Everything necessary to deploy your own instance of Reinitialized Infrastructure
- Nix 59.3%
- Shell 40.7%
| .github | ||
| .vscode | ||
| docs | ||
| hosts | ||
| library | ||
| modules | ||
| overrides | ||
| .gitignore | ||
| flake.lock | ||
| flake.nix | ||
| README.md | ||
Reinitialized Infrastructure Documentation
This documentation covers custom options and features provided by this NixOS infrastructure flake. For standard NixOS options, please refer to the official NixOS documentation.
Table of Contents
Quick Start
This flake provides:
- Dual-Export Pattern: Define systems once, export both VMA images and nixosSystem configurations
- Proxmox VMA Image Generation: Build complete Proxmox-compatible VM images with NixOS
- User Management: Create users with properly configured bind-mounted home directories
- Secrets Management System: Centralized, declarative secret configuration
- Mesh Network: WireGuard-based mesh networking with auto-peer discovery
- Custom Firewall Rules: Advanced source IP-based port allowlist/denylist
- Standard Profiles: Pre-configured system profiles for common use cases
Build Instructions
Available Flake Exports
This flake exports the following systems:
Current Infrastructure
| Host | VM ID | Purpose | VLAN | Mesh Node ID |
|---|---|---|---|---|
| devenv | 202 | Development environment with fleet tools | 200 | 1 |
| rp1 | 203 | Reverse proxy (Technitium DNS, nginx) | 12 | 2 |
| apps1 | 204 | Application server (Hudu, DNS primary) | 11 | 3 |
| apps2 | 205 | Application server (DNS secondary, UniFi) | 11 | 4 |
| db1 | 206 | Database server (PostgreSQL, Valkey) | 11 | 11 |
NixOS System Configurations
nixosConfigurations.devenv- Development environment VMnixosConfigurations.rp1- Reverse proxy server VMnixosConfigurations.apps1- Application server 1 VMnixosConfigurations.apps2- Application server 2 VMnixosConfigurations.db1- Database server VM
Proxmox VMA Packages
packages.x86_64-linux.devenv- Proxmox VMA image for devenvpackages.x86_64-linux.rp1- Proxmox VMA image for rp1packages.x86_64-linux.apps1- Proxmox VMA image for apps1packages.x86_64-linux.apps2- Proxmox VMA image for apps2packages.x86_64-linux.db1- Proxmox VMA image for db1
Building VMA Images for Proxmox
VMA (VM Archive) images are Proxmox-compatible backups that can be imported directly into Proxmox VE.
Build a VMA Image
# Build the VMA image
nix build path:.#packages.x86_64-linux.devenv
# Or use shorthand (if system matches)
nix build path:.#devenv
# Output will be in ./result/
ls -lh result/
# -rw-r--r-- vzdump-qemu-202.vma.zst # Compressed VMA archive
# -rw-r--r-- CREDENTIALS.txt # Generated admin password
Import to Proxmox
# Copy the VMA to your Proxmox host
scp result/vzdump-qemu-202.vma.zst root@proxmox:/var/lib/vz/dump/
# On the Proxmox host, restore the VM
qmrestore /var/lib/vz/dump/vzdump-qemu-202.vma.zst 202 --storage hotData
# Start the VM
qm start 202
Important: Save Credentials
The CREDENTIALS.txt file contains the randomly generated password for the rnetadmin user. Save this securely before deleting the build output:
cat result/CREDENTIALS.txt
# VM ID: 202
# Hostname: devenv
# Username: rnetadmin
# Password: <randomly-generated-password>
# Generated: 2026-01-23 12:00:00 UTC
Fleet Management Tools (From devenv)
The devenv host includes custom fleet management scripts that simplify deploying changes across the infrastructure:
rebuildHost - Deploy changes to a single host:
# Deploy to a remote host (builds on devenv, deploys to target)
rebuildHost apps1
# Deploy to local devenv
rebuildHost devenv
# Use 'boot' instead of 'switch' (activates on next reboot)
rebuildHost rp1 --boot
updateInfra - Deploy changes to ALL hosts in the fleet:
# Update all hosts defined in meshTopology.nix
updateInfra
Building for already existing systems (Manual)
nixos-rebuild switch --flake path:.#<hostname> --sudo --target-host rnetadmin@<ip> --build-host rnetadmin@<build-ip>
Testing Configurations Before Deployment
Test configurations before applying them:
# Build without activating
nix build path:.#nixosConfigurations.rp1.config.system.build.toplevel
# Test on the target (boots into new config, auto-reverts if issues)
nixos-rebuild test --flake path:.#rp1 --target-host root@rp1
# Boot into new config on next reboot (doesn't activate immediately)
nixos-rebuild boot --flake path:.#rp1 --target-host root@rp1
Building All Outputs
# Build all VMA packages
nix build path:.#packages.x86_64-linux.devenv path:.#packages.x86_64-linux.rp1 path:.#packages.x86_64-linux.apps1
# Build all nixosSystem configurations
nix build path:.#nixosConfigurations.devenv.config.system.build.toplevel
nix build path:.#nixosConfigurations.rp1.config.system.build.toplevel
nix build path:.#nixosConfigurations.apps1.config.system.build.toplevel
# Check all flake outputs
nix flake show path:.
Getting Started
Add this flake to your flake.nix:
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
reinitialized-infra.url = "github:reinitialized-net/infrastructure";
};
outputs = { self, nixpkgs, reinitialized-infra }: {
# Use the modules
nixosConfigurations.myhost = nixpkgs.lib.nixosSystem {
modules = [
reinitialized-infra.nixosModules.default
./configuration.nix
];
};
};
}
Or use the dual-export pattern (recommended):
{
inputs = {
reinitialized-infra.url = "github:reinitialized-net/infrastructure";
};
outputs = { self, reinitialized-infra }:
let
library = reinitialized-infra.lib;
dualSystems = {
my-vm = library.makeDualExport "my-vm" {
system = "x86_64-linux";
vmId = 100;
modules = [ ./hosts/my-vm.nix ];
};
};
in {
nixosConfigurations.my-vm = dualSystems.my-vm.nixosSystem;
packages.x86_64-linux.my-vm = dualSystems.my-vm.package;
};
}
Documentation Files
- overview.md - Architecture and design overview
- library-functions.md - Detailed library function documentation
- modules/ - Custom NixOS module documentation
- profiles.md - Available system profiles
- examples.md - Complete usage examples