nix-community infrastructure [maintainer=@zowoq]

Find a file

Jörg Thalheim d7883e794d remove worldofpeace (#99 ) As announced by worldofpeace in https://github.com/NixOS/nixpkgs/issues/121769 they step official away from the project.		2021-05-09 18:10:16 +02:00
.git-crypt	Add 1 git-crypt collaborator	2021-01-19 09:15:41 +01:00
.github	build(deps): bump cachix/cachix-action from v9 to v10 (#83 )	2021-04-12 11:10:31 +02:00
build01	build01: remove healthcheck ping	2021-05-09 16:52:29 +02:00
build02	nixpkgs-update: skip pypy update source because it is broken	2021-03-31 21:22:05 -07:00
build03	move marvin-mk2 to build03	2021-05-05 08:30:15 +02:00
nix	update nixpkgs	2021-05-09 08:34:35 +02:00
roles	termite: remove since it breaks the build	2021-05-09 08:33:14 +02:00
secrets	declarative hydra users	2021-03-06 20:14:42 +01:00
services	marvin-2k: add marvin-2k.nix-community.org (#95 )	2021-05-02 13:52:38 +02:00
terraform	add terraform/deploy	2021-05-09 09:10:21 +02:00
users	remove worldofpeace (#99 )	2021-05-09 18:10:16 +02:00
.envrc	deploy: speed up by using caches	2020-08-08 14:34:52 +02:00
.gitignore	improve .gitignore	2020-04-26 18:49:51 +02:00
_config.yml	configure GitHub pages	2020-05-03 15:11:06 +02:00
ci.sh	ci: speed up on no-op	2021-01-18 18:30:11 +01:00
default.nix	move things around a bit (#61 )	2021-03-07 16:28:44 +00:00
deploy	ci: add basic nix and cachix support (#15 )	2020-04-07 13:31:11 +00:00
deployment.nix	move marvin-mk2 to build03	2021-05-05 08:30:15 +02:00
README.md	document installing system from repo in rescue mode	2021-03-25 09:26:44 +01:00
secrets.nix	secrets: only remove suffix "\n" for the buildkite token (#22 )	2020-05-01 16:44:05 +00:00
shell.nix	Revert "remove broken niv"	2021-03-21 15:59:20 +01:00

README.md

nix-community infrastructure

Welcome to the Nix Community infrastructure project. This project holds all the NixOS and Terraform configuration for this organization.

Support

If you hit any issues, ping us on IRC in the #nix-community channel (see the admin list below) or create an issue here: New Issue.

Administrators

@adisbladis
@flokli
@grahamc
@Mic92
@nlewo
@ryantm
@zimbatm

Services

BuildKite agent - on build01
GitLab agent - on build01
hound - on build01
https://hydra.nix-community.org - on build01
marvin-mk2 - on build01
matterbridge - on build01
ryantm-updater bot - on build02

Hosts

`build01`

This machine is perfect for running heavy builds.

Provider: Hetzner
CPU: AMD Ryzen 7 1700X Eight-Core Processor
RAM: 64GB
Drives: 2 x 512 GB SATA SSD

`build02`

This machine currently just runs r-ryantm/nixpkgs-update.

Provider: Hetzner
CPU: AMD Ryzen 7 3700X Eight-Core Processor
RAM: 64GB DDR4 ECC
Drives: 2 x 1 TB NVME in RAID 1

`build03`

This machine is a replacement for build01.

Provider: Hetzner
CPU: AMD Ryzen 5 3600 6-Core Processor
RAM: 64GB DDR4 ECC
Drives: 2 x 512 TB NVME in RAID 1

Cache

All the builds on these machines are pushed to https://nix-community.cachix.org/

Thanks to Cachix for sponsoring our binary cache!

File hierarchy

./build\d+ - build machines
./ci.sh - What is executed by CI
./deploy - NixOps deploy script
./nix - pinned Nix dependencies and overlays
./roles - shared NixOS configuration modules
./secrets - git-crypt encrypted secrets
./services - single instances of NixOS services
./terraform - Setup DNS
./users - NixOS configuration of our admins

Deployment commands:

$ ./deploy

If you want to reboot a machine, use the following command to also deploy secrets afterwards:

$ ./deploy --force-reboot --include build02

Install/Fix system from Hetzner recovery mode

Mount all filesystems to /mnt
Install kexec image from Hetzner recovery system as described in kexec.nix and boot into it
Download infra repo

$ nix-shell -p git --run "git clone https://github.com/nix-community/infra && cd infra && nix-shell"

Build new system closure:

nix-shell> nix-build -A buildXX-system

Install system closure

$ nixos-install --system ./result