1
0
Fork 0

update readme

This commit is contained in:
ibizaman 2023-04-04 00:04:04 -07:00
parent a0709dba1b
commit 986c4696e0
3 changed files with 27 additions and 8 deletions

View file

@ -8,6 +8,8 @@ promoting best practices to self-host a wide range of services. Also,
the design will be extendable to allow users to add services not the design will be extendable to allow users to add services not
provided by SHB. provided by SHB.
It's goal is to be to disnix what nixpkgs is to NixOS.
As far as features and best practices go, I intend to provide, for all As far as features and best practices go, I intend to provide, for all
services: services:
- Protection and single sign-on using [Keycloak](https://www.keycloak.org/), where sensible. - Protection and single sign-on using [Keycloak](https://www.keycloak.org/), where sensible.
@ -92,20 +94,31 @@ this. You can install on a could machine or a self-hosted server.
Second, you need a machine where Nix is installed, to drive the Second, you need a machine where Nix is installed, to drive the
deploy. It can be Nix or NixOS here. To install Nix, see the [official deploy. It can be Nix or NixOS here. To install Nix, see the [official
guide](https://nixos.org/download.html). guide](https://nixos.org/download.html). You'll then need to install
the following packages:
- `nixops_unstable`,
- `disnix`,
- `disnixos`,
- and `sops-nix` + `age` by following the [readme](https://github.com/Mic92/sops-nix).
Assuming this is done, you need to create a folder which will hold 3 files: Assuming this is done, you need to create a folder which will hold 3 files:
- `network.nix` explains how to provision each deploy _target_. For - One `network-<env>.nix` per environment - staging, prod - explains
example, you'd tell here which user or package should exist. That how to provision each deploy _target_. For example, you'd tell here
being said, the goal here is to keep this file minimal and instead which user or package should exist. That being said, the goal here
use the `service.nix`. is to keep this file minimal and instead use the `service.nix`.
- `services.nix` is used to install any service - a database, a - `services.nix` is used to install any service - a database, a
reverse proxy, an app, etc. The goal here is to make the install reverse proxy, an app, etc. The goal here is to make the install
procedure machine independent. procedure machine independent.
- `distribution.nix` is used to tell which service goes to which - `distribution.nix` is used to tell which service goes to which
deployment target. deployment target.
Please see the [integration tests](/tests/integration) for examples. You'll need to setup password store, following [this
tutorial](https://elvishjerricco.github.io/2018/06/24/secure-declarative-key-management.html).
Next, look at the [examples](/docs/examples) for inspiration.
Also, the [integration tests](/tests/integration) contain more
bite-sized examples.
## Advised Workflow ## Advised Workflow
@ -252,3 +265,5 @@ In rough order of highest to lowest priority.
- [ ] Use something else than `pass` to retrieve secrets. Or better, - [ ] Use something else than `pass` to retrieve secrets. Or better,
allow multiple options. allow multiple options.
- [ ] Explain how to setup secret keys. - [ ] Explain how to setup secret keys.
- [ ] Switch to using modules https://nixos.wiki/wiki/NixOS_modules
to setup configuration.

View file

@ -10,7 +10,7 @@ export DISNIXOS_USE_NIXOPS=1
nixops create ./network-prod.nix -d prod nixops create ./network-prod.nix -d prod
nixops deploy --option extra-builtins-file $(pwd)/pkgs/extra-builtins.nix nixops deploy --option extra-builtins-file $(pwd)/extra-builtins.nix
nixops reboot nixops reboot
disnixos-env -s services.nix -n network-prod.nix -d distribution.nix disnixos-env -s services.nix -n network-prod.nix -d distribution.nix

View file

@ -10,12 +10,16 @@ export DISNIXOS_USE_NIXOPS=1
nixops create ./network-virtualbox.nix -d vboxtest nixops create ./network-virtualbox.nix -d vboxtest
nixops deploy --option extra-builtins-file $(pwd)/pkgs/extra-builtins.nix nixops deploy --option extra-builtins-file $(pwd)/extra-builtins.nix
nixops reboot nixops reboot
disnixos-env -s services.nix -n network-virtualbox.nix -d distribution.nix disnixos-env -s services.nix -n network-virtualbox.nix -d distribution.nix
``` ```
For the `nixops deploy` step to start, you'll need to generate all
necessary passwords. The easiest is to try the command and see on what
password it fails, generating it then re-issuing the command.
It's okay if the `nixops deploy` command fails to activate the new It's okay if the `nixops deploy` command fails to activate the new
configuration on first run because of the `virtualbox.service`. If configuration on first run because of the `virtualbox.service`. If
that happens, continue with the `nixops reboot` command. The service that happens, continue with the `nixops reboot` command. The service