James/eve-psr-nix0
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
eve-psr-nix0/README.md
James Eversole f795bf54b3 Update references to git URL
2024-12-28 21:55:24 -06:00

96 lines
2.8 KiB
Markdown
Raw Permalink Blame History

# eve-psr-nix0
This repository holds the configuration for my primary home server.
---
## details
- Defines a single node host
- Follows the latest stable nixpkgs
- Utilizes the nixpkgs-fmt code formatter
-> /flake.nix
- Provides a devShell with direnv/nix-direnv integration
- Common project scripts are packaged and then exposed via devShell/direnv
-> /shell.nix
- Allows SSH Access
- Enables the Hydra build server
- Enables the nix-serve-ng binary cache server
-> /system/services.nix
- HTTP entrypoint is an Nginx Reverse Proxy
- Automatic TLS provisioning via Let's Encrypt ACME
- Directly reference nix packages and configuration in Virtual Host definitions
-> /applcation/nginx.nix
- Monitoring stack consisting of Prometheus, Grafana, Loki, and Promtail
- Complete monitoring stack and connections are defined declaratively via Nix
-> /monitoring/*.nix
- podman & systemd container orchestration
- podman services are exposed only to localhost and are reverse proxied by Nginx
-> /application/containers.nix
- agenix for secrets encryption and management
-> /system/age.nix
## cheatsheet
### Enter the developer shell without cloning the repository:
```
$> nix develop git+https://git.eversole.co/James/eve-psr-nix0
$nix> # Success!
```
The rest of the cheatsheet assumes you have entered the developer shell or are using direnv:
```
$> git clone https://git.eversole.co/James/eve-psr-nix0
$> cd eve-psr-nix0
$> nix develop
$nix> # Success! Now we have our development dependencies.
````
### Use the developer shell alias to remotely build and deploy the configuration to eve-psr-nix0:
```
# This is it! Check the package definitions in /shell.nix for more details.
$nix> deploy
```
### Format .nix source files:
```
# This is it! Check the package definitions in /shell.nix for more details.
$nix> format
```
### Create a new agenix secret:
```
# Add a new key to the secrets.nix attribute set
$nix> $EDITOR secrets.nix
# Replace $SECRET_PATH with the actual 'secrets/$SECRET_NAME.age' path to edit the secrets file
$nix> agenix -e $SECRET_PATH
# Redeploy; the secret will now be available in /run/agenix/$SECRET_NAME on the target host
$nix> deploy
```
### Add a new agenix secret recipient:
```
# Add a named variable in the let binding; associate it in the "publicKeys" list of applicable secrets
$nix> #EDITOR secrets.nix
# Redeploy
$nix> deploy
```
## agenix
agenix ( https://github.com/ryantm/agenix ) is utilized by this project for
secret management, allowing us to include sensitive environment information
or other secrets that the deployment target may need. The files are included
directly in the nix store, but they are encrypted via/to ed25519 SSH keys
and are then decrypted on the target host.
## license and copyright
Copyright James Eversole
Refer to LICENSE file for ISC license details
Reference in New Issue View Git Blame Copy Permalink