diff options
author | Alex Auvolat <alex@adnab.me> | 2021-12-30 21:23:24 +0100 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2021-12-30 21:23:24 +0100 |
commit | 1ade671f964516976151ab8b2e8dc6027aa9e73f (patch) | |
tree | f771a27cdf930bf8104eff1e63699438f4794bdf | |
parent | 6718d7f1da80fa6ed70d084a7c4df61a2b3187ed (diff) | |
download | nixcfg-1ade671f964516976151ab8b2e8dc6027aa9e73f.tar.gz nixcfg-1ade671f964516976151ab8b2e8dc6027aa9e73f.zip |
Add readme and cleanup a bit
-rw-r--r-- | README.md | 27 | ||||
-rw-r--r-- | tlsenv.sh (renamed from env.sh) | 0 | ||||
-rwxr-xr-x | tlsproxy.sh (renamed from sslproxy.sh) | 0 |
3 files changed, 27 insertions, 0 deletions
diff --git a/README.md b/README.md new file mode 100644 index 0000000..9204a23 --- /dev/null +++ b/README.md @@ -0,0 +1,27 @@ +# Deuxfleurs on NixOS! + +This repository contains code to run Deuxfleur's infrastructure on NixOS. + +It sets up the following: + +- A Wireguard mesh between all nodes +- Consul, with TLS +- Nomad, with TLS + +The following scripts are available here: + +- `genpki.sh`, a script to generate Consul and Nomad's TLS PKI (run this once only) +- `deploy.sh`, the main script that updates the NixOS config and sets up all of the TLS secrets +- `upgrade.sh`, a script to upgrade NixOS +- `tlsproxy.sh`, a script that allows non-TLS access to the TLS-secured Consul and Nomad, by running a simple local proxy with socat +- `tlsenv.sh`, a script to be sourced (`source tlsenv.sh`) that configures the correct environment variables to use the Nomad and Consul CLI tools with TLS + +Stuff should be started in this order: + +- `app/core` +- `app/frontend` +- `app/garage-staging` + +At this point, we are able to have a systemd service called `mountgarage` that mounts Garage buckets in `/mnt/garage-staging`. This is used by the following services that can be launched afterwards: + +- `app/im` diff --git a/sslproxy.sh b/tlsproxy.sh index aa0006a..aa0006a 100755 --- a/sslproxy.sh +++ b/tlsproxy.sh |