aboutsummaryrefslogblamecommitdiff
path: root/README.md
blob: 9204a236e2427b52a441d27e5a0cdd62c552697d (plain) (tree) 
1ade671



























1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27



























                                                                                                                                                                                                      
# Deuxfleurs on NixOS!

This repository contains code to run Deuxfleur's infrastructure on NixOS.

It sets up the following:

- A Wireguard mesh between all nodes
- Consul, with TLS
- Nomad, with TLS

The following scripts are available here:

- `genpki.sh`, a script to generate Consul and Nomad's TLS PKI (run this once only)
- `deploy.sh`, the main script that updates the NixOS config and sets up all of the TLS secrets
- `upgrade.sh`, a script to upgrade NixOS
- `tlsproxy.sh`, a script that allows non-TLS access to the TLS-secured Consul and Nomad, by running a simple local proxy with socat
- `tlsenv.sh`, a script to be sourced (`source tlsenv.sh`) that configures the correct environment variables to use the Nomad and Consul CLI tools with TLS

Stuff should be started in this order:

- `app/core`
- `app/frontend`
- `app/garage-staging`

At this point, we are able to have a systemd service called `mountgarage` that mounts Garage buckets in `/mnt/garage-staging`. This is used by the following services that can be launched afterwards:

- `app/im`
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-20 14:51:54 +0000