diff --git a/README.md b/README.md new file mode 100644 index 00000000..f0bc709f --- /dev/null +++ b/README.md @@ -0,0 +1,11 @@ +# The pub.solar infrastructure + +This repository contains all almost all of the configuration for the whole pub.solar infrastructure. Our goal is to have everything, from host configurations to Terraform DNS in this repository. + +The architecture we are working towards is a vast simplification of what it was before: one dedicated Hetzner server running [NixOS](https://nixos.org/) with all services. Offsite backups go to several different locations with [restic](https://github.com/restic/restic). + +## Contributing + +If you'd like to contribute, it makes sense to talk to the crew on Matrix via [#hakken](https://matrix.to/#/#hakken:pub.solar?via=chat.pub.solar). We can help figuring out how things work and can make sure your ideas fit the pub.solar philosophy. Of course [popping a pull request](https://docs.gitea.com/next/usage/pull-request#creating-a-pull-request) is always celebrated. + +To start, see [how to get a development shell](./docs/development-shell.md). diff --git a/docs/deploying.md b/docs/deploying.md new file mode 100644 index 00000000..010192ac --- /dev/null +++ b/docs/deploying.md @@ -0,0 +1,11 @@ +# Deploying new versions + +We use [deploy-rs](https://github.com/serokell/deploy-rs) to deploy changes. Currently this process is not automated, so configuration changes will have to be manually deployed. + +To deploy, make sure you have a [working development shell](./development-shell.md). Then, run deploy-rs with the hostname of the server you want to deploy: + +``` +deploy '.#nachtigall' +``` + +You'll need to have SSH Access to the box to be able to do this. diff --git a/docs/development-shell.md b/docs/development-shell.md new file mode 100644 index 00000000..eaeb84f9 --- /dev/null +++ b/docs/development-shell.md @@ -0,0 +1,11 @@ +# Getting a development shell + +Clone this repository: + +``` +git clone gitea@git.pub.solar:pub-solar/infra.git +``` + +then, install [the package manager nix](https://nixos.org/download). + +Finally, run `nix develop` in this repo. This will install a development shell that has all required tooling available. diff --git a/docs/dns.md b/docs/dns.md new file mode 100644 index 00000000..0360774c --- /dev/null +++ b/docs/dns.md @@ -0,0 +1 @@ +# Changing DNS entries diff --git a/docs/rescue.md b/docs/rescue.md new file mode 100644 index 00000000..234b679f --- /dev/null +++ b/docs/rescue.md @@ -0,0 +1,5 @@ +# Rescue and remote console + +Rescue is enabled in the Hetzner interface. Check the shared keepass file for credentials. + +The remote console can be requested with Hetzner support. See [the Hetzner docs](https://docs.hetzner.com/robot/dedicated-server/maintainance/kvm-console/) for more information. diff --git a/docs/reverting-version.md b/docs/reverting-version.md new file mode 100644 index 00000000..83c4ebe2 --- /dev/null +++ b/docs/reverting-version.md @@ -0,0 +1,3 @@ +# Reverting to an old version + + diff --git a/docs/secrets.md b/docs/secrets.md new file mode 100644 index 00000000..de9b536a --- /dev/null +++ b/docs/secrets.md @@ -0,0 +1 @@ +# Working with secrets diff --git a/docs/ssh.md b/docs/ssh.md new file mode 100644 index 00000000..3ab2011c --- /dev/null +++ b/docs/ssh.md @@ -0,0 +1,3 @@ +# SSH Access + +SSH Access is granted by adding a public key to [`public-keys/admins.nix`](../public-keys/admins.nix). This change will then have to be deployed to all hosts by an existing key. The keys will also grant access to the initrd SSH Server to enable remote unlock. diff --git a/docs/unlocking-root.md b/docs/unlocking-root.md new file mode 100644 index 00000000..8832b93c --- /dev/null +++ b/docs/unlocking-root.md @@ -0,0 +1,3 @@ +# Unlocking the root partition on boot + +After a boot, the encrypted root partition will have to be unlocked. This is done by accessing the server via SSH on port 2222. After connecting, paste the crypt passphrase you can find in the shared keepass. This will disconnect the SSH session right away and the server will keep booting into stage 2.