age identity, which is later used for decrypting secrets.

⚠️ This will wipe your server completely ⚠️

  1. Make sure your have a Secret service running (such as Keepassxc) that provides the age identity.
  2. Ensure you have root SSH access to the server.
  3. Run nixos-anywhere: ./bootstrap.sh <servername> <hostname>

Deployment

To deploy all servers at once: deploy To deploy only one server: deploy --targets .#<host>