nix/machines
1
0
Fork 0
Code Issues Releases Packages Activity Actions
machines/README.md
Kaare Hoff Skovgaard b2f59a9c77
All checks were successful
/ dev-shell (push) Successful in 30s
Details
/ rust-packages (push) Successful in 37s
Details
/ check (push) Successful in 1m11s
Details
/ terraform-providers (push) Successful in 59s
Details
/ systems (push) Successful in 3m33s
Details
Make some notes on how to bring up servers
2025-07-19 23:03:40 +02:00

75 lines
2.4 KiB
Markdown
Raw Blame History

# Nix Machines
This is my repository for all my various machines running NixOS (or Using Nix Darwin).
It has been created as an attempt at unifying all the various provisioning of software/cloud resources that must happen, such that for every instance there's a unified set of commands to run.
When running on a desktop machine, simply running `nixos-install` as per usual should suffice.
## Servers
To provision the cloud resources needed, and install NixOS, the following can be run:
```bash
nix run '.#create-instance' -- <hostname>
```
This will run the `provision.pre` terraform code to ensure the cloud resources are created as needed, on either hetzner or openstack. It should also select the appropriate secrets backend to fetch secrets from. In general every server should use `vault` (OpenBAO) as the backend, except for the server hosting OpenBAO. Then it will install NixOS.
When making changes to eg. the approle needed, and needing to provision the instance again (but not installing NixOS again, as that won't work), run:
```bash
nix run '.#provision-instance' -- <hostname>
```
To update the NixOS config on an instance:
```bash
nix run '.#update-instance` -- <hostname>
```
To delete the resources again run:
```bash
nix run '.#destroy-instance' -- <hostname>
```
## Secrets
To transfer the secrets needed for OpenTofu from Bitwarden to OpenBAO/Vault run:
```bash
nix run '.#bitwarden-to-vault'
```
# Bootstrapping
## security.kaareskovgaard.net
The first instance to create is `security.kaareskovgaard.net` as that hosts OpenBAO which is used to deploy all the other instances.
First read the README for that instance, regarding the bootstrapping process (flip a boolean switch in the configuration). Then:
```bash
nix run '.#create-instance' -- security.kaareskovgaard.net
nix run '.#configure-instance' -- security.kaareskovgaard.net
```
Then unbootstrap the instance and:
```bash
nix run '.#update-instance' -- security.kaareskovgaard.net
nix run '.#configure-instance' -- security.kaareskovgaard.net
```
## monitoring.kaareskovgaard.net
Every instance attempts to send logs and metrics to the monitoring instance, as such this should be created next. This should be a simple:
```bash
nix run '.#create-instance' -- monitoring.kaareskovgaard.net
```
## The rest
At this point every other instance should be able to be brought up. The `create-instance` command should be all that is needed.
Reference in a new issue View git blame Copy permalink