jet/extremist-software
jet/extremist-software
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
17 commits 1 branch 0 tags 393 KiB
Find a file
Jet Pham aa766b7adc
feat: add redis and configs to searxng
2026-02-28 12:44:59 -08:00
modules feat: add redis and configs to searxng 2026-02-28 12:44:59 -08:00
secrets fix: use synapse and nfty for matrix and federation 2026-02-26 19:18:47 -08:00
.envrc feat: use nh to keep 2 gens and to deploy builds 2026-02-27 16:38:15 -08:00
.gitignore update: flake update 2026-02-27 16:37:38 -08:00
configuration.nix feat: use nh to keep 2 gens and to deploy builds 2026-02-27 16:38:15 -08:00
disk-config.nix initial commit 2026-02-16 21:29:21 -08:00
flake.lock update: flake update 2026-02-27 16:37:38 -08:00
flake.nix feat: use nh to keep 2 gens and to deploy builds 2026-02-27 16:38:15 -08:00
README.md feat: use nh to keep 2 gens and to deploy builds 2026-02-27 16:38:15 -08:00

README.md

extremist software

nixos config for the hetzner vps.

services:

  • forgejo (git.extremist.software)
  • stalwart (mail.extremist.software)
  • searxng (search.extremist.software)
  • conduit (matrix.extremist.software)
  • caddy (reverse proxy)
  • grafana/prometheus (status.extremist.software)

Deployment

This repository uses untracked secrets, so you must build the system locally before deploying.

1. Setup Secrets

  1. cp secrets/secrets.nix.example secrets/secrets.nix
  2. Fill in the values (generate random keys, etc).
    • openssl rand -base64 32 is a good way to make a new key
    • tailscaleKey must be a Reusable key from the Tailscale admin console.

2. Verify Configuration Locally

Because secrets/secrets.nix is untracked by git, standard nix flake check will fail. To build the server configuration locally and ensure there are no syntax or evaluation errors before pushing to the server, run:

nix build path:.#nixosConfigurations.extremist-software.config.system.build.toplevel --impure --dry-run

3. Initial Install (Wipe & Install)

Run this command to build and deploy. Warning: Wipes the server disk.

# Replace <TARGET_IP> with your server's IP
nix run github:nix-community/nixos-anywhere -- --store-paths \
  $(nix build path:.#nixosConfigurations.extremist-software.config.system.build.diskoScript --impure --print-out-paths --no-link) \
  $(nix build path:.#nixosConfigurations.extremist-software.config.system.build.toplevel --impure --print-out-paths --no-link) \
  root@<TARGET_IP> | tee install.log

3. Update Existing Server (No Wipe)

Once the server is running NixOS, use nh to push updates. This repository provides nh via direnv (loaded from flake.nix devShell), so just run direnv allow first.

# Update via IP
nh os switch --hostname extremist-software --target-host root@<TARGET_IP> --impure path:.

# Update via Tailscale (Once tailored up)
nh os switch --hostname extremist-software --target-host root@extremist-software --impure path:.

repo uses impure build to load secrets/secrets.nix directly. no encrypted secrets in git.