62 lines
1.4 KiB
Markdown
62 lines
1.4 KiB
Markdown
# NixOS Configurations
|
|
|
|
Flake-based NixOS configurations for zima, cryochamber, liminal, and ruil.
|
|
|
|
## Hosts
|
|
|
|
| Host | Description |
|
|
|------|-------------|
|
|
| zima | Local server (ZFS, impermanence) |
|
|
| cryochamber | zfs.rent server (impermanence) |
|
|
| liminal | Workstation (hardware-specific overlays) |
|
|
| ruil | Digital Ocean droplet (ams3) |
|
|
|
|
## Deploying
|
|
|
|
After changing a host's config, deploy with:
|
|
|
|
```sh
|
|
# Build and activate on the remote host
|
|
just deploy ruil root@ruil.hunnur.com
|
|
|
|
# Or build and activate locally via sudo
|
|
just deploy-sudo ruil
|
|
```
|
|
|
|
There's also a shortcut:
|
|
|
|
```sh
|
|
just deploy-ruil
|
|
```
|
|
|
|
For local hosts, just run:
|
|
|
|
```sh
|
|
sudo nixos-rebuild switch --flake .#zima
|
|
```
|
|
|
|
## Secrets (sops-nix)
|
|
|
|
Secrets are managed with [sops-nix](https://github.com/Mic92/sops-nix) using age keys. Each host's secrets live in `hosts/<name>/secrets/config.yaml`.
|
|
|
|
Host age keys are derived from SSH host keys:
|
|
|
|
```sh
|
|
ssh <host> 'cat /etc/ssh/ssh_host_ed25519_key.pub' | nix run 'nixpkgs#ssh-to-age'
|
|
```
|
|
|
|
To edit a host's secrets:
|
|
|
|
```sh
|
|
sops edit hosts/<name>/secrets/config.yaml
|
|
```
|
|
|
|
## Available Commands
|
|
|
|
| Command | Description |
|
|
|---------|-------------|
|
|
| `just deploy <host> <target>` | Build remotely and activate |
|
|
| `just deploy-sudo <host>` | Build locally and activate |
|
|
| `just deploy-ruil` | Deploy ruil (shortcut) |
|
|
| `just deploy-liminal` | Deploy liminal (shortcut) |
|
|
| `just update` | Update flake lock file |
|