# awful.systems infrastructure flake This is the Nix flake that deploys the awful.systems server infrastructure. It provides a set of files and commands that allow you to deploy the full set of awful.systems software and configuration for each host to anything running NixOS (though the provided commands default to the static IPs of the current awful.systems machines). ## Requirements To use this flake, you'll want a [Nix evaluator](https://nixos.org/download) -- that is, you'll want the Nix package manager (either on NixOS or in an environment where it's installed). This is a [dependency-free](https://www.haskellforall.com/2023/01/announcing-nixos-rebuild-new-deployment.html) stateless deployment mechanism, so this git repo and an authorized ssh key are all you need to deploy the whole stack. This flake builds everything locally for speed and then uploads it, so you'll want a fair bit of available disk space (20GB is safe) and the ability to upload a lot of data. *If you're not on x86_64-linux or you're limited on disk or upload*: you should use the deployment hosts to build. First, use `df -h` to make sure they've got enough disk space, then use the deployment command with the argument `--build-host root@`, where `` is the full domain name of the host you want to deploy to. ## Optional Dependencies [nix-direnv](https://github.com/nix-community/nix-direnv) is convenient, since it'll make all of the awful.systems commands available in your shell with no other setup, and I use that to cache some larger dependencies as well. ## Hosts ### `more.awful.systems` - Hosts the production Lemmy server at https://awful.systems (`lemmy-prod`). - Proxies https://awful.systems/git and https://awful.systems/archives to `these.awful.systems`. - Assumes it's running being a load balancer that terminates SSL, so it doesn't handle anything related to HTTPS itself. ### `these.awful.systems` - Hosts the development Lemmy server at https://making.awful.systems (`lemmy-dev`). - Hosts the r/SneerClub archive (`sneer-archive`). - Stores git repos in `/home/git/repos`. - Hosts `gitweb`. - Runs a git daemon for pull-only access to the git repos. ## Commands If you have `nix-direnv`, these commands will be available in your shell after it finishes a build. Otherwise, run `nix develop` to kick off a build, and the resulting shell will have all of these commands available. Deployment hosts are very thin and don't have a lot of commands available, so use `nix run nixpkgs#` in an SSH session where `` is the command you'd like to run in order to have Nix pull in and run a command line program. - `deploy-these`: Kick off a deployment to the host `these`. Any arguments are passed to `nixos-rebuild`. - `deploy-more`: Same as above for `more`. - `go-these`: Use your SSH key to log into `these` as `root`. Any arguments are treated as commands for SSH to run; IE `go-these df -h` will run `df -h` on `these`, display its output, and exit. - `go-more`: Same as above for `more`. - `rekey-secrets`: With a file argument, tells `sops` to re-encrypt the secrets in that file with the currently configured encryption keys. Will definitely need to be run by someone who previously has access to the secrets in order to succeed. ## Services These can be administrated via `systemctl` and monitored via `journalctl` or your chosen log monitoring software. - `lemmy-prod`: The production Lemmy server. - `lemmy-ui-prod`: The Web frontend to the production Lemmy server. - `lemmy-dev`: The development Lemmy server. - `lemmy-ui-dev`: The Web frontend to the development Lemmy server. ## Databases - For development, the database user is `lemmy_dev` and the Postgres database is `lemmy_dev` on `these.awful.systems`. Use `sudo -u lemmy_dev psql` on that host to access the database. - For production, the database user is `lemmy` and the Postgres database is `lemmy` on `more.awful.systems`. Use `sudo -u lemmy_dev psql` on that host to access the database.