nixos-servers/README.md

# nixos-servers

Nix definitions to configure our server.
Currently, our three main machines and all virtual machines run NixOS!

## Acknowledgements

- [deploy-rs](https://github.com/serokell/deploy-rs): NixOS deploy tool with rollback functionality
- [disko](https://github.com/nix-community/disko): declarative disk partitioning
- [agenix](https://github.com/ryantm/agenix): deployment of encrypted secrets to NixOS machines
- [dns.nix](https://github.com/kirelagin/dns.nix): A Nix DSL for defining DNS zones
- [microvm.nix](https://github.com/astro/microvm.nix): Declarative virtual machine management in NixOS
- [flake-utils](https://github.com/numtide/flake-utils): Handy utilities to develop Nix flakes
- [nixos-hardware](https://github.com/NixOS/nixos-hardware): Hardware-specific NixOS modules. Doing the heavy lifting for our Raspberry Pi.

## Installation

### Prerequisites

1. Install the Nix package manager or NixOS ([link](https://nixos.org/download))
2. Enable flake and nix commands ([link](https://nixos.wiki/wiki/Flakes#Enable_flakes_permanently_in_NixOS))

### Bootstrapping

We bootstrap our physical server using [nixos-anywhere](https://github.com/nix-community/nixos-anywhere).
This reformats the hard disk of the server and installs a fresh NixOS.
Additionally, it deploys an age identity, which is later used for decrypting secrets.

⚠️  This will wipe your server completely ⚠️

1. Make sure your have a [Secret service](https://www.gnu.org/software/emacs/manual/html_node/auth/Secret-Service-API.html) running (such as Keepassxc) that provides the age identity.
2. Ensure you have root SSH access to the server.
3. Run nixos-anywhere: `nix run .#bootstrap <servername> <hostname>`

### Deployment

To deploy all servers at once: `nix run nixpkgs#deploy-rs -- .# -k`
To deploy only one server: `nix run nixpkgs#deploy-rs -- -k --targets .#<host>`

## Known bugs

When deploying a new virtiofs share, the error `Failed to connect to '<name>.sock': No such file or directory` can occur.
This seems to be a bug in `microvm.nix` and I opened a bug report [here](https://github.com/astro/microvm.nix/issues/200).
A workaround is to deploy the share without `deploy-rs`'s rollback feature enabled:
```
nix run nixpkgs#deploy-rs -- -k --targets .#<host> --auto-rollback false --magic-rollback false
```
init 2023-11-05 17:43:32 +00:00			`# nixos-servers`

Update README.md 2024-02-10 22:14:10 +00:00			`Nix definitions to configure our server.`
			`Currently, our three main machines and all virtual machines run NixOS!`
init 2023-11-05 17:43:32 +00:00
Update README.md 2024-02-10 22:14:10 +00:00			`## Acknowledgements`

			`- [deploy-rs](https://github.com/serokell/deploy-rs): NixOS deploy tool with rollback functionality`
			`- [disko](https://github.com/nix-community/disko): declarative disk partitioning`
			`- [agenix](https://github.com/ryantm/agenix): deployment of encrypted secrets to NixOS machines`
			`- [dns.nix](https://github.com/kirelagin/dns.nix): A Nix DSL for defining DNS zones`
			`- [microvm.nix](https://github.com/astro/microvm.nix): Declarative virtual machine management in NixOS`
update documentation 2024-03-02 13:10:36 +00:00			`- [flake-utils](https://github.com/numtide/flake-utils): Handy utilities to develop Nix flakes`
			`- [nixos-hardware](https://github.com/NixOS/nixos-hardware): Hardware-specific NixOS modules. Doing the heavy lifting for our Raspberry Pi.`
restructure documentation 2023-12-29 11:51:42 +00:00
Update README.md 2024-02-10 22:14:10 +00:00			`## Installation`
restructure documentation 2023-12-29 11:51:42 +00:00
Update README.md 2024-02-10 22:14:10 +00:00			`### Prerequisites`
update README change directory naming 2023-11-05 18:03:44 +00:00
update readme update boostrap script 2023-11-15 12:24:06 +00:00			`1. Install the Nix package manager or NixOS ([link](https://nixos.org/download))`
			`2. Enable flake and nix commands ([link](https://nixos.wiki/wiki/Flakes#Enable_flakes_permanently_in_NixOS))`
initial nixos-anywhere 2023-11-13 21:44:43 +00:00
Update README.md 2024-02-10 22:14:10 +00:00			`### Bootstrapping`
initial nixos-anywhere 2023-11-13 21:44:43 +00:00
update readme update boostrap script 2023-11-15 12:24:06 +00:00			`We bootstrap our physical server using [nixos-anywhere](https://github.com/nix-community/nixos-anywhere).`
			`This reformats the hard disk of the server and installs a fresh NixOS.`
			`Additionally, it deploys an age identity, which is later used for decrypting secrets.`
update README change directory naming 2023-11-05 18:03:44 +00:00
update readme update boostrap script 2023-11-15 12:24:06 +00:00			`⚠️ This will wipe your server completely ⚠️`
update README change directory naming 2023-11-05 18:03:44 +00:00
update readme update boostrap script 2023-11-15 12:24:06 +00:00			`1. Make sure your have a [Secret service](https://www.gnu.org/software/emacs/manual/html_node/auth/Secret-Service-API.html) running (such as Keepassxc) that provides the age identity.`
			`2. Ensure you have root SSH access to the server.`
package boostrap program remove devShell 2024-02-29 22:07:51 +00:00			3. Run nixos-anywhere: `nix run .#bootstrap <servername> <hostname>`
Update README.md 2023-11-05 18:07:32 +00:00
Update README.md 2024-02-10 22:14:10 +00:00			`### Deployment`
Update README.md 2023-11-05 18:07:32 +00:00
update documentation 2024-03-02 13:10:36 +00:00			To deploy all servers at once: `nix run nixpkgs#deploy-rs -- .# -k`
update documentation for running deploy-rs 2024-03-02 09:50:16 +00:00			To deploy only one server: `nix run nixpkgs#deploy-rs -- -k --targets .#<host>`
update readme about microvm bug 2024-02-05 21:50:57 +00:00
			`## Known bugs`

			When deploying a new virtiofs share, the error `Failed to connect to '<name>.sock': No such file or directory` can occur.
			This seems to be a bug in `microvm.nix` and I opened a bug report [here](https://github.com/astro/microvm.nix/issues/200).
			A workaround is to deploy the share without `deploy-rs`'s rollback feature enabled:
			```
update documentation for running deploy-rs 2024-03-02 09:50:16 +00:00			`nix run nixpkgs#deploy-rs -- -k --targets .#<host> --auto-rollback false --magic-rollback false`
update readme about microvm bug 2024-02-05 21:50:57 +00:00			```