From 00f5c34a929cad0581ab38def0c2459c7a00f324 Mon Sep 17 00:00:00 2001 From: Gabriel Arazas Date: Tue, 17 Jan 2023 16:32:56 +0800 Subject: [PATCH] docs: update the READMEs --- README.adoc | 5 ++--- hosts/plover/README.adoc | 9 +++++++-- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/README.adoc b/README.adoc index f99dd8d1..595fa0be 100644 --- a/README.adoc +++ b/README.adoc @@ -138,7 +138,7 @@ There's no use for anyone else, really. :( === What should not be here? Despite being a NixOS configuration, this is not meant to be fully reproducible by anyone. -There are still some things that would need to be privately held such as the following list of things not visible here. +There are still some things that would need to be privately held as indicated by the following list. - Associated private keys: GPG, SSH, age, you name it. They are used with a secret management tool (see <> for more information) to encrypt the more sensitive parts of the system such as credentials and environment files. @@ -150,8 +150,7 @@ Though the unreproducible part is only like 10% of the whole configuration, it c Keep in mind, it comes with a few restrictions due to the lack of the appropriate credentials. - Certain tasks will not start. -Most of the project tasks found in this repo requires the associated private key with the task which are not found in this repo. -This is locked behind a secrets management tool. +Most of the project tasks found in this repo requires the associated private key with the task. An example would be the link:./modules/nixos/tasks/backup-archive[Borg backup task] where it needs several files and credentials locked from the secrets management tool. - Certain components will be missing. diff --git a/hosts/plover/README.adoc b/hosts/plover/README.adoc index 8292571f..7af71751 100644 --- a/hosts/plover/README.adoc +++ b/hosts/plover/README.adoc @@ -10,7 +10,10 @@ This configuration is expected to be deployed in a Google Compute instance. It has a reasonable set of assumptions to keep in mind when modifying this configuration: - Most of the defaults are left to the link:https://github.com/NixOS/nixpkgs/tree/f92201f46109aabbbf41b8dc24bb9d342eb93a35/nixos/modules/virtualisation[image profiles from nixpkgs] including networking options and filesystems. +Though, they should be handled on link:./modules/hardware[`./modules/hardware`]. + - No additional storage drives. + - At least 32 GB of space is assumed. Some of the self-hosted services from this server: @@ -19,6 +22,7 @@ Some of the self-hosted services from this server: * A link:https://github.com/dani-garcia/vaultwarden[Vaultwarden] instance for a little password management. * A link:https://gitea.io/[Gitea] instance for my personal projects. * A link:https://www.keycloak.org/[Keycloak] instance for identity management. +* A VPN tunnel with link:https://www.wireguard.com/[Wireguard]. * An LDAP server with link:https://www.openldap.org/[OpenLDAP]. @@ -123,7 +127,7 @@ hcloud firewall add-rule plover-firewall --direction in --protocol tcp --port 63 ---- Next up, the networking setup which is composed of a public IP used for accessing some services and a private network used to communicate inside of the network. -However, the main reason we have a private network is to setup a VPN service. +However, the main reason we have a private network is to setup a VPN service to hide some of the more sensitive services. You can create one from Hetzner Cloud web UI. If you want to create with `hcloud`, however... @@ -131,6 +135,7 @@ If you want to create with `hcloud`, however... [source, shell] ---- hcloud network create --name plover-local --ip-range 172.16.0.0/12 +hcloud network create --name wide-wide-wan --ip-range 10.0.0.0/8 ---- To deploy this to Hetzner Cloud, just initialize a server and run link:https://github.com/elitak/nixos-infect/[nixos-infect] script. @@ -149,7 +154,7 @@ You could also easily create a server with `hcloud` with the following command: [source, shell] ---- hcloud server create --location hel1 --type cx21 --image ubuntu-22.04 \ - --firewall plover-firewall --network plover-local \ + --firewall plover-firewall --network plover-local --network wide-wide-wan \ --user-data-from-file ./files/hcloud/hcloud-user-data.yml \ --ssh-key foodogsquared@foodogsquared.one \ --name nixos-plover