Kaare Hoff Skovgaard
f7d4bef46c
Work being done as an attempt to be able to create a small monitoring server |
||
|---|---|---|
| .forgejo/workflows | ||
| assets | ||
| nix | ||
| rust | ||
| .envrc | ||
| .gitignore | ||
| desktop.qcow2 | ||
| flake.lock | ||
| flake.nix | ||
| README.md | ||
Nix Machines
This is my repository for all my various machines running NixOS (or Using Nix Darwin).
It has been created as an attempt at unifying all the various provisioning of software/cloud resources that must happen, such that for every instance there's a unified set of commands to run.
When running on a desktop machine, simply running nixos-install as per usual should suffice.
Servers
To provision the cloud resources needed, the following can be run:
nix run '.#create-instance' -- <hostname>
This will run the provision.pre terraform code to ensure the cloud resources are created as needed, on either hetzner or openstack. It should also select the appropriate secrets backend to fetch secrets from. In general every server should use vault (OpenBAO) as the backend, except for the server hosting OpenBAO.
Once the instance has been created it will not run NixOS, but rather something like Debian, which can then be provisioned into a NixOS installation. Run the following command to enroll NixOS on the instance:
nix run '.#inxos-install' -- <hostname>
NOTE
If you're creating and destroying instances on the same host name and have DNS caching trouble, you can run the following to connect using an IP address:nix run '.#nixos-install' -- <hostname> <ip>
TODO: Here should be some guidance on how to transfer RoleID/SecretID to the server, as well as running the post provisioning scripts for the servers that need it.
To delete the resources again run:
nix run '.#destroy-instance' -- <hostname>
Secrets
To transfer the secrets needed for OpenTofu from Bitwarden to OpenBAO run:
nix run '.#bitwarden-to-vault'