1
1
Fork
You've already forked host_infra
0
Configuration of my infrastructure hosts
Nix 100%
ci 7fe8548c3e
All checks were successful
build / build (push) Successful in 4m11s
Updated the flake lock
2026年01月14日 08:12:33 +00:00
.forgejo/workflows updated ci to 24.04 2025年12月16日 15:08:44 +01:00
hardware Initial commit 2025年06月12日 19:31:37 +02:00
.gitignore Initial commit 2025年06月12日 19:31:37 +02:00
base_config.nix made static values declared once 2025年06月20日 23:12:47 +02:00
configuration_base.nix packages in alphabetical order 2025年12月16日 12:47:16 +01:00
configuration_docker.nix opened up the required ports for the docker swarm overlay network to work 2025年12月16日 12:48:12 +01:00
disk_single.nix mounted the disk in /mnt instead of my user folder, so other users (like restic) are able to access the drive 2025年06月13日 19:22:08 +02:00
flake.lock Updated the flake lock 2026年01月14日 08:12:33 +00:00
flake.nix removed not nix unstable, as the wanted changes are in 25.10 2025年12月16日 14:57:25 +01:00
interconnect.nix Initial commit 2025年06月12日 19:31:37 +02:00
readme.md added a specific version of the nixos upgrade service, made the update service respect the auto updating lockfile 2025年06月20日 23:10:45 +02:00
restic_server.nix made restic listen on all interfaces, instead of the interconnect one. as restic is up earlier than the interconnect 2025年06月17日 13:00:28 +02:00
syncthing.nix made static values declared once 2025年06月20日 23:12:47 +02:00
update.nix removed not nix unstable, as the wanted changes are in 25.10 2025年12月16日 14:57:25 +01:00

Infra base

A repo for the configs of my base infrastructure, using docker swarm as my orchestration tool of choice.

CI

The repo has an auto update feature, this updates the lockfile once in a while. It requires an api key, with repo read and write permissions, called REPO_TOKEN.

Deploying

  1. (optionally) set a password for the root user, allowing access via ssh
  2. make the /config/wg_interconnect_key file contain the private key for client on the interconnect network
  3. add git to the shell with nix-shell -p git
  4. clone the repo
  5. sudo nixos-rebuild switch --flake .#<HOSTNAME_TO_DEPLOY>
  6. set the password for the user with passwd <USER>
  7. if a drive is available, make it owned by the correct user and group
  8. reboot

Manually updating

Either start the upgrade service via sudo systemctl start nixos-upgrade.service. Or pull the repo, and run sudo nixos-rebuild switch --flake .#$(hostname).

Todo

  • distributed local storage (as some services have sqlite databases, and i don't know how to lock them over a fileshare)