This is Plover, a configuration meant to be used in a low-powered general-purpose machine.
It isn't much of an instance to be seriously used yet but hopefully it is getting there.
This configuration is expected to be deployed in a Google Compute instance.
It has a reasonable set of assumptions to keep in mind when modifying this configuration:
- Most of the defaults are left to the link:https://github.com/NixOS/nixpkgs/tree/f92201f46109aabbbf41b8dc24bb9d342eb93a35/nixos/modules/virtualisation[image profiles from nixpkgs] including networking options and filesystems.
* A DNS server with link:https://coredns.io/[CoreDNS] managed as a "hidden" authoritative server and as a local DNS server for easily accessing the services with domain names.
If you want to deploy it anywhere else, you have to keep some things in mind.
* This uses link:https://github.com/mozilla/sops[sops] and link:https://github.com/Mic92/sops-nix[sops-nix] to decrypt secrets.
It mainly use the private key to the link:./files/age-key.pub[`./files/age-key.pub`] and move it to the appropriate location (i.e., `/var/lib/sops-nix/key.txt`).
* Be sure to set the appropriate firewalls either in the NixOS configuration or in the VPS provider firewall settings.
Take note some formats such as Google Compute image disable them entirely so it's safer to leave the firewall service and just configure the allowed ports and other settings.
** For Vaultwarden, you have to go to the admin page of the Vaultwarden instance (i.e., `$VAULTWARDEN_INSTANCE/admin`), get the admin token to enter, and invite users from there.
** For Keycloak, you have to create the appropriate realms and users as follows from the link:https://www.keycloak.org/docs/20.0.2/server_admin/index.html[server administration guide].
Though, you can easily create one from the command-line interface with `kcadm.sh`.
** For Portunus, this is already taken care of with a seed file.
Still, test the logins as indicated from the seed file.
For more details, you can see the interfaces and their networking-related configuration in link:./modules/hardware/networks.nix[`./modules/hardware/networks.nix`].
Some documented guidelines to deploy this instance in Google Cloud Platform (GCP) so you won't have to re-read those documentation like a stuck rat the next time you visit them.
* A GCP Compute Instance image of the configuration is available to be stored at your storage buckets.
You can simply build it at `packages.plover-gce` and store it there.
+
You can take it further automating it by running link:../../scripts/generate-and-upload-gce-image[`../../scripts/generate-and-upload-gce-image`] which is just a modified version of the link:https://github.com/NixOS/nixpkgs/blob/ebdafd7244832f1f52cacd3eda39f2156988957e/nixos/maintainers/scripts/gce/create-gce.sh[`create-gce.sh` script from nixpkgs].
* If you already have access to at least one GCP KMS key, then skip this part.
Add a key to be used for deployment to wherever relevant file in the link:./secrets[secrets directory]. footnote:[Of course, you need previous keys which you're likely using the private age key for this system.]
For this, you'll have to create a GCP keyring on their key management system (KMS) and generate a key there.
* Enable link:https://cloud.google.com/compute/docs/oslogin/set-up-oslogin[OS Login] for your Compute Engine instance.
A deployment to Hetzner Cloud is composed of mainly three things:
- A server.
- A firewall.
- A private network.
First, we will set up the latter two before creating the server. footnote:[Though, it can be created in any order, it's just personal preferences at this point.]
Next up, the networking setup which is composed of a public IP used for accessing some services and a private network used to communicate inside of the network.
