jet/noisebridge-wiki
jet/noisebridge-wiki
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: update readme to be about prototype

Browse source
This commit is contained in:
Jet 2026-03-25 19:26:45 -07:00
parent 3850948f71
commit f9afc7285f
No known key found for this signature in database
1 changed files with 32 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

57
README.md
View file

@ -1,20 +1,37 @@
# Noisebridge Wiki Infra
# Noisebridge Wiki *2.0 Prototype*
This repo manages the Noisebridge wiki hosts on NixOS.
This repo manages the Noisebridge wiki. It is currently for the Noisebridge Wiki 2.0 Prototype that is planned to eventually replace the current Noisebridge wiki infrastructure.
## Development Hosts
- primary wiki: `main-wiki.extremist.software`
- read-only replica: `replica-wiki.extremist.software`
- deployment/admin SSH user: `jet` *this is hoped to expand soon!*
A note here, once this project is underway, CI/CD should only allow changes to come through reviewed PRs into the main branch. These changes would then be built and deployed from an automated Github action (could be forgejo actions in the future)
The current repo is the deployment foundation for a two-machine MediaWiki stack:
- primary host: MediaWiki, MariaDB primary, Caddy, agenix-managed secrets
- replica host: MediaWiki, MariaDB read-only replica, Caddy, agenix-managed secrets
We haven't fully implemented all the features, but ones that are needed before we do the big swap are:
<list future features here>
## Commands
Bootstrap a brand new Ubuntu 22.04 DigitalOcean VPS into NixOS:
```sh
nix run .#bootstrap-host -- <main-wiki|replica-wiki> <target-host> [ssh-identity-file]
nix run .#bootstrap-host -- <main-target-host> <replica-target-host> [ssh-identity-file]
nix run .#bootstrap-host -- [--admin <name>] <main-wiki|replica-wiki> <target-host> [ssh-identity-file]
nix run .#bootstrap-host -- [--admin <name>] <main-target-host> <replica-target-host> [ssh-identity-file]
```
Example:
```sh
nix run .#bootstrap-host -- main-wiki root@203.0.113.10 ~/.ssh/do-bootstrap
nix run .#bootstrap-host -- --admin jet main-wiki root@203.0.113.10 ~/.ssh/do-bootstrap
nix run .#bootstrap-host -- root@203.0.113.10 root@203.0.113.11 ~/.ssh/do-bootstrap
```
@ -25,6 +42,15 @@ What bootstrap does:
- converts the machine to NixOS with the `jet` admin user
- disables direct root SSH
- fixes the known bad IPv6 routes generated by `nixos-infect`
- verifies that `jet` login and `sudo` work and that the host reaches `running`
What bootstrap is not:
- it is not the normal long-term deploy path
- it is not the full application rollout
- it is only the one-off Ubuntu-to-NixOS installer step
> This is made to only be run once and to potentially prop up new servers if needed
Deploy all already-bootstrapped hosts:
@ -57,24 +83,5 @@ nix flake check 'path:.' --accept-flake-config
1. Create a raw VPS.
2. Run `nix run .#bootstrap-host -- ...` from the repo root on an admin laptop.
3. The machine installs NixOS and comes up over hardened public SSH as `jet`.
4. Future changes use `nix run .#deploy`.
## GitHub Settings
To require pull requests and auto-deploy only from `main`, set branch protection or a ruleset on `main` with:
- require a pull request before merging
- do not allow direct pushes to `main`
- require status checks to pass before merging
- select the CI check job from this repo
- optionally require approvals before merging
This repo already deploys on pushes to `main` in `.github/workflows/ci.yml`.
That means the intended flow is:
1. open a PR
2. CI passes
3. merge into `main`
4. GitHub Actions runs `nix run .#deploy`
3. The machine installs NixOS and comes up over public SSH.
4. Future configuration changes would be made through CI/CD.