From 5145104a16da7aa828679e72258c91fd66b027d4 Mon Sep 17 00:00:00 2001 From: Eli Ribble Date: Thu, 7 May 2026 22:24:04 +0000 Subject: [PATCH] Checkpoint for working deployment of Nix on new quadcore server --- README.md | 103 ++++++++++-------- nixos-anywhere/nocix/disk-config.nix | 2 +- .../nocix/hardware-configuration.nix | 7 +- nixos-anywhere/nocix/network.nix | 14 +-- 4 files changed, 71 insertions(+), 55 deletions(-) diff --git a/README.md b/README.md index b0a2aa4..48b795e 100644 --- a/README.md +++ b/README.md @@ -4,65 +4,82 @@ These are the system definitions for various systems being run by Gleipnir Techn ## Current Method -### Start a new system - -You'll need to spawn a new shell that has access to `doctl`, the Digital Ocean CLI. - -You need to use something with at least 2GB RAM. This has to do with the limits of `kexec`, which `nixos-anywherer` uses to spawn a newly built shell. I tested it myself (see below). - -You can get the list of available sizes via `doctl compute size list`. We're cheap, so we care about the small ones: - -``` -$ doctl compute size list -Slug Description Memory VCPUs Disk Price Monthly Price Hourly -s-1vcpu-512mb-10gb Basic 512 1 10 4.00 0.005950 -s-1vcpu-1gb Basic 1024 1 25 6.00 0.008930 -s-1vcpu-1gb-amd Basic AMD 1024 1 25 7.00 0.010420 -s-1vcpu-1gb-intel Basic Intel 1024 1 25 7.00 0.010420 -s-1vcpu-1gb-35gb-intel Basic Intel 1024 1 35 8.00 0.011900 -s-1vcpu-2gb Basic 2048 1 50 12.00 0.017860 -s-1vcpu-2gb-amd Basic AMD 2048 1 50 14.00 0.020830 -s-1vcpu-2gb-intel Basic Intel 2048 1 50 14.00 0.020830 -s-1vcpu-2gb-70gb-intel Basic Intel 2048 1 70 16.00 0.023810 -s-2vcpu-2gb Basic 2048 2 60 18.00 0.026790 -s-2vcpu-2gb-amd Basic AMD 2048 2 60 21.00 0.031250 -s-2vcpu-2gb-intel Basic Intel 2048 2 60 21.00 0.031250 -s-2vcpu-2gb-90gb-intel Basic Intel 2048 2 90 24.00 0.035710 -s-2vcpu-4gb Basic 4096 2 80 24.00 0.035710 -s-2vcpu-4gb-amd Basic AMD 4096 2 80 28.00 0.041670 -s-2vcpu-4gb-intel Basic Intel 4096 2 80 28.00 0.041670 -s-2vcpu-4gb-120gb-intel Basic Intel 4096 2 120 32.00 0.047620 -s-2vcpu-8gb-amd Basic AMD 8192 2 100 42.00 0.062500 -``` - -This chart may change, of course. With this we'll choose the `s-1vcpu-2gb` basic system. You'll want to pick the project to start the droplet from the list at `doctl projects list`. Then use `digitalocean/create-droplet.sh` to create the droplet. - - -``` -$ digitalocean/create-droplet.sh -``` - ### Convert to NixOS with nixos-anywhere First log in to the host using regular credentials. Set up an ssh key for root access. -Get the disk layout using `/sbin/fdisk -l`. You're looking to figure out which disk is the boot disk and which isn't. Then update the `disk-config.nix` file for the matching provider to ensure that the boot disk gets written. +#### SSH key for root access -Then check the network configuration via `ip route` and `ip addr` or `/etc/network/interfaces`. Update the network configuration at `network.nix` to match. +Assuming you're using a Debian base for these instructions. + +```bash +$ su +# apt install sudo +# echo 'ssh-ed25519 AAA....JGTm3 me@somewhere' > ~/.ssh/authorized_keys +# chmod 600 ~/.ssh/authorized_keys +``` + +Now log out and see if you can SSH into the host as root. nixos-anywhere will be using SSH as root quite a bit. + +#### Copy a baseline config + +Start by copying an existing host config to a new subdirectory. For me right now I'm working on an AMD Legacy Quadrcore, so I"ll copy one of those: + +```shell +cp host/nocix/amd-legacy-quadcore host/nocix/amd-legacy-quadcore-123456 +``` + +You'll then need to update `flake.nix` to have an entry for the new host configuration. + +#### Configure root disk + +Get the disk layout using `/sbin/fdisk -l`. You're looking to figure out which disk is the boot disk and which isn't. Use `ls -l /dev/disk/by-id/` to figure out the ID, which should be stable across reboots. Then update the `host/nocix/amd-legacy-quadcore-123456/disk-config.nix` file for the matching provider to ensure that the boot disk gets written. + +#### Configure network + +Then check the network configuration via `ip route` and `ip addr` or `/etc/network/interfaces`. Update the network configuration at `host/nocix/amd-legacy-quadcore-123456/network.nix` to match. + +#### Generate the hardware configuration Generate the hardware configuration ``` $ cd nixos-anywhere -$ nix run github:nix-community/nixos-anywhere -- --flake ./#nocix --generate-hardware-config nixos-generate-config ./nocix/hardware-configuration --target-host root@1.2.3.4 +$ nix run github:nix-community/nixos-anywhere -- --flake ./#nocix --generate-hardware-config nixos-generate-config ./nocix/hardware-configuration.nix --target-host root@1.2.3.4 ``` This apparently destroys the operating system. I'm not sure why. +The important thing is that it'll generate the hardware configuration at `./nocix/hardware-configuration.nix` which is different for every host and based on the specific CPU architecture and features. + +You'll have to reload the operating system after this. Sorry. Then restart by adding the SSH config with the new password generated when the OS is reloaded. + +At this point you can then actually deploy the NixOS anywhere with: + ``` $ cd nixos-anywhere -$ nix run github:nix-community/nixos-anywhere -- --flake ./#nocix-amd-legacy-sexcore --target-host root@nocix-amd-legacy-sexcore.gleipnir.technology +$ nix run github:nix-community/nixos-anywhere -- --flake ./#nocix --target-host root@1.2.3.4 ``` -This will take a while, maybe 20 minutes, but after you'll have a fully-functioning NixOS system with the correct SSH keys. +This will take a while, maybe 10 minutes, and disconnect and reboot the server. From there you can ping it and wait for it to come back, usually around 10 minutes again. I think. I don't watch it. + +#### Deploy full system + +At this point you've got a server that has NixOS on it, but it's just a bare system missing most of its purpose. That's because we used nixos-anywhere and a special flake instead of our regular flakes. + +You can start with copyng files from a working host + +``` +$ cp -R host/nocix/amd-legacy-quadcore-123 host/nocix/amd-legacy-quadcore-456 +``` + +Then copy over the configuration files created during the nixos-anywhere steps above + +``` +$ cp nixos-anywhere/nocix/hardware-configuranion.nix nixos-anywhere/nocix/network.nix host/nocix/amd-legacy-quadcore-456 +``` + +Before this will work you need to commit the files created in the above steps - nix flakes ignore files on disk that aren't in source code management if you're operating in a git repo context. + +This may take a while, maybe 20 minutes, but after you'll have a fully-functioning NixOS system with the correct SSH keys. ### Adding a new host to the secrets diff --git a/nixos-anywhere/nocix/disk-config.nix b/nixos-anywhere/nocix/disk-config.nix index ecafdcb..1bfa8b4 100644 --- a/nixos-anywhere/nocix/disk-config.nix +++ b/nixos-anywhere/nocix/disk-config.nix @@ -4,7 +4,7 @@ disko.devices = { disk = { root = { - device = "/dev/sda"; + device = "/dev/disk/by-id/ata-SATA_SSD_18072512000554"; type = "disk"; content = { type = "gpt"; diff --git a/nixos-anywhere/nocix/hardware-configuration.nix b/nixos-anywhere/nocix/hardware-configuration.nix index b3c19c3..aa109de 100644 --- a/nixos-anywhere/nocix/hardware-configuration.nix +++ b/nixos-anywhere/nocix/hardware-configuration.nix @@ -8,9 +8,9 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "ahci" "ohci_pci" "ehci_pci" "xhci_pci" "sd_mod" ]; + boot.initrd.availableKernelModules = [ "ahci" "ohci_pci" "ehci_pci" "pata_atiixp" "floppy" "sd_mod" ]; boot.initrd.kernelModules = [ "dm-snapshot" ]; - boot.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking @@ -18,8 +18,7 @@ # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; - # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/nixos-anywhere/nocix/network.nix b/nixos-anywhere/nocix/network.nix index dfbab1b..344f9d9 100644 --- a/nixos-anywhere/nocix/network.nix +++ b/nixos-anywhere/nocix/network.nix @@ -2,23 +2,23 @@ { networking = { defaultGateway = { - address = "63.141.227.153"; - interface = "enp3s0"; + address = "107.150.42.1"; + interface = "enp2s0"; }; defaultGateway6 = { - address = "2604:4300:a:88::1"; - interface = "enp3s0"; + address = "2604:4300:a:30::1"; + interface = "enp2s0"; }; firewall = { enable = false; }; - interfaces.enp3s0 = { + interfaces.enp2s0 = { ipv4.addresses = [{ - address = "63.141.227.154"; + address = "107.150.42.2"; prefixLength = 29; }]; ipv6.addresses = [{ - address = "2604:4300:a:88::2"; + address = "2604:4300:a:30::2"; prefixLength = 64; }]; };