No description
e2e87d5694
Runner runs on the same server it deploys to, so SSH to itself was unnecessarily complex. Now builds locally and activates directly. - Replace deploy-rs SSH workflow with local build + switch - Add NOPASSWD sudo for gitea-runner to run nix-env and switch-to-configuration (required for local deployment) - Remove SSH key setup from deploy workflow |
||
|---|---|---|
| .forgejo/workflows | ||
| apps | ||
| docs | ||
| hosts | ||
| lib | ||
| modules/nixos | ||
| overlays | ||
| pkgs | ||
| scripts | ||
| templates | ||
| users | ||
| .gitignore | ||
| .sops.yaml | ||
| AGENTS.md | ||
| constants.nix | ||
| deploy.json | ||
| digest.txt | ||
| flake.lock | ||
| flake.nix | ||
| README.md | ||
cryodev NixOS Configuration
Declarative NixOS infrastructure for the cryodev environment, managed with Nix Flakes.
Quick Start
# Clone repository
git clone https://git.cryodev.xyz/steffen/cryodev-server.git
cd cryodev-server
# Check configuration
nix flake check
# Build a host
nix build .#nixosConfigurations.cryodev-main.config.system.build.toplevel
Hosts
| Host | Architecture | Deployment | Description |
|---|---|---|---|
cryodev-main |
x86_64 | Push (deploy-rs) | Main server |
cryodev-pi |
aarch64 | Pull (Comin) | Raspberry Pi client |
Services
| Service | Domain | Description |
|---|---|---|
| Headscale | headscale.cryodev.xyz |
Self-hosted Tailscale server |
| Headplane | headplane.cryodev.xyz |
Headscale web UI |
| Forgejo | git.cryodev.xyz |
Git hosting with CI/CD |
| Netdata | netdata.cryodev.xyz |
Monitoring dashboard |
mail.cryodev.xyz |
Email (Postfix/Dovecot) |
Raspberry Pi SD Images
SD card images for Raspberry Pi clients are built automatically on every push to main.
Download from: Releases
# Flash to SD card
zstd -d cryodev-pi-sd-image.img.zst
sudo dd if=cryodev-pi-sd-image.img of=/dev/sdX bs=4M status=progress
See Adding a new Raspberry Pi for the full workflow.
Documentation
Full documentation is available in the docs/ directory:
- Prerequisites
- New Raspberry Pi Client
- SD Image Reference
- Server Installation
- Reinstallation
- Services
- Deployment
Directory Structure
.
├── flake.nix # Flake entry point
├── constants.nix # Central configuration
├── hosts/ # Host configurations
├── modules/ # Reusable NixOS modules
├── pkgs/ # Custom packages
├── overlays/ # Nixpkgs overlays
├── templates/ # Host templates
├── scripts/ # Helper scripts
├── apps/ # Nix apps (rebuild)
├── lib/ # Helper functions
└── docs/ # Documentation
Commands
# Format code
nix fmt
# Run checks
nix flake check
# Update dependencies
nix flake update
# Enter dev shell
nix develop
# Build Pi SD image locally
nix build .#nixosConfigurations.cryodev-pi.config.system.build.sdImage
License
Private repository.