the lounge - infrastructure

Systems

Machine	cloud	platform	DNS entries	services
netcup-x86-runner-1	netcup	X86	netcup-x86-runner-1.lounge.rocks	drone-exec-runner drone-docker-runner
stuart	ORACLE CLOUD	ARM-64	s3.lounge.rocks minio.s3.lounge.rocks	minio (S3)
woodpecker-agent-aarch64-1	ORACLE CLOUD	ARM-64	oracle-aarch64-runner-1.lounge.rocks	wodpecker-agent
woodpecker-agent-x86-1	Proxmox PVE	X86		wodpecker-agent
woodpecker-server	Hetzner	ARM-64	build.lounge.rocks cache.lounge.rocks	wodpecker-{server,pipeliner}

Using the binary cache

{ config, ... }: {
  nix = {
    trusted-public-keys = [ "nix-cache:4FILs79Adxn/798F8qk2PC1U8HaTlaPqptwNJrXNA1g=" ];
    substituters = [ "https://cache.lounge.rocks/nix-cache" ];
  };
}

Using unstable channel

nix-channel --add https://nixos.org/channels/nixos-unstable nixos
nix-channel --update

Initial Rebuild

nixos-rebuild switch --flake '.#stuart' --target-host root@s3.lounge.rocks --build-host root@s3.lounge.rocks

Secrets

Get key for machine:

nix-shell -p ssh-to-age --run 'ssh-keyscan example.com | ssh-to-age'

Edit .sops.yml
Create secrets/example.com accordingly

lounge-rocks/the-lounge

the lounge - infrastructure

Systems

Using the binary cache

Using unstable channel

Initial Rebuild

Secrets