NixOS Advanced Virtual Infrastructure

Gauvain Roussel-Tarbouriech 3fa4cc14ba components/browser: disabled nix managed extensions this is very much a temporary thing as nixExtensions are currently broken in nixpkgs unstable so, until this is solved (and probably auto updates are) I'll have to make it use firefox's builtin updater. Good enough for my use since I know I need to install the addons but I should add them back sooner rather than later so I'm not the only one benefiting from it		3 days ago
.git-crypt	Add 1 git-crypt collaborator	1 month ago
assets/dashboards	dashboards: move to assets	4 weeks ago
bootstrap	docs: add precisions on how to setup a device and a sample config file	4 weeks ago
components	components/browser: disabled nix managed extensions	3 days ago
docs	docs: typo	2 months ago
infrastructure	infra/alastor: add axolotl	3 days ago
profiles	profiles/default: make sure virtualisation is defined before setting attrSet	4 weeks ago
secrets	components/web: add option default	4 weeks ago
.gitattributes	secrets: use a multi-key setup with strong auth for multi device conf	1 month ago
.gitignore	infra/emet-selch: init (vm only so far)	4 weeks ago
.pre-commit-config.yaml	formatting: change hooks and add a reminder	4 months ago
README.md	docs: add precisions on how to setup a device and a sample config file	4 weeks ago
TODO.md	docs: update to show auto update is done	1 month ago
configuration.sample.nix	docs: add precisions on how to setup a device and a sample config file	4 weeks ago
default.nix	canary: mention the unlock command	1 month ago

README.md

navi

navi(NixOS Advanced Virtual Infrastructure) is a set of NixOS configuration files handling my own internal infrastructure.

Currently the machines populated by this configuration are:

alastor
xanadu

WARNING: This is a very heavily WIP project and has an uncommon threat model, as such you might want to really document yourself before using parts of this software! Please read docs/README.txt at the very least!

Development Notes

To setup navi you'll first need to bootstrap it:

cd bootstrap && ./bootstrap.sh

This will setup secrets needed for the entire infrastructure to work.

If you want to test the setup before installing it on a real machine you can

sudo nixos-rebuild build-vm -I nixos-config=./configuration.sample.nix

If you want to install navi on a live machine, you'll need to run the bootstrapper again to generate device-specific keys, paths, and other required components. It will generate a default configuration which you should tailor to your needs. Installing is then as simple as running

sudo nixos-install

Contributing

Do not forget to run pre-commit install to get the formatting hooks running before contributing!