kalipso/infrastructure
1
1
Fork 1
Code Issues 43 Pull Requests 2 Actions Projects 2 Releases Wiki Activity
314 Commits 20 Branches 0 Tags
c0cef1ff1edc11a7c60d2404643a9c8c12ddf21a
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
ahtlon c0cef1ff1e
Some checks failed
Evaluate Hydra Jobs / eval-hydra-jobs (push) Has been cancelled
Details
Evaluate Hydra Jobs / eval-hydra-jobs (pull_request) Successful in 5m14s
Details
Apply legacy to bakunin
2025-01-18 21:33:41 +01:00
.gitea/workflows
[actions] update: rm for now since pr's dont work
2024-10-24 12:40:12 +02:00
doc
[docs] update sops
2025-01-14 13:46:08 +01:00
machines
Apply legacy to bakunin
2025-01-18 21:33:41 +01:00
scripts
[scripts] check for flake.nix
2025-01-18 20:39:16 +01:00
.envrc
initial commit
2022-10-04 14:08:04 +02:00
.gitignore
[fanny] disable mounting root datasets and add encrypted swap
2024-12-16 16:58:07 +01:00
flake.lock
[nixpkgs] update tasklist
2025-01-06 18:28:39 +01:00
flake.nix
[nixpkgs] 24.05 -> 24.11
2024-12-13 14:08:49 +01:00
outputs.nix
[packages] make scripts available in shell without nix run
2025-01-18 20:04:22 +01:00
README.md
[readme] rm durruti ip
2024-11-21 16:19:03 +01:00

README.md

malobeo infrastructure

this repository nxios configurations of the digital malobeo infrastructure. it should be used to setup, test, build and deploy different hosts in a reproducible manner.

the file structure is based on this blog post

hosts

durruti

  • nixos-container running on dedicated hetzner server
  • login via ssh -p 222 malobeo@dynamicdiscord.de
  • if rebuild switch fails due to biglock do mount -o remount,rw /nix/var/nix/db
  • currently is running tasklist in detached tmux session
    • make module with systemd service out of that

creating a new host

setting up filesystem

currently nixos offers no declarative way of setting up filesystems and partitions. that means this has to be done manually for every new host. to make it as easy as possible we can use this guide to setup an encrypted zfs filesystem

we could create a shell script out of that

deploying configuration

local deployment

nixos-rebuild switch --use-remote-sudo

remote deployment

you need the hostname and ip address of the host:

 nixos-rebuild switch --flake .#<hostname> --target-host root@<ip_address> --build-host localhost

in this case 'localhost' is used as buildhost which can be usefull if the target host is low systemresources

development

requirements

we use flake based configurations for our hosts. if you want to build configurations on you own machine you have to enable flakes first by adding the following to your configuration.nix or nix.conf

nix.extraOptions = ''
  experimental-features = nix-command flakes
'';

More information about flakes can be found here

dev shell

a development shell with the correct environment can be created by running nix develop

If you're using direnv you can add flake support by following those steps: link

build a configuration

to build a configuration run the following command (replace <hostname> with the actual hostname):

nix build .#nixosConfigurations.<hostname>.config.system.build.toplevel

building raspberry image

for the raspberry it is possible to build the whole configuration as an sd-card image which then can be flashed directly. more information about building arm on nixos can be found here.

to be able to build the image you need to enable qemu emulation on the machine you are building with. therefore it is necessary to add the following to your configuration.nix:

boot.binfmt.emulatedSystems = [ "aarch64-linux" ];

then you can build the image with:

nix build .#nixosConfigurations.rpi1_base_image.config.system.build.sdImage

run a configuration as vm

to run a vm we have to build it first using the following command (replace <hostname> with the actual hostname):

nix build .#nixosConfigurations.<hostname>.config.system.build.vm

afterwards run the following command to start the vm:

./result/bin/run-<hostname>-vm

documentation

for documentation we currently just use README.md files.

the devshell provides the python package 'grip' which can be used to preview different README.md files in the browser. the usage is simple, just run grip in the same folder as the README.md you wanna preview. then open your browser at http://localhost:6419 .

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 2.4 MiB
Languages
Nix 88.9%
Shell 11.1%