nixos-servers/README.md

# nixos-servers

Nix definitions to configure our servers at home.

## Acknowledgements

- [deploy-rs](https://github.com/serokell/deploy-rs): NixOS deploy tool with rollback functionality
- [disko](https://github.com/nix-community/disko): declarative disk partitioning
- [dns.nix](https://github.com/kirelagin/dns.nix): A Nix DSL for defining DNS zones
- [flake-utils](https://github.com/numtide/flake-utils): Handy utilities to develop Nix flakes
- [nixos-hardware](https://github.com/NixOS/nixos-hardware): Hardware-specific NixOS modules. Doing the heavy lifting for our Raspberry Pi
- [sops-nix](https://github.com/Mic92/sops-nix): Sops secret management for Nix

## Prerequisites

1. Install the Nix package manager or NixOS ([link](https://nixos.org/download))
2. Enable flake and nix commands ([link](https://nixos.wiki/wiki/Flakes#Enable_flakes_permanently_in_NixOS))

## Bootstrapping

We bootstrap our servers using [nixos-anywhere](https://github.com/nix-community/nixos-anywhere).
This reformats the hard disk of the server and installs a fresh NixOS.
Additionally, it deploys an age identity, which is later used for decrypting secrets.

⚠️  This will wipe your server completely ⚠️

1. Make sure you can decrypt the Sops-encrypted secrets in `secrets/`. You can test this by running `sops -d secrets/serverKeys.yaml`.
2. Ensure you have root SSH access to the server.
3. Run nixos-anywhere: `nix run '.#bootstrap' <servername> <hostname>`

## Deployment

To deploy all servers at once: `nix run 'nixpkgs#deploy-rs' -- '.#' -k`
To deploy only one server: `nix run 'nixpkgs#deploy-rs' -- -k --targets '.#<host>'`

## Known bugs

### Rsync not available during bootstrap

The `rsync` command was removed from recent NixOS ISO which causes nixos-anywhere to fail when copying extra files.
See [this](https://github.com/nix-community/nixos-anywhere/issues/260) issue.
Solution is to execute `nix-env -iA nixos.rsync` on the host.