home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions
nixos-servers/README.md
Pim Kunis b67575f9e4 update readme
2024-03-09 11:44:29 +01:00

46 lines
2.2 KiB
Markdown
Raw Blame History

# nixos-servers
Nix definitions to configure our servers at home.
## Acknowledgements
- [deploy-rs](https://github.com/serokell/deploy-rs): NixOS deploy tool with rollback functionality
- [disko](https://github.com/nix-community/disko): declarative disk partitioning
- [agenix](https://github.com/ryantm/agenix): deployment of encrypted secrets to NixOS machines
- [dns.nix](https://github.com/kirelagin/dns.nix): A Nix DSL for defining DNS zones
- [microvm.nix](https://github.com/astro/microvm.nix): Declarative virtual machine management in NixOS
- [flake-utils](https://github.com/numtide/flake-utils): Handy utilities to develop Nix flakes
- [nixos-hardware](https://github.com/NixOS/nixos-hardware): Hardware-specific NixOS modules. Doing the heavy lifting for our Raspberry Pi.
## Installation
### Prerequisites
1. Install the Nix package manager or NixOS ([link](https://nixos.org/download))
2. Enable flake and nix commands ([link](https://nixos.wiki/wiki/Flakes#Enable_flakes_permanently_in_NixOS))
### Bootstrapping
We bootstrap our physical server using [nixos-anywhere](https://github.com/nix-community/nixos-anywhere).
This reformats the hard disk of the server and installs a fresh NixOS.
Additionally, it deploys an age identity, which is later used for decrypting secrets.
⚠️ This will wipe your server completely ⚠️
1. Make sure your have a [Secret service](https://www.gnu.org/software/emacs/manual/html_node/auth/Secret-Service-API.html) running (such as Keepassxc) that provides the age identity.
2. Ensure you have root SSH access to the server.
3. Run nixos-anywhere: `nix run .#bootstrap <servername> <hostname>`
### Deployment
To deploy all servers at once: `nix run nixpkgs#deploy-rs -- .# -k`
To deploy only one server: `nix run nixpkgs#deploy-rs -- -k --targets .#<host>`
## Known bugs
When deploying a new virtiofs share, the error `Failed to connect to '<name>.sock': No such file or directory` can occur.
This seems to be a bug in `microvm.nix` and I opened a bug report [here](https://github.com/astro/microvm.nix/issues/200).
A workaround is to deploy the share without `deploy-rs`'s rollback feature enabled:
```
nix run nixpkgs#deploy-rs -- -k --targets .#<host> --auto-rollback false --magic-rollback false
```
Reference in a new issue View git blame Copy permalink