infra/README.md

# nix-community infrastructure

Welcome to the Nix Community infrastructure project. This project holds all
the NixOS and Terraform configuration for this organization.

## Support

If you hit any issues, ping us on IRC in the #nix-community channel (see the
admin list below) or create an issue here:
[New Issue](https://github.com/nix-community/infra/issues/new).

### Administrators

* @adisbladis
* @flokli
* @grahamc
* @Mic92
* @nlewo
* @ryantm
* @zimbatm

## Services

* BuildKite agent - on build01
* GitLab agent - on build01
* hound - on build01
* https://hydra.nix-community.org - on build01
* marvin-mk2 - on build01
* matterbridge - on build01
* ryantm-updater bot - on build02

## Hosts

### `build01` ![build01](https://healthchecks.io/badge/c9e58e14-c706-4084-959b-17b06fbd124f/QFBOLbO1/build01.svg)

This machine is perfect for running heavy builds.

* Provider: Hetzner
* CPU: AMD Ryzen 7 1700X Eight-Core Processor
* RAM: 64GB
* Drives: 2 x 512 GB SATA SSD

### `build02`

This machine currently just runs r-ryantm/nixpkgs-update.

* Provider: Hetzner
* CPU: AMD Ryzen 7 3700X Eight-Core Processor
* RAM: 64GB DDR4 ECC
* Drives: 2 x 1 TB NVME in RAID 1

### `build03`

This machine is a replacement for build01.

* Provider: Hetzner
* CPU: AMD Ryzen 5 3600 6-Core Processor
* RAM: 64GB DDR4 ECC
* Drives: 2 x 512 TB NVME in RAID 1

## Cache

All the builds on these machines are pushed to https://nix-community.cachix.org/

Thanks to Cachix for sponsoring our binary cache!

## File hierarchy

* ./build\d+ - build machines
* ./ci.sh - What is executed by CI
* ./deploy - NixOps deploy script
* ./nix - pinned Nix dependencies and overlays
* ./roles - shared NixOS configuration modules
* ./secrets - git-crypt encrypted secrets
* ./services - single instances of NixOS services
* ./terraform - Setup DNS
* ./users - NixOS configuration of our admins

## Deployment commands:

```console
$ ./deploy
```

If you want to reboot a machine, use the following
command to also deploy secrets afterwards:

```console
$ ./deploy --force-reboot --include build02
```

## Install/Fix system from Hetzner recovery mode

1. Mount all filesystems to /mnt
2. Install kexec image from Hetzner recovery system as described in [kexec.nix](roles/kexec.nix) and boot into it
3. Download infra repo
``` console
$ nix-shell -p git --run "git clone https://github.com/nix-community/infra && cd infra && nix-shell"
```

4. Build new system closure:

``` console
nix-shell> nix-build -A buildXX-system
```

5. Install system closure

```console
$ nixos-install --system ./result
```
New nix-community infra repo! Currently contains the Nixops deployment for our builder machine 2019-08-10 12:43:48 +01:00			`# nix-community infrastructure`

cleanup the README 2020-05-03 15:10:15 +02:00			`Welcome to the Nix Community infrastructure project. This project holds all`
			`the NixOS and Terraform configuration for this organization.`
New nix-community infra repo! Currently contains the Nixops deployment for our builder machine 2019-08-10 12:43:48 +01:00
cleanup the README 2020-05-03 15:10:15 +02:00			`## Support`
play with using healthchecks.io (#1) 2019-08-12 17:24:59 +00:00
cleanup the README 2020-05-03 15:10:15 +02:00			`If you hit any issues, ping us on IRC in the #nix-community channel (see the`
			`admin list below) or create an issue here:`
			`[New Issue](https://github.com/nix-community/infra/issues/new).`
play with using healthchecks.io (#1) 2019-08-12 17:24:59 +00:00
cleanup the README 2020-05-03 15:10:15 +02:00			`### Administrators`
README: add list of admins 2020-03-26 18:00:49 +01:00
adisblading -> adisbladis 2020-04-02 16:35:03 -07:00			`* @adisbladis`
README: add list of admins 2020-03-26 18:00:49 +01:00			`* @flokli`
			`* @grahamc`
add mic92 as admin (#49) to setup: - monitoring (logs to IRC) - continous deployment to build01/build02 with drone 2021-01-18 20:32:29 +00:00			`* @Mic92`
README: add list of admins 2020-03-26 18:00:49 +01:00			`* @nlewo`
			`* @ryantm`
			`* @zimbatm`

play with using healthchecks.io (#1) 2019-08-12 17:24:59 +00:00			`## Services`

cleanup the README 2020-05-03 15:10:15 +02:00			`* BuildKite agent - on build01`
			`* GitLab agent - on build01`
move things around a bit (#61) * keep ./services for instances ./profiles is for config-only modules ./services are like profiles, but configure a single instance of a service. Those are fronted by Nginx as the load-balancer and have a DNS entry as well. * ci: build build03 as well * move hydra to services * move matterbridge to services * move marvin-mk2 to services * build01: share the remainder profiles * build02: use the nix-community-cache * fixup kexec * rename profiles to roles * README: sync with reality 2021-03-07 16:28:44 +00:00			`* hound - on build01`
			`* https://hydra.nix-community.org - on build01`
			`* marvin-mk2 - on build01`
			`* matterbridge - on build01`
			`* ryantm-updater bot - on build02`
cleanup the README 2020-05-03 15:10:15 +02:00
			`## Hosts`

			### `build01` ![build01](https://healthchecks.io/badge/c9e58e14-c706-4084-959b-17b06fbd124f/QFBOLbO1/build01.svg)

			`This machine is perfect for running heavy builds.`

			`* Provider: Hetzner`
			`* CPU: AMD Ryzen 7 1700X Eight-Core Processor`
			`* RAM: 64GB`
add more information about build machines 2021-01-20 20:23:32 -08:00			`* Drives: 2 x 512 GB SATA SSD`

			### `build02`

			`This machine currently just runs r-ryantm/nixpkgs-update.`

			`* Provider: Hetzner`
			`* CPU: AMD Ryzen 7 3700X Eight-Core Processor`
			`* RAM: 64GB DDR4 ECC`
			`* Drives: 2 x 1 TB NVME in RAID 1`
cleanup the README 2020-05-03 15:10:15 +02:00
move things around a bit (#61) * keep ./services for instances ./profiles is for config-only modules ./services are like profiles, but configure a single instance of a service. Those are fronted by Nginx as the load-balancer and have a DNS entry as well. * ci: build build03 as well * move hydra to services * move matterbridge to services * move marvin-mk2 to services * build01: share the remainder profiles * build02: use the nix-community-cache * fixup kexec * rename profiles to roles * README: sync with reality 2021-03-07 16:28:44 +00:00			### `build03`

			`This machine is a replacement for build01.`

			`* Provider: Hetzner`
			`* CPU: AMD Ryzen 5 3600 6-Core Processor`
			`* RAM: 64GB DDR4 ECC`
			`* Drives: 2 x 512 TB NVME in RAID 1`

fix wording about the cache 2021-01-20 20:25:19 -08:00			`## Cache`

			`All the builds on these machines are pushed to https://nix-community.cachix.org/`
cleanup the README 2020-05-03 15:10:15 +02:00
			`Thanks to Cachix for sponsoring our binary cache!`

move things around a bit (#61) * keep ./services for instances ./profiles is for config-only modules ./services are like profiles, but configure a single instance of a service. Those are fronted by Nginx as the load-balancer and have a DNS entry as well. * ci: build build03 as well * move hydra to services * move matterbridge to services * move marvin-mk2 to services * build01: share the remainder profiles * build02: use the nix-community-cache * fixup kexec * rename profiles to roles * README: sync with reality 2021-03-07 16:28:44 +00:00			`## File hierarchy`
cleanup the README 2020-05-03 15:10:15 +02:00
move things around a bit (#61) * keep ./services for instances ./profiles is for config-only modules ./services are like profiles, but configure a single instance of a service. Those are fronted by Nginx as the load-balancer and have a DNS entry as well. * ci: build build03 as well * move hydra to services * move matterbridge to services * move marvin-mk2 to services * build01: share the remainder profiles * build02: use the nix-community-cache * fixup kexec * rename profiles to roles * README: sync with reality 2021-03-07 16:28:44 +00:00			`* ./build\d+ - build machines`
			`* ./ci.sh - What is executed by CI`
			`* ./deploy - NixOps deploy script`
			`* ./nix - pinned Nix dependencies and overlays`
			`* ./roles - shared NixOS configuration modules`
			`* ./secrets - git-crypt encrypted secrets`
			`* ./services - single instances of NixOS services`
cleanup the README 2020-05-03 15:10:15 +02:00			`* ./terraform - Setup DNS`
move things around a bit (#61) * keep ./services for instances ./profiles is for config-only modules ./services are like profiles, but configure a single instance of a service. Those are fronted by Nginx as the load-balancer and have a DNS entry as well. * ci: build build03 as well * move hydra to services * move matterbridge to services * move marvin-mk2 to services * build01: share the remainder profiles * build02: use the nix-community-cache * fixup kexec * rename profiles to roles * README: sync with reality 2021-03-07 16:28:44 +00:00			`* ./users - NixOS configuration of our admins`
cleanup the README 2020-05-03 15:10:15 +02:00
document deploy commands 2021-03-20 06:17:29 +01:00			`## Deployment commands:`

			```console
			`$ ./deploy`
			```

			`If you want to reboot a machine, use the following`
			`command to also deploy secrets afterwards:`

			```console
			`$ ./deploy --force-reboot --include build02`
			```
document installing system from repo in rescue mode 2021-03-25 09:25:28 +01:00
			`## Install/Fix system from Hetzner recovery mode`

			`1. Mount all filesystems to /mnt`
kexec: fix references 2021-05-11 16:57:21 +02:00			`2. Install kexec image from Hetzner recovery system as described in [kexec.nix](roles/kexec.nix) and boot into it`
document installing system from repo in rescue mode 2021-03-25 09:25:28 +01:00			`3. Download infra repo`
			``` console
			`$ nix-shell -p git --run "git clone https://github.com/nix-community/infra && cd infra && nix-shell"`
			```

			`4. Build new system closure:`

			``` console
			`nix-shell> nix-build -A buildXX-system`
			```

			`5. Install system closure`

			```console
			`$ nixos-install --system ./result`
			```
No results found.