configurations of hq services
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Emery Hemingway a3db001870 hosts/containers/dhcp: make dhcp server authoritative 1 week ago
ansible update filebeat 9 months ago
hosts hosts/containers/dhcp: make dhcp server authoritative 1 week ago
kubernetes update deployer 1 year ago
lib server7: move yggaddr.nix out to shared lib/ directory 3 weeks ago
secrets @ bd190b8b1f hosts/containers/dhcp: make dhcp server authoritative 1 week ago
.gitignore Add "result" to .gitignore 7 months ago
.gitmodules Replace yggdrasil submodule with an input 8 months ago Add Laptops / Desktops to README 6 months ago
flake.lock Update flake 2 months ago
flake.nix Consolidate yggdrasil to c3d2.hq.yggdrasil.enableGateway 2 months ago
host-registry.nix server7: Move hydra proxy to a container 2 months ago
hq.nixops hq.nixops: update public-access-proxy address 1 month ago pulsebert: add home-manager home.nix 1 year ago
krops.nix pulsebert: deploy with krops 3 weeks ago add 1 year ago


Beide failen bei Activation des neuen Profils. (TODO)

Mit NixOps

The official way for deployment is through

Deploy changes

Use deployer system:

ssh k-ot@
cd nix-config/
nixops deploy -d hq --check --include=[hostname]

Creating new Container

This does not work yet, as the nixos-system-x86_64-linux.tar.xz image is broken.

  1. log into any proxmox server
  2. pct create [num] cephfs-iso:vztmpl/nixos-system-x86_64-linux.tar.xz -ostype unmanaged -net0 name=eth0,bridge=vmbr0,tag=[vlantag] -storage vms -hostname [hostname]
  3. adjustments through ui if necessary
  4. Adjust hq.nixops, add [hostname]
  5. Run shell ssh k-ot@ cd nix-config/ nixops deploy -d hq --check --include=[hostname]

Mit nixos-switch rebuild

nixos-rebuild switch -I nixos-config=./hosts/containers/$HOST/configuration.nix --target-host "root@$"


Add your gpg-id to the .gpg-id file in secrets and let somebody reencrypt it for you. Maybe this works for you, maybe not. I did it somehow:

PASSWORD_STORE_DIR=`pwd` tr '\n' ' ' < .gpg-id | xargs -I{} pass init {}

Your gpg key has to have the Authenticate flag set. If not update it and push it to a keyserver and wait. This is necessary, so you can login to any machine with your gpg key.

Laptops / Desktops

This repository contains a NixOS module that can be used with personal machines as well. This module appends /etc/ssh/ssh_known_hosts with the host keys of registered HQ hosts, and optionally appends /etc/hosts with static IPv6 addresses local to HQ. Simply import the lib directory to use the module. As an example:

# /etc/nixos/configuration.nix
{ config, pkgs, lib, ... }:
  c3d2Config =
    builtins.fetchGit { url = ""; };
in {
  imports = [
    # ...

  c3d2 = {
    isInHq = false; # not in HQ, this is the default.
    mapHqHosts = true; # Make entries in /etc/hosts for *.hq internal addresses.
    enableMotd = true; # Set the login shell message to the <<</>> logo.

  # ...