nixcfg/README.md

# Deuxfleurs on NixOS!

This repository contains code to run Deuxfleur's infrastructure on NixOS.

It sets up the following:

- A Wireguard mesh between all nodes
- Consul, with TLS
- Nomad, with TLS

The following scripts are available here:

- `deploy_nixos`, the main script that updates the NixOS config
- `genpki.sh`, a script to generate Consul and Nomad's TLS PKI (run this once only)
- `deploy_pki`, a script that sets up all of the TLS secrets
- `upgrade_nixos`, a script to upgrade NixOS
- `tlsproxy.sh`, a script that allows non-TLS access to the TLS-secured Consul and Nomad, by running a simple local proxy with socat
- `tlsenv.sh`, a script to be sourced (`source tlsenv.sh`) that configures the correct environment variables to use the Nomad and Consul CLI tools with TLS

Stuff should be started in this order:

- `app/core`
- `app/frontend`
- `app/garage-staging`

At this point, we are able to have a systemd service called `mountgarage` that mounts Garage buckets in `/mnt/garage-staging`. This is used by the following services that can be launched afterwards:

- `app/im`
Add readme and cleanup a bit 2021-12-30 20:23:24 +00:00			`# Deuxfleurs on NixOS!`

			`This repository contains code to run Deuxfleur's infrastructure on NixOS.`

			`It sets up the following:`

			`- A Wireguard mesh between all nodes`
			`- Consul, with TLS`
			`- Nomad, with TLS`

			`The following scripts are available here:`

Refactor deployment scripts 2022-04-20 11:01:51 +00:00			- `deploy_nixos`, the main script that updates the NixOS config
Add readme and cleanup a bit 2021-12-30 20:23:24 +00:00			- `genpki.sh`, a script to generate Consul and Nomad's TLS PKI (run this once only)
Refactor deployment scripts 2022-04-20 11:01:51 +00:00			- `deploy_pki`, a script that sets up all of the TLS secrets
			- `upgrade_nixos`, a script to upgrade NixOS
Add readme and cleanup a bit 2021-12-30 20:23:24 +00:00			- `tlsproxy.sh`, a script that allows non-TLS access to the TLS-secured Consul and Nomad, by running a simple local proxy with socat
			- `tlsenv.sh`, a script to be sourced (`source tlsenv.sh`) that configures the correct environment variables to use the Nomad and Consul CLI tools with TLS

			`Stuff should be started in this order:`

			- `app/core`
			- `app/frontend`
			- `app/garage-staging`

			At this point, we are able to have a systemd service called `mountgarage` that mounts Garage buckets in `/mnt/garage-staging`. This is used by the following services that can be launched afterwards:

			- `app/im`