{"id":23436441,"url":"https://github.com/effect-ts/infra","last_synced_at":"2025-07-10T16:35:41.908Z","repository":{"id":155095586,"uuid":"600528267","full_name":"Effect-TS/infra","owner":"Effect-TS","description":"Infrastructure relevant to the Effect organization","archived":false,"fork":false,"pushed_at":"2024-12-18T13:41:56.000Z","size":21956,"stargazers_count":9,"open_issues_count":1,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-12-20T06:43:34.581Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Nix","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Effect-TS.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["mikearnaldi","gcanti"]}},"created_at":"2023-02-11T19:14:05.000Z","updated_at":"2024-12-18T13:41:57.000Z","dependencies_parsed_at":"2023-10-05T01:19:13.105Z","dependency_job_id":"0fa0c4e5-3cc5-4ff4-aabe-44f4331ac1d7","html_url":"https://github.com/Effect-TS/infra","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Effect-TS%2Finfra","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Effect-TS%2Finfra/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Effect-TS%2Finfra/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Effect-TS%2Finfra/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Effect-TS","download_url":"https://codeload.github.com/Effect-TS/infra/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":230964326,"owners_count":18307468,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-23T13:19:22.337Z","updated_at":"2024-12-23T13:19:23.058Z","avatar_url":"https://github.com/Effect-TS.png","language":"Nix","funding_links":["https://github.com/sponsors/mikearnaldi","https://github.com/sponsors/gcanti"],"categories":[],"sub_categories":[],"readme":"# Effect Infrastructure \u003c!-- omit in toc --\u003e\n\n- [Getting Started](#getting-started)\n  - [Prerequisites](#prerequisites)\n- [Directory Structure](#directory-structure)\n  - [NixOS](#nixos)\n    - [Home Manager](#home-manager)\n    - [Modules](#modules)\n  - [Terraform](#terraform)\n    - [Bootstrapping](#bootstrapping)\n    - [GitHub](#github)\n  - [Troubleshooting](#troubleshooting)\n- [Secret Management](#secret-management)\n  - [Updating Secrets](#updating-secrets)\n  - [NixOS](#nixos-1)\n  - [Terraform](#terraform-1)\n  - [Adding a Public Key](#adding-a-public-key)\n\n## Getting Started\n\n### Prerequisites\n\nThis project works best if the following tools are installed:\n\n- [Nix](https://nixos.org/download.html)\n- [direnv](https://direnv.net/)\n\nIf you use `nix` and `direnv` on your host machine, then all required tooling and packages will be automatically installed for you in your development shell.\n\nIn addition, this project uses [`pre-commit`](https://pre-commit.com/). If you are not using Nix + `direnv`, you can install the Git hooks manually in your project by installing `pre-commit` and running:\n\n```bash\npre-commit install\n```\n\n## Directory Structure\n\n### NixOS\n\nThe directory structure of this project is optimized for sharing configuration as much as possible.\n\nThe `/hosts` directory contains all systems that are managed by NixOS. Each host has its own directory (with the same name as the machine's hostname).\n\nIn addition, the `/hosts` directory contains a `/common` subdirectory. This directory contains configuration that can be shared across all hosts. Within the `/common` subdirectory, we have the following:\n\n- `/common/global` -\u003e global configuration that is shared between all hosts\n- `/common/presets` -\u003e presets that are applied to specific host types (i.e. `nixos`, `darwin`, `desktop`, etc.)\n- `/common/users` -\u003e user-specific configuration that is shared between hosts\n\n#### Home Manager\n\nThe `/home` directory contains per-user, per-host Home Manager configurations. The directory hierarchy corresponds to the user-specific Home Manager configurations for a particular host.\n\n```\n/home/\u003cusername\u003e/\u003chostname\u003e\n```\n\nIn addition, the `/home` directory contains a `/common` subdirectory. This directory contains Home Manager configurations that can be shared across all hosts. Within the `/common` subdirectory, we have the following:\n\n- `/common/global` -\u003e global configuration that is shared between all hosts\n- `/common/presets` -\u003e presets that are applied to specific host types (i.e. `nixos`, `darwin`, `desktop`, etc.)\n\n#### Modules\n\nThe `/modules` directory contains shared NixOS and Home Manager modules.\n\n### Terraform\n\nFor infrastructure that is unable to be maintained by Nix (i.e. external services such as GitHub), we leverage HashiCorp Terraform.\n\n#### Bootstrapping\n\nYou can provision the infrastructure in AWS required to host Terraform state using the [`boostrap.sh`](./scripts/bootstrap.sh) script:\n\n```bash\n./terraform/scripts/bootstrap.sh --bucket \u003cbucket-name\u003e --region \u003caws-region\u003e --table \u003cdynamodb-table\u003e\n```\n\n#### GitHub\n\n```bash\ncd terraform/github\nterraform init\nterraform plan\n```\n\n### Troubleshooting\n\nTo lock provider versions for different operating systems / architectures:\n\n```bash\nterraform providers lock -platform=linux_amd64 -platform=darwin_amd64 -platform=linux_arm64 -platform=darwin_arm64\n```\n\n## Secret Management\n\nThis project makes use of [Mozilla SOPS (Secrets OPerationS)](https://github.com/mozilla/sops)\n\nThe [`.sops.yaml`](./.sops.yaml) file at the root of the repository defines creation rules for secrets to be encrypted with `sops`. Any files matching the defined creation rule paths will be encrypted with the specified public keys.\n\n### Updating Secrets\n\nTo update secret files after making changes to the `.sops.yaml` file, run the snippet below:\n\n```bash\nfind . -regex $(yq -r '[.creation_rules[] | \"./\" + .path_regex] | join(\"\\\\|\")' \"$(pwd)/.sops.yaml\") | \\\nxargs -i sops updatekeys -y {}\n```\n\n### NixOS\n\nThe project uses [`sops-nix`](https://github.com/Mic92/sops-nix) for automatically decrypting and injecting secrets into our NixOS configurations.\n\n### Terraform\n\nThe project uses the [`carlpett/sops`] Terraform provider for automatically decrypting and injecting secrets into our Terraform configurations.\n\n### Adding a Public Key\n\nThe easiest way to add new machines is by using SSH host keys (this requires OpenSSH to be enabled).\n\nWe use `age` to encrypt secrets. To obtain an `age` public key, you can use the `ssh-to-age` tool to convert a host SSH Ed25519 key to the age format.\n\n```bash\nnix run nixpkgs#ssh-to-age -- ssh-to-age \u003c /etc/ssh/ssh_host_ed25519_key.pub\n```\n\nThen add the `age` public key to the `.sops.yaml` file, apply it to the desired key groups, and then re-encrypt the secret files (see [Updating Secrets](#updating-secrets)).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feffect-ts%2Finfra","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Feffect-ts%2Finfra","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feffect-ts%2Finfra/lists"}