Skip to content
Snippets Groups Projects
Select Git revision
  • ee5ecdc791adc3be516b91e89f66819e241ed3d4
  • main default protected
  • ci-tests
  • renovate/minio-3.x
  • set-secret-detection-config-1
5 results

nixos-ng

Cobalt's avatar
boron: fix ipv6 config
Cobalt authored
ee5ecdc7
History
Cobalt's avatar ee5ecdc7
History
Name Last commit Last update
.gitlab
ansible
hosts
keys
modules
pkgs
secrets
terraform
.envrc
.gitignore
.gitlab-ci.yml
.sops.yaml
LICENSE
README.md
flake.lock
flake.nix
inventory.nix
README.md

NixOS configurations

The new, main repository for the NixOS servers and machines involved in cobalt.rocks and arasaka.io.

Machines

Servers

  • cobalt.rocks: Stable(-ish) servers for daily business
    • helium: Debian 11 VM for small CI Jobs, GitLab pages and colo-like functions. This VM is loaned by Snafu (Thank you).
    • lithium: Debian 11 VM on hcloud. Slated for removal
  • arasaka.io: Homelab
    • argon: NixOS host, Proxmox LXC container on sodium, GitLab runner and distributed builder
    • boron: NixOS host on hcloud, will be the successor for lithium
    • carbon: NixOS host, a n100 based NAS/server system. Handles most core services
    • chlorine: NixOS host, Proxmox LXC container on nitrogen, LanguageTool host
    • citadel: NixOS host, Lenovo ThinkCentre M715q Gen 2, host for secrets, LUKS + ZFS on root with remote unlock
    • neon: NixOS host, Proxmox LXC container on nitrogen, GitLab runner and distributed builder
    • nitrogen: Proxmox hypervisor, Lenovo ThinkCentre M715q Gen 2
    • oxygen: Debian LXC for GitLab
    • phosphorus: NixOS host, Proxmox LXC container on nitrogen, NetBox host
    • sodium: Proxmox hypervisor, Lenovo ThinkCentre M715q Gen 2
    • sulfur: NixOS host, Proxmox LXC container on nitrogen, JupyterHub host
    • scandium: NixOS host, Proxmox LXC container on sodium, Home Assistant host
    • calcium: NixOS host, Proxmox LXC container on sodium, plane.so host
    • silicon: NixOS host, Proxmox LXC container on sodium, reserved empty host
    • titanium: NixOS host, Proxmox LXC container on sodium, host for IWL and DCN course work
    • tsukikage-1: OpnSense Router for VMs on nitrogen
    • tsukikage-2: OpnSense Router for VMs on sodium

Laptops

  • rw: Personal laptop with NixOS (Lenovo ThinkPad E14 Gen 3)

Code structure

  • flake.nix: Main flake that configures all systems handled deployment with deploy-rs
  • hosts/: host specific configurations, pulled in by flake.nix
  • modules/: NixOS modules for reusable configuration options
    • backups/: Shared borgmatic configuration
    • wg.nix: Shared wireguard network configuration, based on systemd-networkd
    • grafana-matrix-forwarder.nix: Module for Grafana to Matrix Forwarder
    • networking.nix: common network settings -- DNS, TZ, ...
    • server-mixin.nix: Mixin for common server settings and derived from this:
      • server-mixin.nix: Mixin for common proxmox LXC settings
      • home-mixin.nix: Mixin for common server settings @ home
    • nix.nix: Nix with flakes
    • laptop/: Mixin for common laptop settings
    • shell.nix: Usable shell with git, zsh and neovim
    • users.nix: Add cobalt and root user with sops-based credentials
    • bare-metal.nix:
    • home-manager/: shared options home-manager to configure rw to my liking
    • vector.nix: Vector setup for log/metrics forwarding to central mimir/loki
    • prometheus/: Setup for Prometheus + exporters
    • vms/syslog: syslog-ng with forwarding to central loki
    • postgres.nix: PostgreSQL module with backup integration
    • nebula.nix: Shared nebula configuration
    • pical.nix: Unfinished module for pical
  • terraform/: Terraform configuration for arasaka.io DNS entries (cloudflare based)
  • pkgs/: Custom NixOS derivations

Server Handling

Servers are centrally managed and deployed to with deploy-rs while Laptops are managed locally over nixos-rebuild.