fleet

Declarative stateful system provisioning and updates

Deploy NixOS clusters with multi-host modules, git-safe encrypted secrets, and automatic rollback on failure.

Multi-host modules

Configure multiple hosts at once. Wire up wireguard meshes, kubernetes clusters, or any cross-machine setup in a single module.

Git-safe secrets

Secrets encrypted with host SSH keys, stored safely in git. Automatic regeneration and reencryption when hosts change.

Automatic rollback

Deployment failures trigger automatic rollback. Works as long as the system passes the initrd stage.

fleetConfigurations.default = {
  // Shared NixOS config for all hosts
  nixos.imports = [ lanzaboote.nixosModules.lanzaboote ];

  // Multi-host modules
  imports = [
    ./wireguard
    (import ./kubernetes { hosts = ["a" "b"]; })
  ];

  // Per-host configuration
  hosts.controlplane-1 = {
    system = "x86_64-linux";
    nixos.imports = [
      ./controlplane-1/hardware-configuration.nix
      ./controlplane-1/configuration.nix
    ];
  };
};