Skip to content

librepod/os

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
machines
machines
 
 
modules
modules
 
 
.gitignore
.gitignore
 
 
Justfile
Justfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
configuration.nix
configuration.nix
 
 
deploy.nix
deploy.nix
 
 

Repository files navigation

Development

Clone the repo with your newly generated Personal Access Token (PAT):

git clone https://{username}:{PAT}@github.com/librepod/librepod.git

Https with Traefik

We use self-signed certificates generated by the mkcert utility on the LibrePod host. mkcert creates a default Certificate Authority located in the /root/.local/share/mkcert folder. This CA is the default one and is used to generate all the self-signed certificates which are used by Traefik Proxy. The mechanics of this as follows:

  1. File ca-certs.nix defines few systemd services. One of them calls mkcert install which creates default CA, then it creates self-signed certificates in the /exports/k3s/certs folder. After that it creates a K8S TLS secret refering to newly generated certificates.
  2. The other systemd service is triggered monthly by a corresponding systemd timer service and just creates another pair of certificates as well as deletes old K8S TLS secret and creates a new one referring to new certs.
  3. There is Traefik CRD named TLSStore which sets default Traefik TLS key to the TLS secret we create based on the self-signed certs produced by mkcert.

How to install

Install on a non-NixOS host

For LibrePod purposes we have adopted the nixos-infect script that installs NixOS on a non-Nix Linux system. It was tested with Debian based Linux and it should work work with other Linux systems as well since the original author states that it does.

  1. Deploy an SSH key for the root user to the host where you want LibrePod be installed.
  2. Make sure that you can connect via SSH as root user to that host.
  3. Having SSH-ed to your host as root user, execute:

💣 WARNING! This script wipes out the targeted host's root filesystem when it runs to completion. Any errors halt execution. A failure will leave the system in an inconsistent state, and so it is advised to run with bash -x. 💡 If your host supports disk snapshots, please make a snapshot before executing this script so you could restore to the previous state just in case. Otherwise there is no way to revert the state of your host after script execution.

  curl https://raw.githubusercontent.com/librepod/librepod-install/master/librepod-install | bash -x

About

No description, website, or topics provided.

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages