Nix system configuration for Deuxfleurs clusters
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Alex 2d55b1dfcc updated garage and d53 on staging 6 days ago
cluster updated garage and d53 on staging 6 days ago
doc Fix doc, app/frontend has been merged in app/core 1 month ago
experimental staging: deploy things on bespin 4 weeks ago
nix Remove hardcoded years in deuxfleurs.nix 1 month ago
.gitignore Modularize and prepare to support multiple clusters 12 months ago reorganize some things 1 month ago
deploy_nixos cleanup 1 month ago
deploy_passwords cleanup 1 month ago
deploy_pki fix deploy_pki 1 month ago
gen_pki Fix access to consul for non-server nodes 5 months ago
passwd edited passwd command to set bash as interpreter 3 months ago
restic_summary cleanup 1 month ago
secretmgr Improve secretmgr more, update secrets for staging 1 month ago
sshtool reorganize some things 1 month ago
tlsproxy Remove hardcoded years in deuxfleurs.nix 1 month ago
upgrade_nixos Staging: ability to run Nix jobs using exec2 driver 2 months ago

Deuxfleurs on NixOS!

This repository contains code to run Deuxfleur's infrastructure on NixOS.

Our abstraction stack

We try to build a generic abstraction stack between our different resources (CPU, RAM, disk, etc.) and our services (Chat, Storage, etc.), we develop our own tools when needed.

Our first abstraction level is the NixOS level, which installs a bunch of standard components:

  • Wireguard: provides encrypted communication between remote nodes
  • Nomad: schedule containers and handle their lifecycle
  • Consul: distributed key value store + lock + service discovery
  • Docker: package, distribute and isolate applications

Then, inside our Nomad+Consul orchestrator, we deploy a number of base services:

  • Garage: S3-compatible lightweight object store for self-hosted geo-distributed deployments (we also have a legacy glusterfs cluster)
  • DiploNAT: network automation (firewalling, upnp igd)
  • Bottin: authentication and authorization (LDAP protocol, consul backend)
  • Guichet: a dashboard for our users and administrators
  • Stolon + PostgreSQL: distributed relational database
  • Prometheus + Grafana: monitoring

Some services we provide based on this abstraction:

  • Websites: Garage (static) + fediverse blog (Plume)
  • Chat: Synapse + Element Web (Matrix protocol)
  • Email: Postfix SMTP + Dovecot IMAP + opendkim DKIM + Sogo webmail | Alps webmail (experimental)
  • Visioconference: Jitsi
  • Collaboration: CryptPad

As a generic abstraction is provided, deploying new services should be easy.

How to use this?

See the following documentation topics: