aboutsummaryrefslogtreecommitdiff
path: root/README.md
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2021-12-30 21:23:24 +0100
committerAlex Auvolat <alex@adnab.me>2021-12-30 21:23:24 +0100
commit1ade671f964516976151ab8b2e8dc6027aa9e73f (patch)
treef771a27cdf930bf8104eff1e63699438f4794bdf /README.md
parent6718d7f1da80fa6ed70d084a7c4df61a2b3187ed (diff)
downloadnixcfg-1ade671f964516976151ab8b2e8dc6027aa9e73f.tar.gz
nixcfg-1ade671f964516976151ab8b2e8dc6027aa9e73f.zip
Add readme and cleanup a bit
Diffstat (limited to 'README.md')
-rw-r--r--README.md27
1 files changed, 27 insertions, 0 deletions
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..9204a23
--- /dev/null
+++ b/README.md
@@ -0,0 +1,27 @@
+# Deuxfleurs on NixOS!
+
+This repository contains code to run Deuxfleur's infrastructure on NixOS.
+
+It sets up the following:
+
+- A Wireguard mesh between all nodes
+- Consul, with TLS
+- Nomad, with TLS
+
+The following scripts are available here:
+
+- `genpki.sh`, a script to generate Consul and Nomad's TLS PKI (run this once only)
+- `deploy.sh`, the main script that updates the NixOS config and sets up all of the TLS secrets
+- `upgrade.sh`, a script to upgrade NixOS
+- `tlsproxy.sh`, a script that allows non-TLS access to the TLS-secured Consul and Nomad, by running a simple local proxy with socat
+- `tlsenv.sh`, a script to be sourced (`source tlsenv.sh`) that configures the correct environment variables to use the Nomad and Consul CLI tools with TLS
+
+Stuff should be started in this order:
+
+- `app/core`
+- `app/frontend`
+- `app/garage-staging`
+
+At this point, we are able to have a systemd service called `mountgarage` that mounts Garage buckets in `/mnt/garage-staging`. This is used by the following services that can be launched afterwards:
+
+- `app/im`