Infrastructure as Code for our home servers
Pim Kunis
b4fbc0b955
- deploy age identity - make script machine indepdendent - add sanity check for wiping the system create nix shell for running the script |
||
---|---|---|
secrets | ||
.envrc | ||
.gitignore | ||
agenix.nix | ||
configuration.nix | ||
disk-config.nix | ||
flake.lock | ||
flake.nix | ||
hardware-configuration.nix | ||
jefke_host_ed25519-cert.pub | ||
jefke_user_ed25519-cert.pub | ||
nftables.conf | ||
nixos-anywhere.sh | ||
README.md |
nixos-servers
Nix definitions to configure our physical servers. Currently, only one physical server (named jefke) is implemented.
Deployment
NEW
nix run github:numtide/nixos-anywhere -- --flake .#hypervisor root@jefke.hyp
Prerequisites
Before a NixOS definition can be deployed, some prerequite preparational steps must be performed.
- Manually install NixOS on the physical machine. This could potentially be automated in the future with nixos-anywhere, but for now this is a manual process.
- Enable SSH and install authorized keys.
- Ensure Python3 is installed for Ansible.
- Run Ansible playbook which deploys secrets
ansible-playbook deploy_secrets.yml
.
NixOS deployment
Finally, the NixOS definition can be deployed as follows: nix run github:serokell/deploy-rs
.