Infrastructure as Code for our home servers
Find a file
Pim Kunis dc73a0bf2c Update freshrss to 1.24.1
Fix rollout strategy for freshrss
2024-06-12 21:49:12 +02:00
docs Move Freshrss to longhorn 2024-05-20 19:33:50 +02:00
flake-parts Add option to add labels to Kubernetes nodes 2024-05-24 23:40:19 +02:00
kubenix-modules Update freshrss to 1.24.1 2024-06-12 21:49:12 +02:00
machines Convert lewis to kubernetes node 2024-05-26 14:34:19 +02:00
my-lib Enable IPv6 support for K8s 2024-05-09 17:03:13 +02:00
nixos-modules Remove Gatus monitoring 2024-06-07 21:41:03 +02:00
secrets Convert lewis to kubernetes node 2024-05-26 14:34:19 +02:00
.gitignore add persistent storage to minecraft 2024-04-13 22:21:26 +02:00
.sops.yaml Update sops keys 2024-05-08 22:00:41 +02:00
configuration.nix Replace neofetch with fastfetch 2024-06-12 21:35:46 +02:00
flake.lock Remove Gatus monitoring 2024-06-07 21:41:03 +02:00
flake.nix Remove Gatus monitoring 2024-06-07 21:41:03 +02:00
README.md Improve createScript function 2024-05-19 14:05:20 +02:00

nixos-servers

Nix definitions to configure our servers at home.

Acknowledgements

  • deploy-rs: NixOS deploy tool with rollback functionality
  • disko: declarative disk partitioning
  • agenix: deployment of encrypted secrets to NixOS machines
  • dns.nix: A Nix DSL for defining DNS zones
  • flake-utils: Handy utilities to develop Nix flakes
  • nixos-hardware: Hardware-specific NixOS modules. Doing the heavy lifting for our Raspberry Pi
  • kubenix: declare and deploy Kubernetes resources using Nix
  • nixhelm: Nix-digestible Helm charts

Installation

Prerequisites

  1. Install the Nix package manager or NixOS (link)
  2. Enable flake and nix commands (link)

Bootstrapping

We bootstrap our servers using nixos-anywhere. This reformats the hard disk of the server and installs a fresh NixOS. Additionally, it deploys an age identity, which is later used for decrypting secrets.

⚠️ This will wipe your server completely ⚠️

  1. Make sure your have a Secret service running (such as Keepassxc) that provides the age identity.
  2. Ensure you have root SSH access to the server.
  3. Run nixos-anywhere: nix run .#bootstrap <servername> <hostname>

Deployment

To deploy all servers at once: nix run nixpkgs#deploy-rs -- .# -k To deploy only one server: nix run nixpkgs#deploy-rs -- -k --targets .#<host>

Deploying to Kubernetes

To deploy to the Kubernetes cluster, first make sure you have an admin account on the cluster. You can generate this using nix run .#gen-k3s-cert <username> <servername> ~/.kube, assuming you have SSH access to the master node. This puts a private key, signed certificate and a kubeconfig in the kubeconfig directory

If the cluster has not been initialized yet, next run nix run .#kubenix-bootstrap.x86_64-linux.

Lastly, deploy everything to the cluster using nix run .#kubenix.x86_64-linux.

Known bugs

Rsync not available during bootstrap

The rsync command was removed from recent NixOS ISO which causes nixos-anywhere to fail when copying extra files. See this issue. Solution is to execute nix-env -iA nixos.rsync on the host.