forked from Deuxfleurs/nixcfg
Add readme and cleanup a bit
This commit is contained in:
parent
6718d7f1da
commit
1ade671f96
3 changed files with 27 additions and 0 deletions
27
README.md
Normal file
27
README.md
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
# Deuxfleurs on NixOS!
|
||||||
|
|
||||||
|
This repository contains code to run Deuxfleur's infrastructure on NixOS.
|
||||||
|
|
||||||
|
It sets up the following:
|
||||||
|
|
||||||
|
- A Wireguard mesh between all nodes
|
||||||
|
- Consul, with TLS
|
||||||
|
- Nomad, with TLS
|
||||||
|
|
||||||
|
The following scripts are available here:
|
||||||
|
|
||||||
|
- `genpki.sh`, a script to generate Consul and Nomad's TLS PKI (run this once only)
|
||||||
|
- `deploy.sh`, the main script that updates the NixOS config and sets up all of the TLS secrets
|
||||||
|
- `upgrade.sh`, a script to upgrade NixOS
|
||||||
|
- `tlsproxy.sh`, a script that allows non-TLS access to the TLS-secured Consul and Nomad, by running a simple local proxy with socat
|
||||||
|
- `tlsenv.sh`, a script to be sourced (`source tlsenv.sh`) that configures the correct environment variables to use the Nomad and Consul CLI tools with TLS
|
||||||
|
|
||||||
|
Stuff should be started in this order:
|
||||||
|
|
||||||
|
- `app/core`
|
||||||
|
- `app/frontend`
|
||||||
|
- `app/garage-staging`
|
||||||
|
|
||||||
|
At this point, we are able to have a systemd service called `mountgarage` that mounts Garage buckets in `/mnt/garage-staging`. This is used by the following services that can be launched afterwards:
|
||||||
|
|
||||||
|
- `app/im`
|
Loading…
Reference in a new issue