docker_swarm | ||
nixos | ||
.gitignore | ||
flake.lock | ||
flake.nix | ||
README.md |
nixos-servers
Nix definitions to configure our server. Currently, our three main machines and all virtual machines run NixOS!
Acknowledgements
- deploy-rs: NixOS deploy tool with rollback functionality
- disko: declarative disk partitioning
- agenix: deployment of encrypted secrets to NixOS machines
- dns.nix: A Nix DSL for defining DNS zones
- microvm.nix: Declarative virtual machine management in NixOS
Installation
Prerequisites
Bootstrapping
We bootstrap our physical server using nixos-anywhere. This reformats the hard disk of the server and installs a fresh NixOS. Additionally, it deploys an age identity, which is later used for decrypting secrets.
⚠️ This will wipe your server completely ⚠️
- Make sure your have a Secret service running (such as Keepassxc) that provides the age identity.
- Ensure you have root SSH access to the server.
- Run nixos-anywhere:
nix run .#bootstrap <servername> <hostname>
Deployment
To deploy all servers at once: nix run nixpkgs#deploy-rs .# -k
To deploy only one server: nix run nixpkgs#deploy-rs -- -k --targets .#<host>
Known bugs
When deploying a new virtiofs share, the error Failed to connect to '<name>.sock': No such file or directory
can occur.
This seems to be a bug in microvm.nix
and I opened a bug report here.
A workaround is to deploy the share without deploy-rs
's rollback feature enabled:
nix run nixpkgs#deploy-rs -- -k --targets .#<host> --auto-rollback false --magic-rollback false