{"id":40665829,"url":"https://github.com/dont-rely-on-nulls/chessboard","last_synced_at":"2026-01-21T09:09:22.723Z","repository":{"id":259152562,"uuid":"874458187","full_name":"dont-rely-on-nulls/chessboard","owner":"dont-rely-on-nulls","description":"A multi-purpose NixOS server ❄️, provisioned by Open Tofu, targets AWS and Magalu Cloud","archived":false,"fork":false,"pushed_at":"2025-11-27T11:10:45.000Z","size":282,"stargazers_count":4,"open_issues_count":6,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-11-30T04:17:08.735Z","etag":null,"topics":["age","aws","disko","impermanence","infrastructure-as-code","justfile","linux","magalucloud","mgc","nix","nix-flakes","nix-modules","nixos","nixos-anywhere","open-tofu","postgresql","server","systemd","terraform"],"latest_commit_sha":null,"homepage":"","language":"Nix","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dont-rely-on-nulls.png","metadata":{"files":{"readme":"README.org","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-10-17T21:30:47.000Z","updated_at":"2025-11-25T10:32:10.000Z","dependencies_parsed_at":"2024-10-26T22:37:13.244Z","dependency_job_id":"c61b02a1-572f-464f-a388-01ed5053298e","html_url":"https://github.com/dont-rely-on-nulls/chessboard","commit_stats":{"total_commits":12,"total_committers":2,"mean_commits":6.0,"dds":0.08333333333333337,"last_synced_commit":"965cbe7f2c3f46068b04af77538cd9dff8dcf991"},"previous_names":["dr-nekoma/trashcan","dont-rely-on-nulls/chessboard"],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/dont-rely-on-nulls/chessboard","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dont-rely-on-nulls%2Fchessboard","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dont-rely-on-nulls%2Fchessboard/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dont-rely-on-nulls%2Fchessboard/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dont-rely-on-nulls%2Fchessboard/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dont-rely-on-nulls","download_url":"https://codeload.github.com/dont-rely-on-nulls/chessboard/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dont-rely-on-nulls%2Fchessboard/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28630940,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-21T04:47:28.174Z","status":"ssl_error","status_checked_at":"2026-01-21T04:47:22.943Z","response_time":86,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["age","aws","disko","impermanence","infrastructure-as-code","justfile","linux","magalucloud","mgc","nix","nix-flakes","nix-modules","nixos","nixos-anywhere","open-tofu","postgresql","server","systemd","terraform"],"created_at":"2026-01-21T09:09:21.942Z","updated_at":"2026-01-21T09:09:22.712Z","avatar_url":"https://github.com/dont-rely-on-nulls.png","language":"Nix","funding_links":[],"categories":[],"sub_categories":[],"readme":"* Chessboard\n\n#+html: \u003ca href=\"https://builtwithnix.org\"\u003e\u003cimg alt=\"built with nix\" src=\"https://builtwithnix.org/badge.svg\" /\u003e\u003c/a\u003e\u003cbr\u003e\n#+html: \u003ca href=\"https://github.com/Dr-Nekoma/trashcan/actions/workflows/qemu_build.yml\"\u003e\u003cimg alt=\"[QEMU] Build\" src=\"https://github.com/Dr-Nekoma/trashcan/actions/workflows/qemu_build.yml/badge.svg\" /\u003e\u003c/a\u003e\n\nThis repository contains the server configuration to host applications from\n[[https://github.com/Dr-Nekoma][Dr. Nekoma]] and [[https://github.com/dont-rely-on-nulls][Don't Rely on Nulls]]. Currently, the following projects are hosted\nhere:\n\n+ [[https://github.com/Dr-Nekoma/lyceum][Lyceum]]\n\nThis setup is also an ongoing experiment that mixes multiple infrastructure and\ndeployment tools, including [[https://nixos.org/][Nix/NixOS]] (with [[https://github.com/nix-community/disko][disko]] and [[https://github.com/nix-community/impermanence][impermanence]]), [[https://devenv.sh/][devenv]] (for\nlocal development environments), [[https://opentofu.org/][OpenTofu]], and [[https://github.com/terrateamio/terrateam][Terrateam]].\n\n** Development\n\nEnter the Nix shell via the CLI, or leverage *direnv* for automatic environment loading:\n\n#+begin_src shell\n  # Using the Nix CLI\n  nix develop --impure\n\n  # Or, if using direnv\n  direnv allow\n#+end_src\n\n*** Setting Up Local Keys\n\nIf you don’t have SSH keys configured yet:\n\n#+begin_src shell\n  cd $HOME/.ssh\n  ssh-keygen -t ed25519 -C \"your.email@gmail.com\"\n#+end_src\n\nThen, return to this project's root directory and:\n\n1. Modify [[./keys/default.nix]] to add your user and public key following the existing format.\n2. If you want to add a new secret, edit [[./secrets/secrets.nix]] and include it there.  \n   Use ~everyone~ as the list of public keys.\n\n   #+begin_src shell\n     # If your SSH agent already has a key loaded\n     agenix -e \"my_secret.age\"\n\n     # Or, explicitly specify your private key\n     agenix -e \"my_secret.age\" -i ~/.ssh/your_private_key\n   #+end_src\n\n3. Finally, rekey all secrets:\n\n   #+begin_src shell\n     # With the agent\n     agenix --rekey\n\n     # Or manually\n     agenix --rekey -i $HOME/.ssh/your_private_key\n   #+end_src\n\n*** QEMU VM\n\nTo build and run a local virtual machine for testing:\n\n#+begin_src shell\n  just build-qemu   # or: just bq, or simply: bq\n#+end_src\n\nThen:\n\n#+begin_src shell\n  just run-qemu     # or: just rq, or simply: rq\n#+end_src\n\nInside the VM, verify services are running correctly:\n\n#+begin_src shell\n  systemctl status sshd.service\n  # or, if the configuration includes PostgreSQL\n  sudo --user postgres psql\n#+end_src\n\nYou can also add a convenient SSH config entry (on ~$HOME/.ssh/config~):\n\n#+begin_src shell\n  Host nekoma_vm\n    HostName 127.0.0.1\n    Port 2222\n    User root \n    IdentityFile /dev/null\n    StrictHostKeyChecking no\n    UserKnownHostsFile /dev/null\n    CheckHostIP no\n\n  # Also useful when targeting the cloud providers\n  Host nekoma_vm\n    HostName \u003cwhatever-you-get-from-tofu\u003e\n    Port 22\n    User your_user\n    IdentityFile your_key\n#+end_src\n\nThen connect with:\n\n#+begin_src shell\n  ssh nekoma_vm\n#+end_src\n\nOnce the VM is up, you can run:\n\n#+begin_src shell\n  just deploy-qemu\n#+end_src\n\n*** Custom ISO\n\nTo build a bootable ISO image (for testing or deployment bootstraps):\n\n#+begin_src shell\n  nix build .#iso\n#+end_src\n\n** Deployment\n\nTrashcan uses a two-stage deployment process that combines *OpenTofu* and\n*NixOS* for reproducible configuration management.\n\n1. *Bootstrap Infrastructure*\n\n   This stage provisions the minimal infrastructure required to get the system\n   running, including:\n\n   - Networking setup (VPCs, subnets).\n   - A static IP.\n   - Base compute instances.\n   - A *minimal NixOS configuration* that includes:\n\n     + SSH\n     + A couple base users\n     + Common packages and tools\n\n     and is deployed using the Terraform modules from [[https://github.com/nix-community/nixos-anywhere/tree/main/terraform][nixos-anywhere]].\n\n2. *Declarative Configuration (NixOS)*\n\n   Once the base system is up, NixOS takes over. This configuration then evolves\n   into a final one, which adds services like:\n\n   - PostgreSQL and PgBouncer\n   - Secrets management (via [[https://github.com/ryantm/agenix][agenix]])\n   - Application deployments (e.g., Lyceum's game server)\n\n*** Provisioning with OpenTofu\n\nWe target two cloud providers as of now:\n\n- *AWS*\n- *Magalu Cloud*\n\nMake sure that each environment has their proper access tokens configured.\n\n**** AWS\n\n#+begin_src shell\n  just plan \"aws\"     # or 'pa'\n  just apply \"aws\"    # or 'aa'\n\n  # To destroy all infrastructure\n  just destroy \"aws\"  # or 'da'\n#+end_src\n\n**** Magalu Cloud\n\n#+begin_src shell\n  just plan \"mgc\"     # or 'pm'\n  just apply \"mgc\"    # or 'am'\n\n  # To destroy all infrastructure\n  just destroy \"mgc\"  # or 'dm'\n#+end_src\n\n* Acknowledgements\n\n+ The initial Terraform-based (now OpenTofu) bootstrap is adapted from the excellent\n  [[https://github.com/Gabriella439/nixos-in-production][NixOS in Production]] book, later heavily customized.\n+ The Magalu Cloud setup was inspired by\n  [[https://github.com/Misterio77/hackathon-mgc-factorio-terraform][the Declarative Factorio]] project.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdont-rely-on-nulls%2Fchessboard","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdont-rely-on-nulls%2Fchessboard","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdont-rely-on-nulls%2Fchessboard/lists"}