Go to file
Emery Hemingway 2dc2c77dd8 Add "result" to .gitignore 2019-11-29 14:21:52 +01:00
ansible update filebeat 2019-09-27 11:07:42 +02:00
hosts Fix evaluation error on hydra ygg keys 2019-11-28 22:23:11 +01:00
kubernetes update deployer 2019-07-03 20:16:11 +02:00
lib Add emery shell to hydra 2019-11-22 22:09:18 +01:00
secrets@812dec2ee9 Merge common.nix and c3d2.nix to hq.nix 2019-11-09 13:59:47 +01:00
.gitignore Add "result" to .gitignore 2019-11-29 14:21:52 +01:00
.gitmodules Replace yggdrasil submodule with an input 2019-11-09 16:52:22 +01:00
README.md activate central logging 2019-07-04 04:23:39 +02:00
hq.nixops hq.nixops: declaring inputs is actually unsupported 2019-11-02 22:08:04 +01:00
install-host.sh pulsebert: add home-manager home.nix 2019-02-19 23:30:27 +01:00
nix-maintenance.sh add nix-maintenance.sh 2019-02-18 19:56:44 +01:00



Beide failen bei Activation des neuen Profils. (TODO)

Mit NixOps

The official way for deployment is through deployer.serv.zentralwerk.org

Deploy changes

Use deployer system:

ssh k-ot@
cd nix-config/
nixops deploy -d hq --check --include=[hostname]

Creating new Container

This does not work yet, as the nixos-system-x86_64-linux.tar.xz image is broken.

  1. log into any proxmox server
  2. pct create [num] cephfs-iso:vztmpl/nixos-system-x86_64-linux.tar.xz -ostype unmanaged -net0 name=eth0,bridge=vmbr0,tag=[vlantag] -storage vms -hostname [hostname]
  3. adjustments through ui if necessary
  4. Adjust hq.nixops, add [hostname]
  5. Run
    ssh k-ot@
    cd nix-config/
    nixops deploy -d hq --check --include=[hostname]

Mit nixos-switch rebuild

nixos-rebuild switch -I nixos-config=./hosts/containers/$HOST/configuration.nix --target-host "root@$HOST.hq.c3d2.de"


Add your gpg-id to the .gpg-id file in secrets and let somebody reencrypt it for you. Maybe this works for you, maybe not. I did it somehow: ```PASSWORD_STORE_DIR=pwd tr '\n' ' ' < .gpg-id | xargs -I{} pass init {}````

Your gpg key has to have the Authenticate flag set. If not update it and push it to a keyserver and wait. This is necessary, so you can login to any machine with your gpg key.