extremist-software/README.md

# extremist software

nixos config for the hetzner vps.

services:
- forgejo (git.extremist.software)
- stalwart (mail.extremist.software)
- searxng (search.extremist.software)
- conduit (matrix.extremist.software)
- minecraft (extremist.software)
- caddy (reverse proxy)
- grafana/prometheus (status.extremist.software)

deploy:
`nix run github:nix-community/nixos-anywhere -- --flake .#extremist-software --impure root@<ip>`

secrets:
1. copy `secrets.nix.example` to `secrets.nix`.
2. fill in values (generate random keys for searx/tailscale).
3. `tailscaleKey` must be a **reusable** key.

repo uses `impure` build to load `secrets.nix` directly. no encrypted secrets in git.