|
|
||
|---|---|---|
| docker_swarm | ||
| docs | ||
| nix | ||
| .gitignore | ||
| flake.lock | ||
| flake.nix | ||
| README.md | ||
nixos-servers
Nix definitions to configure our servers at home.
Acknowledgements
- deploy-rs: NixOS deploy tool with rollback functionality
- disko: declarative disk partitioning
- agenix: deployment of encrypted secrets to NixOS machines
- dns.nix: A Nix DSL for defining DNS zones
- microvm.nix: Declarative virtual machine management in NixOS
- flake-utils: Handy utilities to develop Nix flakes
- nixos-hardware: Hardware-specific NixOS modules. Doing the heavy lifting for our Raspberry Pi.
Installation
Prerequisites
Bootstrapping
We bootstrap our physical server using nixos-anywhere. This reformats the hard disk of the server and installs a fresh NixOS. Additionally, it deploys an age identity, which is later used for decrypting secrets.
⚠️ This will wipe your server completely ⚠️
- Make sure your have a Secret service running (such as Keepassxc) that provides the age identity.
- Ensure you have root SSH access to the server.
- Run nixos-anywhere:
nix run .#bootstrap <servername> <hostname>
Deployment
To deploy all servers at once: nix run nixpkgs#deploy-rs -- .# -k
To deploy only one server: nix run nixpkgs#deploy-rs -- -k --targets .#<host>
Known bugs
Failed to connect to socket
When deploying a new virtiofs share, the error Failed to connect to '<name>.sock': No such file or directory can occur.
This seems to be a bug in microvm.nix and I opened a bug report here.
A workaround is to deploy the share without deploy-rs's rollback feature enabled:
nix run nixpkgs#deploy-rs -- -k --targets .#<host> --auto-rollback false --magic-rollback false
Rsync not available during bootstrap
The rsync command was removed from recent NixOS ISO which causes nixos-anywhere to fail when copying extra files.
See this issue.
Solution is to execute nix-env -iA nixos.rsync on the host.