Merge pull request 'docs: init docs' (#28) from docs/init-docs into main
Reviewed-on: pub-solar/infra-new#28 Reviewed-by: teutat3s <teutates@mailbox.org>
This commit is contained in:
commit
b61eb12325
11
README.md
Normal file
11
README.md
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
# The pub.solar infrastructure
|
||||||
|
|
||||||
|
This repository contains all almost all of the configuration for the whole pub.solar infrastructure. Our goal is to have everything, from host configurations to Terraform DNS in this repository.
|
||||||
|
|
||||||
|
The architecture we are working towards is a vast simplification of what it was before: one dedicated Hetzner server running [NixOS](https://nixos.org/) with all services. Offsite backups go to several different locations with [restic](https://github.com/restic/restic).
|
||||||
|
|
||||||
|
## Contributing
|
||||||
|
|
||||||
|
If you'd like to contribute, it makes sense to talk to the crew on Matrix via [#hakken](https://matrix.to/#/#hakken:pub.solar?via=chat.pub.solar). We can help figuring out how things work and can make sure your ideas fit the pub.solar philosophy. Of course [popping a pull request](https://docs.gitea.com/next/usage/pull-request#creating-a-pull-request) is always celebrated.
|
||||||
|
|
||||||
|
To start, see [how to get a development shell](./docs/development-shell.md).
|
11
docs/deploying.md
Normal file
11
docs/deploying.md
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
# Deploying new versions
|
||||||
|
|
||||||
|
We use [deploy-rs](https://github.com/serokell/deploy-rs) to deploy changes. Currently this process is not automated, so configuration changes will have to be manually deployed.
|
||||||
|
|
||||||
|
To deploy, make sure you have a [working development shell](./development-shell.md). Then, run deploy-rs with the hostname of the server you want to deploy:
|
||||||
|
|
||||||
|
```
|
||||||
|
deploy '.#nachtigall'
|
||||||
|
```
|
||||||
|
|
||||||
|
You'll need to have SSH Access to the box to be able to do this.
|
11
docs/development-shell.md
Normal file
11
docs/development-shell.md
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
# Getting a development shell
|
||||||
|
|
||||||
|
Clone this repository:
|
||||||
|
|
||||||
|
```
|
||||||
|
git clone gitea@git.pub.solar:pub-solar/infra.git
|
||||||
|
```
|
||||||
|
|
||||||
|
then, install [the package manager nix](https://nixos.org/download).
|
||||||
|
|
||||||
|
Finally, run `nix develop` in this repo. This will install a development shell that has all required tooling available.
|
1
docs/dns.md
Normal file
1
docs/dns.md
Normal file
|
@ -0,0 +1 @@
|
||||||
|
# Changing DNS entries
|
5
docs/rescue.md
Normal file
5
docs/rescue.md
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
# Rescue and remote console
|
||||||
|
|
||||||
|
Rescue is enabled in the Hetzner interface. Check the shared keepass file for credentials.
|
||||||
|
|
||||||
|
The remote console can be requested with Hetzner support. See [the Hetzner docs](https://docs.hetzner.com/robot/dedicated-server/maintainance/kvm-console/) for more information.
|
3
docs/reverting-version.md
Normal file
3
docs/reverting-version.md
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
# Reverting to an old version
|
||||||
|
|
||||||
|
|
1
docs/secrets.md
Normal file
1
docs/secrets.md
Normal file
|
@ -0,0 +1 @@
|
||||||
|
# Working with secrets
|
3
docs/ssh.md
Normal file
3
docs/ssh.md
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
# SSH Access
|
||||||
|
|
||||||
|
SSH Access is granted by adding a public key to [`public-keys/admins.nix`](../public-keys/admins.nix). This change will then have to be deployed to all hosts by an existing key. The keys will also grant access to the initrd SSH Server to enable remote unlock.
|
3
docs/unlocking-root.md
Normal file
3
docs/unlocking-root.md
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
# Unlocking the root partition on boot
|
||||||
|
|
||||||
|
After a boot, the encrypted root partition will have to be unlocked. This is done by accessing the server via SSH on port 2222. After connecting, paste the crypt passphrase you can find in the shared keepass. This will disconnect the SSH session right away and the server will keep booting into stage 2.
|
Loading…
Reference in a new issue