This is the configuration of my home server named Giskard. Its configuration is made with NixOS. I had it saved on the server as NixOS own manual recommends.
After reading Gabriel's NixOS in production post I finally knew how to obtain a bare functionality like NixOps, but without NixOps dependency and its "saved states". This a simple configuration for a single, bare metal, server and there's no metadata due to a cloud infrastructure being involved.
I copied Giskard's /etc/nixos/configuration.nix here and then
condensed Gabriel's wisdom and that of others in the Makefile and
default.nix sources. What's here?
- A NixOS configuration that can be built locally and then pushed and
installed into the designated server using
ssh. A new profile generation is created in the process so that the server's configuration can be rolled back in case the new one isn't working properly. - The
nixpkgsarchive is pinned to a known release using NixOS' channel commit ash. - A command to query the built configuration.
- Secrets and passwords protected using git crypt
You will have to clone it, replace my server's configuration with
yours and change the DEST variable inside the shell.nix. You
will have also to update the commit hashes in shell.nix, have a
look here.
Then to activate the commands run the following in a terminal:
$ source env.sh
This command will install Nix if it isn't installed already. In such
case it will ask you for your password because it will need superuser
privileges to create the /nix directory, where it will store its
packages.
Then you will have the following commands at your disposal:
- build
This command will:
- instantiate (i.e. evaluate the nix expression and generate the
derivation) the (configuration) Nix expression in
nixos.nix; - copy it to the destination server;
- build the configuration on the same destination.
- instantiate (i.e. evaluate the nix expression and generate the
derivation) the (configuration) Nix expression in
- deploy
This command will perform the following actions:
- execute the build command;
- add a new profile's generation to the system profile, that way it can be rolled back if necessary;
- activate the new configuration.
- print_option <dotted config option>
This command allows you to know the final value of a configuration option, much like NixOS own
nixos-optioncommand but instead looks up the value in the built configuration. If I want to know the value of theboot.kernel.sysctloption, I'll execute the following:print_option boot.kernel.sysctl ➤➤ Printing config option "boot.kernel.sysctl"... { "fs.inotify.max_user_watches" = 524288; "fs.protected_hardlinks" = true; "fs.protected_symlinks" = true; "kernel.core_pattern" = "core"; "kernel.kptr_restrict" = 1; "kernel.poweroff_cmd" = "/nix/store/wpcfjs9wn6nq1fy8hma177dqd3p6813h-systemd-239/sbin/poweroff"; "kernel.printk" = 4; "kernel.yama.ptrace_scope" = 0; "net.core.somaxconn" = 1024; "net.ipv6.conf.all.disable_ipv6" = true; "net.ipv6.conf.all.forwarding" = false; "net.ipv6.conf.default.disable_ipv6" = true; }- clean
- will delete the subproducts of build and deploy commands execution