blob: d99336294b0f87f024995b5de7d51bec7250d919 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
# Deuxfleurs on NixOS!
This repository contains code to run Deuxfleur's infrastructure on NixOS.
It sets up the following:
- A Wireguard mesh between all nodes
- Consul, with TLS
- Nomad, with TLS
The following scripts are available here:
- `deploy_nixos`, the main script that updates the NixOS config
- `genpki.sh`, a script to generate Consul and Nomad's TLS PKI (run this once only)
- `deploy_pki`, a script that sets up all of the TLS secrets
- `upgrade_nixos`, a script to upgrade NixOS
- `tlsproxy.sh`, a script that allows non-TLS access to the TLS-secured Consul and Nomad, by running a simple local proxy with socat
- `tlsenv.sh`, a script to be sourced (`source tlsenv.sh`) that configures the correct environment variables to use the Nomad and Consul CLI tools with TLS
Stuff should be started in this order:
- `app/core`
- `app/frontend`
- `app/garage-staging`
At this point, we are able to have a systemd service called `mountgarage` that mounts Garage buckets in `/mnt/garage-staging`. This is used by the following services that can be launched afterwards:
- `app/im`
|
