xavier/nixos-infra-framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d07661561be3559a6dfe411f8a64efd56518a368
nixos-infra-framework/scripts/README.md
T

3.3 KiB
Raw Blame History

Scripts

Utility scripts for infrastructure management. Covers deployment, LXC container creation and bootstrap, initial configuration of new NixOS machines, and age key generation.

Scripts Overview

create-lxc-nixos.sh — Create and deploy a NixOS LXC container

Creates a NixOS LXC container on a remote Proxmox VE hypervisor, then bootstraps it with the initial NixOS configuration and runs deploy.sh to apply the host-specific configuration.

# Usage
./create-lxc-nixos.sh <short_name> [options]

# Example: create dns01 with static IPv4 and IPv6 token
./create-lxc-nixos.sh dns01 \
  --ip 10.40.0.10/24 \
  --ip6 ::a:b:c:d \
  --pve-host pve01.prod.lagraula.fr

# Dry run to preview the commands
./create-lxc-nixos.sh dns01 --dry-run

Bootstrap process:

  1. pct create — create the container from the NixOS template
  2. pct start <CT_ID> — start the container
  3. Wait for the container to be ready (polling pct exec)
  4. pct push initial-lxc-configuration.nix/etc/nixos/configuration.nix
  5. pct push deploy.sh/usr/local/bin/deploy-nixos
  6. pct exec nixos-rebuild switch — apply initial config (SSH, git, curl)
  7. pct exec deploy-nixos — clone repo and apply host-specific config

deploy.sh — Deploy NixOS configuration from Git repository

Clones or updates the nixos-infra repository, detects the hostname, finds the corresponding configuration file, and applies it with nixos-rebuild switch.

# Usage
./deploy.sh [options]

# Options
-u, --repo-url URL    Git repository URL (default: https://gitea.lagraula.fr/...)
-d, --repo-dir DIR    Local directory (default: /etc/nixos-infra)
-b, --branch BRANCH   Git branch (default: main)
-n, --dry-run         Simulate without making changes

Configuration lookup order:

  1. hosts/servers/<hostname>/configuration.nix
  2. hosts/workstations/<hostname>/configuration.nix

initial-lxc-configuration.nix — Bootstrap NixOS configuration (LXC)

Minimal NixOS configuration pushed to a new LXC container during the bootstrap phase. Installs SSH, git, and curl so the container can clone the repository and apply its specific configuration.

Pushed to /etc/nixos/configuration.nix by create-lxc-nixos.sh.

gen-secrets-keys.sh — Generate age public keys for agenix

Connects to each host in the infrastructure, retrieves its SSH host key via ssh-keyscan, converts it to an age public key with ssh-to-age, and stores it in secrets/pubkeys/<hostname>.age.

# Usage
./gen-secrets-keys.sh

# Prerequisites
#   nix-shell -p ssh-to-age

After generating keys, encrypt secrets with:

age -r $(cat secrets/pubkeys/<hostname>.age) -o secrets/<name>.age
agenix -e secrets/<name>.age

update-nixpkgs.sh — Update the nixpkgs pin

Updates pkgs/nixpkgs.json with the latest commit from nixpkgs stable.

Deployment workflow (LXC containers)

create-lxc-nixos.sh         # Step 1: Create + bootstrap
  └─ pct create
  └─ pct push initial-lxc-configuration.nix
  └─ pct push deploy.sh
  └─ pct exec nixos-rebuild switch
  └─ pct exec deploy.sh     # Step 2: Clone repo + apply config
      └─ git clone
      └─ nixos-rebuild switch (host-specific)

For subsequent updates on an already-deployed container:

ssh <hostname>
sudo /usr/local/bin/deploy-nixos
Reference in New Issue View Git Blame Copy Permalink