Nix system configuration for Deuxfleurs clusters
cluster | ||
doc | ||
experimental | ||
nix | ||
secretmgr | ||
.gitignore | ||
deploy_nixos | ||
deploy_passwords | ||
deploy_pki | ||
gen_pki | ||
passwd | ||
README.md | ||
restic_summary | ||
ssh_known_hosts | ||
sshtool | ||
tlsproxy | ||
upgrade_nixos |
Deuxfleurs on NixOS!
This repository contains code to run Deuxfleur's infrastructure on NixOS.
It sets up the following:
- A Wireguard mesh between all nodes
- Consul, with TLS
- Nomad, with TLS
How to use this?
See the following documentation topics:
- Quick start and onboarding for new administrators
- How to add new nodes to a cluster (rapid overview)
- Architecture of this repo, how the scripts work
- List of TCP and UDP ports used by services
Additionnal documentation topics:
- Succint guide for NixOS installation with LUKX full disk encryption (we don't do that in practice on our servers)
- Example
hardware-config.nix
for a full disk encryption scenario - Why not Ansible?