1
0
Fork 0
forked from pub-solar/infra

docs: init docs

This commit is contained in:
Benjamin Bädorf 2023-10-29 01:37:31 +02:00 committed by b12f
parent a601ae4606
commit 531c3554ef
Signed by: pub.solar gitea
GPG key ID: F0332B04B7054873
9 changed files with 49 additions and 0 deletions

11
README.md Normal file
View file

@ -0,0 +1,11 @@
# The pub.solar infrastructure
This repository contains all almost all of the configuration for the whole pub.solar infrastructure. Our goal is to have everything, from host configurations to Terraform DNS in this repository.
The architecture we are working towards is a vast simplification of what it was before: one dedicated Hetzner server running [NixOS](https://nixos.org/) with all services. Offsite backups go to several different locations with [restic](https://github.com/restic/restic).
## Contributing
If you'd like to contribute, it makes sense to talk to the crew on Matrix via [#hakken](https://matrix.to/#/#hakken:pub.solar?via=chat.pub.solar). We can help figuring out how things work and can make sure your ideas fit the pub.solar philosophy. Of course [popping a pull request](https://docs.gitea.com/next/usage/pull-request#creating-a-pull-request) is always celebrated.
To start, see [how to get a development shell](./docs/development-shell.md).

11
docs/deploying.md Normal file
View file

@ -0,0 +1,11 @@
# Deploying new versions
We use [deploy-rs](https://github.com/serokell/deploy-rs) to deploy changes. Currently this process is not automated, so configuration changes will have to be manually deployed.
To deploy, make sure you have a [working development shell](./development-shell.md). Then, run deploy-rs with the hostname of the server you want to deploy:
```
deploy '.#nachtigall'
```
You'll need to have SSH Access to the box to be able to do this.

11
docs/development-shell.md Normal file
View file

@ -0,0 +1,11 @@
# Getting a development shell
Clone this repository:
```
git clone gitea@git.pub.solar:pub-solar/infra.git
```
then, install [the package manager nix](https://nixos.org/download).
Finally, run `nix develop` in this repo. This will install a development shell that has all required tooling available.

1
docs/dns.md Normal file
View file

@ -0,0 +1 @@
# Changing DNS entries

5
docs/rescue.md Normal file
View file

@ -0,0 +1,5 @@
# Rescue and remote console
Rescue is enabled in the Hetzner interface. Check the shared keepass file for credentials.
The remote console can be requested with Hetzner support. See [the Hetzner docs](https://docs.hetzner.com/robot/dedicated-server/maintainance/kvm-console/) for more information.

View file

@ -0,0 +1,3 @@
# Reverting to an old version

1
docs/secrets.md Normal file
View file

@ -0,0 +1 @@
# Working with secrets

3
docs/ssh.md Normal file
View file

@ -0,0 +1,3 @@
# SSH Access
SSH Access is granted by adding a public key to [`public-keys/admins.nix`](../public-keys/admins.nix). This change will then have to be deployed to all hosts by an existing key. The keys will also grant access to the initrd SSH Server to enable remote unlock.

3
docs/unlocking-root.md Normal file
View file

@ -0,0 +1,3 @@
# Unlocking the root partition on boot
After a boot, the encrypted root partition will have to be unlocked. This is done by accessing the server via SSH on port 2222. After connecting, paste the crypt passphrase you can find in the shared keepass. This will disconnect the SSH session right away and the server will keep booting into stage 2.