Refactor nginx.nix using generative functions; Remove bind container service; Enable CoreDNS; Open 53UDP on system firewall; rename service files; containers listen on localhost only; added SDA-EXT data volume
This commit is contained in:
43
README
43
README
@ -1,19 +1,49 @@
|
||||
# eve-psr-nix0
|
||||
|
||||
This repository holds the configuration for my primary home server.
|
||||
This README exists to document solutions used or implemented with Nix.
|
||||
This repository holds the configuration for my primary home server.
|
||||
|
||||
---
|
||||
## details
|
||||
|
||||
- Defines a single node host
|
||||
- Follows the latest stable nixpkgs
|
||||
- Utilizes the nixpkgs-fmt code formatter
|
||||
-> /flake.nix
|
||||
|
||||
- Provides a devShell with direnv/nix-direnv integration
|
||||
- Common project scripts are packaged and then exposed via devShell/direnv
|
||||
-> /shell.nix
|
||||
|
||||
- Allows SSH Access
|
||||
- Enables the Hydra build server
|
||||
- Enables the nix-serve-ng binary cache server
|
||||
-> /system/services.nix
|
||||
|
||||
- HTTP entrypoint is an Nginx Reverse Proxy
|
||||
- Automatic TLS provisioning via Let's Encrypt ACME
|
||||
- Directly reference nix packages and configuration in Virtual Host definitions
|
||||
-> /applcation/nginx.nix
|
||||
|
||||
- Monitoring stack consisting of Prometheus, Grafana, Loki, and Promtail
|
||||
- Complete monitoring stack and connections are defined declaratively via Nix
|
||||
-> /monitoring/*.nix
|
||||
|
||||
- podman & systemd container orchestration
|
||||
- podman services are exposed only to localhost and are reverse proxied by Nginx
|
||||
-> /application/containers.nix
|
||||
|
||||
- agenix for secrets encryption and management
|
||||
-> /system/age.nix
|
||||
|
||||
## cheatsheet
|
||||
|
||||
### Enter the developer shell without pulling down the repository:
|
||||
### Enter the developer shell without cloning the repository:
|
||||
```
|
||||
$> nix develop git+https://git.eversole.co/eve-psr-nix0
|
||||
$nix> # Success!
|
||||
```
|
||||
|
||||
The rest of the cheatsheet assumes you have already cloned the repository and entered the developer shell:
|
||||
The rest of the cheatsheet assumes you have entered the developer shell or are using direnv:
|
||||
```
|
||||
$> git clone https://git.eversole.co/eve-psr-nix0
|
||||
$> cd eve-psr-nix0
|
||||
@ -23,13 +53,14 @@ $nix> # Success! Now we have our development dependencies.
|
||||
|
||||
### Use the developer shell alias to remotely build and deploy the configuration to eve-psr-nix0:
|
||||
```
|
||||
# This is it! Check the shellHook in outputs.devShell.x86_64-linux for more details.
|
||||
# This is it! Check the package definitions in /shell.nix for more details.
|
||||
$nix> deploy
|
||||
```
|
||||
|
||||
### Format .nix source files:
|
||||
```
|
||||
$nix> nix fmt *.nix
|
||||
# This is it! Check the package definitions in /shell.nix for more details.
|
||||
$nix> format
|
||||
```
|
||||
|
||||
### Create a new agenix secret:
|
||||
|
||||
Reference in New Issue
Block a user