Infrastructure as Code for our home servers
| docker_swarm | ||
| docs | ||
| nixos | ||
| .envrc | ||
| .gitignore | ||
| bootstrap.sh | ||
| flake.lock | ||
| flake.nix | ||
| README.md | ||
nixos-servers
Nix definitions to configure our server. Currently, our three main machines and all virtual machines run NixOS!
Acknowledgements
- deploy-rs: NixOS deploy tool with rollback functionality
- kubenix: Kubernetes management in Nix (usage planned for the future)
- disko: declarative disk partitioning
- agenix: deployment of encrypted secrets to NixOS machines
- dns.nix: A Nix DSL for defining DNS zones
- microvm.nix: Declarative virtual machine management in NixOS
Installation
Prerequisites
- Install the Nix package manager or NixOS (link)
- Enable flake and nix commands (link)
- Install Direnv (link)
- Allow direnv for this repository:
direnv allow
Bootstrapping
We bootstrap our physical server using nixos-anywhere. This reformats the hard disk of the server and installs a fresh NixOS. Additionally, it deploys an age identity, which is later used for decrypting secrets.
⚠️ This will wipe your server completely ⚠️
- Make sure your have a Secret service running (such as Keepassxc) that provides the age identity.
- Ensure you have root SSH access to the server.
- Run nixos-anywhere:
./bootstrap.sh <servername> <hostname>
Deployment
To deploy all servers at once: deploy
To deploy only one server: deploy --targets .#<host>
Known bugs
When deploying a new virtiofs share, the error Failed to connect to '<name>.sock': No such file or directory can occur.
This seems to be a bug in microvm.nix and I opened a bug report here.
A workaround is to deploy the share without deploy-rs's rollback feature enabled:
deploy --targets .#lewis --auto-rollback false --magic-rollback false