No description
| modules | ||
| secrets | ||
| .gitignore | ||
| configuration.nix | ||
| disk-config.nix | ||
| flake.lock | ||
| flake.nix | ||
| README.md | ||
extremist software
nixos config for the hetzner vps.
services:
- forgejo (git.extremist.software)
- stalwart (mail.extremist.software)
- searxng (search.extremist.software)
- conduit (matrix.extremist.software)
- caddy (reverse proxy)
- grafana/prometheus (status.extremist.software)
Deployment
This repository uses untracked secrets, so you must build the system locally before deploying.
1. Setup Secrets
cp secrets/secrets.nix.example secrets/secrets.nix- Fill in the values (generate random keys, etc).
tailscaleKeymust be a Reusable key from the Tailscale admin console.
2. Initial Install (Wite & Install)
Run this command to build and deploy. Warning: Wipes the server disk.
# Replace <TARGET_IP> with your server's IP
nix run github:nix-community/nixos-anywhere -- --store-paths \
$(nix build path:.#nixosConfigurations.extremist-software.config.system.build.diskoScript --impure --print-out-paths --no-link) \
$(nix build path:.#nixosConfigurations.extremist-software.config.system.build.toplevel --impure --print-out-paths --no-link) \
root@<TARGET_IP> | tee install.log
3. Update Existing Server (No Wipe)
Once the server is running NixOS, use nixos-rebuild to push updates. This is faster and doesn't wipe data.
# Update via IP
nixos-rebuild switch --flake path:.#extremist-software --target-host root@<TARGET_IP> --impure
# Update via Tailscale (Once tailored up)
nixos-rebuild switch --flake path:.#extremist-software --target-host root@extremist-software --impure
repo uses impure build to load secrets/secrets.nix directly. no encrypted secrets in git.