foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-01-31 16:57:55 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
e3e401f939
nixos-config/hosts/plover
History
Gabriel Arazas e3e401f939 Revert "hosts/plover: add headless profile from nixpkgs" 
This reverts commit 6300aa7275.
2022-12-03 15:46:22 +08:00
..
files config: restructure user and host files 2022-12-03 15:24:22 +08:00
secrets hosts/plover: remove GCP KMS key for secrets 2022-12-03 15:24:22 +08:00
default.nix Revert "hosts/plover: add headless profile from nixpkgs" 2022-12-03 15:46:22 +08:00
hardware-configuration.nix hosts/ni: update config 2022-11-25 21:27:25 +08:00
README.adoc docs: update 2022-11-29 15:58:33 +08:00

README.adoc

This is Plover, a configuration meant to be used in a low-powered general-purpose machine. It isnt much of an instance to be seriously used yet but hopefully it is getting there.

This configuration is expected to be deployed in a Google Compute instance.

It has a reasonable set of assumptions to keep in mind when modifying this configuration:

  • Most of the defaults are left to the image profiles from nixpkgs including networking options and filesystems.

  • No additional storage drives.

  • At least 32 GB of space is assumed.

Some of the self-hosted services from this server:

  • An nginx server which will make tie all of the self-hosted services together.

  • A Vaultwarden instance for a little password management.

  • A Gitea instance for my personal projects.

Deploying it as a Google Compute instance

Some documented guidelines to deploy this instance in Google Cloud Platform (GCP) so you wont have to re-read those documentation like a stuck rat the next time you visit them.

  • A GCP Compute Instance image of the configuration is available to be stored at your storage buckets. You can simply build it at packages.plover-gce and store it there.

    You can take it further automating it by running ../../scripts/generate-and-upload-gce-image which is just a modified version of the create-gce.sh script from nixpkgs.

  • If you already have access to at least one GCP KMS key, then skip this part. Add a key to be used for deployment to wherever relevant file in the secrets directory. [1] For this, youll have to create a GCP keyring on their key management system (KMS) and generate a key there.

  • Enable OS Login for your Compute Engine instance.

  • Dont forget to set the appropriate scopes for the instance. For example, since were using a GCP KMS key, we may want to set the scope only to KMS API like in the following command.

    gcloud compute instances create "instance-1" \
    --zone "us-east1-b" \
    --scopes "https://www.googleapis.com/auth/cloudkms"

  • Reserve a static IP address, pls. Just dont forget to immediately assign it to the instance since it will charge higher if you just leave it alone.

  • Creating a dedicated service account for the VM is recommended. Just make sure to set the least amount of privileges for that account.

1. Of course, you need previous keys which youre likely using the private age key for this system.