Our servers are managed using the NixOS deployment tool Colmena. Secrets are encrypted using SOPS and age keys derived from SSH keys.
.
├── flake.lock
├── flake.nix
├── hive.nix # contains the definition of all our machines
├── hosts # contains our host-specific configuration (hostname, network, etc.)
├── profiles # contains our profiles that we apply on hosts
├── packages # contains our packages/overrides for existing ones
Currently you need to enable the experimental features "nix-command" and "flakes" in your nix daemon.
Then you can start a developer-shell using nix develop or use direnv to automatically drop into a developer shell when
entering the repository by running echo "use flake" > .envrc && direnv allow
Some Examples:
- Build all hosts:
colmena build - Build & deploy a specific host:
colmena apply --on hostname
Applied to all servers, configures basic settings like SSH auth, users, etc.
Configures IXP-Manager, a web frontend that allows peers to manage their peering port.