# Deuxfleurs on NixOS!

This repository contains code to run Deuxfleur's infrastructure on NixOS.

It sets up the following:

- A Wireguard mesh between all nodes
- Consul, with TLS
- Nomad, with TLS

The following scripts are available here:

- `genpki.sh`, a script to generate Consul and Nomad's TLS PKI (run this once only)
- `deploy.sh`, the main script that updates the NixOS config and sets up all of the TLS secrets
- `upgrade.sh`, a script to upgrade NixOS
- `tlsproxy.sh`, a script that allows non-TLS access to the TLS-secured Consul and Nomad, by running a simple local proxy with socat
- `tlsenv.sh`, a script to be sourced (`source tlsenv.sh`) that configures the correct environment variables to use the Nomad and Consul CLI tools with TLS

Stuff should be started in this order:

- `app/core`
- `app/frontend`
- `app/garage-staging`

At this point, we are able to have a systemd service called `mountgarage` that mounts Garage buckets in `/mnt/garage-staging`. This is used by the following services that can be launched afterwards:

- `app/im`