home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

nixos-anywhere #4

Merged
pim merged 8 commits from nixos-anywhere into master 2023-11-15 12:47:08 +00:00
Conversation 0 Commits 8 Files changed 25 +22 -18
2 changed files with 22 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 7fc138bc65 - Show all commits

38
README.md
View file

@ -1,23 +1,27 @@
# nixos-servers
Nix definitions to configure our physical servers.
Currently, only one physical server (named jefke) is implemented.
Currently, only one physical server (named jefke) is implemented but more are planned!
## Prerequisites
1. Install the Nix package manager or NixOS ([link](https://nixos.org/download))
2. Enable flake and nix commands ([link](https://nixos.wiki/wiki/Flakes#Enable_flakes_permanently_in_NixOS))
3. Install Direnv ([link](https://direnv.net/))
4. Allow direnv for this repository: `direnv allow`
## Bootstrapping
We bootstrap our physical server using [nixos-anywhere](https://github.com/nix-community/nixos-anywhere).
This reformats the hard disk of the server and installs a fresh NixOS.
Additionally, it deploys an age identity, which is later used for decrypting secrets.
⚠️ This will wipe your server completely ⚠️
1. Make sure your have a [Secret service](https://www.gnu.org/software/emacs/manual/html_node/auth/Secret-Service-API.html) running (such as Keepassxc) that provides the age identity.
2. Ensure you have root SSH access to the server.
3. Run nixos-anywhere: `./bootstrap <servername>`
## Deployment
### NEW
`nix run github:numtide/nixos-anywhere -- --flake .#hypervisor root@jefke.hyp`
### Prerequisites
Before a NixOS definition can be deployed, some prerequite preparational steps must be performed.
1. Manually install NixOS on the physical machine. This could potentially be automated in the future with [nixos-anywhere](https://github.com/nix-community/nixos-anywhere), but for now this is a manual process.
2. Enable SSH and install authorized keys.
3. Ensure Python3 is installed for Ansible.
4. Run Ansible playbook which deploys secrets `ansible-playbook deploy_secrets.yml`.
### NixOS deployment
Finally, the NixOS definition can be deployed as follows: `nix run github:serokell/deploy-rs`.
Deployment can simply be done as follows: `deploy`

2
bootstrap.sh
View file

@ -40,4 +40,4 @@ secret-tool lookup age-identity "$servername" > "$temp/root/age_ed25519"
chmod 600 "$temp/root/age_ed25519"
# Install NixOS to the host system with our age identity
nix run github:numtide/nixos-anywhere -- --extra-files "$temp" --flake '.#hypervisor' "root@$servername.hyp"
nixos-anywhere --extra-files "$temp" --flake ".#${servername}" "root@${servername}.hyp"