James/eve-psr-nix0
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
71 Commits 1 Branch 0 Tags 121 KiB
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.md

eve-psr-nix0

This repository holds the configuration for my primary home server.

details

  • Defines a single node host

  • Follows the latest stable nixpkgs

  • Utilizes the nixpkgs-fmt code formatter -> /flake.nix

  • Provides a devShell with direnv/nix-direnv integration

  • Common project scripts are packaged and then exposed via devShell/direnv -> /shell.nix

  • Allows SSH Access

  • Enables the Hydra build server

  • Enables the nix-serve-ng binary cache server -> /system/services.nix

  • HTTP entrypoint is an Nginx Reverse Proxy

  • Automatic TLS provisioning via Let's Encrypt ACME

  • Directly reference nix packages and configuration in Virtual Host definitions -> /applcation/nginx.nix

  • Monitoring stack consisting of Prometheus, Grafana, Loki, and Promtail

  • Complete monitoring stack and connections are defined declaratively via Nix -> /monitoring/*.nix

  • podman & systemd container orchestration

  • podman services are exposed only to localhost and are reverse proxied by Nginx -> /application/containers.nix

  • agenix for secrets encryption and management -> /system/age.nix

cheatsheet

Enter the developer shell without cloning the repository:

$> nix develop git+https://git.eversole.co/James/eve-psr-nix0
$nix> # Success!

The rest of the cheatsheet assumes you have entered the developer shell or are using direnv:

$> git clone https://git.eversole.co/James/eve-psr-nix0
$> cd eve-psr-nix0
$> nix develop
$nix> # Success! Now we have our development dependencies.

Use the developer shell alias to remotely build and deploy the configuration to eve-psr-nix0:

# This is it! Check the package definitions in /shell.nix for more details.
$nix> deploy

Format .nix source files:

# This is it! Check the package definitions in /shell.nix for more details.
$nix> format

Create a new agenix secret:

# Add a new key to the secrets.nix attribute set
$nix> $EDITOR secrets.nix 
# Replace $SECRET_PATH with the actual 'secrets/$SECRET_NAME.age' path to edit the secrets file
$nix> agenix -e $SECRET_PATH 
# Redeploy; the secret will now be available in /run/agenix/$SECRET_NAME on the target host
$nix> deploy

Add a new agenix secret recipient:

# Add a named variable in the let binding; associate it in the "publicKeys" list of applicable secrets
$nix> #EDITOR secrets.nix
# Redeploy
$nix> deploy

agenix

agenix ( https://github.com/ryantm/agenix ) is utilized by this project for secret management, allowing us to include sensitive environment information or other secrets that the deployment target may need. The files are included directly in the nix store, but they are encrypted via/to ed25519 SSH keys and are then decrypted on the target host.

license and copyright

Copyright James Eversole Refer to LICENSE file for ISC license details

Description
Intel NUC Home Server
Readme
Languages
Nix 100%