nix/machines
1
0
Fork 0
Code Issues Releases Packages Activity Actions
machines/README.md
Kaare Hoff Skovgaard c402ada8f7
All checks were successful
/ dev-shell (push) Successful in 1m18s
Details
/ rust-packages (push) Successful in 2m54s
Details
/ check (push) Successful in 3m21s
Details
/ terraform-providers (push) Successful in 9m33s
Details
/ systems (push) Successful in 8m34s
Details
Get basic nginx and acme setup working 
This should enable DNS-01 acme for all khs openstack servers,
thus removing the pain of setting up acme for those servers.

Do note that this might not really be needed that much anymore,
as I should be able to hit them over IPv6, but for ease of mind,
this will enable ACME trivially, also for non https workloads, as well
as servers without open ports.

Do note that currently there's a global unifi firewall rule in place to
allow port 80 and 443 to my own servers over ipv6, I'd like to remove this
and have Nix configure firewall rules for each server individually, as
requested in the setup.
2025-07-11 00:38:31 +02:00

43 lines
1.4 KiB
Markdown
Raw Blame History

# Nix Machines
This is my repository for all my various machines running NixOS (or Using Nix Darwin).
It has been created as an attempt at unifying all the various provisioning of software/cloud resources that must happen, such that for every instance there's a unified set of commands to run.
When running on a desktop machine, simply running `nixos-install` as per usual should suffice.
## Servers
To provision the cloud resources needed, and install NixOS, the following can be run:
```bash
nix run '.#create-instance' -- <hostname>
```
This will run the `provision.pre` terraform code to ensure the cloud resources are created as needed, on either hetzner or openstack. It should also select the appropriate secrets backend to fetch secrets from. In general every server should use `vault` (OpenBAO) as the backend, except for the server hosting OpenBAO. Then it will install NixOS.
When making changes to eg. the approle needed, and needing to provision the instance again (but not installing NixOS again, as that won't work), run:
```bash
nix run '.#provision-instance' -- <hostname>
```
To update the NixOS config on an instance:
```bash
nix run '.#update-instance` -- <hostname>
```
To delete the resources again run:
```bash
nix run '.#destroy-instance' -- <hostname>
```
## Secrets
To transfer the secrets needed for OpenTofu from Bitwarden to OpenBAO/Vault run:
```bash
nix run '.#bitwarden-to-vault'
```
Reference in a new issue View git blame Copy permalink