Skip to content
/ infra Public

hetzner servers managed with terraform and nixos

6 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

karol-broda/infra

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
keys
keys
 
 
nixos
nixos
 
 
scripts
scripts
 
 
secrets
secrets
 
 
terraform
terraform
 
 
.envrc
.envrc
 
 
.gitignore
.gitignore
 
 
.sops.yaml
.sops.yaml
 
 
README.md
README.md
 
 
flake.lock
flake.lock
 
 
flake.nix
flake.nix
 
 

Repository files navigation

infra

    /\_____/\
   /  o   o  \
  ( ==  ^  == )
   )         (
  (           )
 ( (  )   (  ) )
(__(__)___(__)__)

where my servers live. they purr when healthy.

the setup

hetzner cloud, provisioned with terraform, configured with nixos. everything declarative, everything reproducible. if a server explodes i can just... make another one. like a phoenix but fluffier.

secrets live in 1password. ssh keys get generated by terraform and tucked safely into the vault.

what lives here

matrix - chat server, encrypted and private

memos - simple note-taking for thoughts that need saving

firefly - personal finance tracker, theoretically useful

affine - workspace for docs and planning, notion alternative

pocket id - clean oidc provider for single sign-on

netbird - wireguard-based mesh vpn with proper access control

commands

direnv allow and you're in the shell. then:

adding a new server

  1. add it to servers in terraform.tfvars
  2. tf apply to birth the box
  3. make a home for it in nixos/hosts/<name>/
  4. introduce it in flake.nix
  5. deploy <name> to give it life

notes to self

  • acme certs renew automatically, stop checking on them
  • the cloudflare api token needs dns edit permissions

meow

About

hetzner servers managed with terraform and nixos

Resources

Readme
Activity

Stars

6 stars

Watchers

0 watching

Forks

0 forks
Report repository

Languages