Gleipnir/nixos-systems
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Checkpoint for working deployment of Nix on new quadcore server

Browse source
This commit is contained in:
Eli Ribble 2026-05-07 22:24:04 +00:00
parent 6748641a85
commit 5145104a16
No known key found for this signature in database
4 changed files with 71 additions and 55 deletions
Download patch file Download diff file Expand all files Collapse all files

103
README.md
View file

@ -4,65 +4,82 @@ These are the system definitions for various systems being run by Gleipnir Techn
## Current Method ## Current Method
### Start a new system
You'll need to spawn a new shell that has access to `doctl`, the Digital Ocean CLI.
You need to use something with at least 2GB RAM. This has to do with the limits of `kexec`, which `nixos-anywherer` uses to spawn a newly built shell. I tested it myself (see below).
You can get the list of available sizes via `doctl compute size list`. We're cheap, so we care about the small ones:
```
$ doctl compute size list
Slug Description Memory VCPUs Disk Price Monthly Price Hourly
s-1vcpu-512mb-10gb Basic 512 1 10 4.00 0.005950
s-1vcpu-1gb Basic 1024 1 25 6.00 0.008930
s-1vcpu-1gb-amd Basic AMD 1024 1 25 7.00 0.010420
s-1vcpu-1gb-intel Basic Intel 1024 1 25 7.00 0.010420
s-1vcpu-1gb-35gb-intel Basic Intel 1024 1 35 8.00 0.011900
s-1vcpu-2gb Basic 2048 1 50 12.00 0.017860
s-1vcpu-2gb-amd Basic AMD 2048 1 50 14.00 0.020830
s-1vcpu-2gb-intel Basic Intel 2048 1 50 14.00 0.020830
s-1vcpu-2gb-70gb-intel Basic Intel 2048 1 70 16.00 0.023810
s-2vcpu-2gb Basic 2048 2 60 18.00 0.026790
s-2vcpu-2gb-amd Basic AMD 2048 2 60 21.00 0.031250
s-2vcpu-2gb-intel Basic Intel 2048 2 60 21.00 0.031250
s-2vcpu-2gb-90gb-intel Basic Intel 2048 2 90 24.00 0.035710
s-2vcpu-4gb Basic 4096 2 80 24.00 0.035710
s-2vcpu-4gb-amd Basic AMD 4096 2 80 28.00 0.041670
s-2vcpu-4gb-intel Basic Intel 4096 2 80 28.00 0.041670
s-2vcpu-4gb-120gb-intel Basic Intel 4096 2 120 32.00 0.047620
s-2vcpu-8gb-amd Basic AMD 8192 2 100 42.00 0.062500
```
This chart may change, of course. With this we'll choose the `s-1vcpu-2gb` basic system. You'll want to pick the project to start the droplet from the list at `doctl projects list`. Then use `digitalocean/create-droplet.sh` to create the droplet.
```
$ digitalocean/create-droplet.sh
```
### Convert to NixOS with nixos-anywhere ### Convert to NixOS with nixos-anywhere
First log in to the host using regular credentials. Set up an ssh key for root access. First log in to the host using regular credentials. Set up an ssh key for root access.
Get the disk layout using `/sbin/fdisk -l`. You're looking to figure out which disk is the boot disk and which isn't. Then update the `disk-config.nix` file for the matching provider to ensure that the boot disk gets written. #### SSH key for root access
Then check the network configuration via `ip route` and `ip addr` or `/etc/network/interfaces`. Update the network configuration at `network.nix` to match. Assuming you're using a Debian base for these instructions.
```bash
$ su
# apt install sudo
# echo 'ssh-ed25519 AAA....JGTm3 me@somewhere' > ~/.ssh/authorized_keys
# chmod 600 ~/.ssh/authorized_keys
```
Now log out and see if you can SSH into the host as root. nixos-anywhere will be using SSH as root quite a bit.
#### Copy a baseline config
Start by copying an existing host config to a new subdirectory. For me right now I'm working on an AMD Legacy Quadrcore, so I"ll copy one of those:
```shell
cp host/nocix/amd-legacy-quadcore host/nocix/amd-legacy-quadcore-123456
```
You'll then need to update `flake.nix` to have an entry for the new host configuration.
#### Configure root disk
Get the disk layout using `/sbin/fdisk -l`. You're looking to figure out which disk is the boot disk and which isn't. Use `ls -l /dev/disk/by-id/` to figure out the ID, which should be stable across reboots. Then update the `host/nocix/amd-legacy-quadcore-123456/disk-config.nix` file for the matching provider to ensure that the boot disk gets written.
#### Configure network
Then check the network configuration via `ip route` and `ip addr` or `/etc/network/interfaces`. Update the network configuration at `host/nocix/amd-legacy-quadcore-123456/network.nix` to match.
#### Generate the hardware configuration
Generate the hardware configuration Generate the hardware configuration
``` ```
$ cd nixos-anywhere $ cd nixos-anywhere
$ nix run github:nix-community/nixos-anywhere -- --flake ./#nocix --generate-hardware-config nixos-generate-config ./nocix/hardware-configuration --target-host root@1.2.3.4 $ nix run github:nix-community/nixos-anywhere -- --flake ./#nocix --generate-hardware-config nixos-generate-config ./nocix/hardware-configuration.nix --target-host root@1.2.3.4
``` ```
This apparently destroys the operating system. I'm not sure why. This apparently destroys the operating system. I'm not sure why.
The important thing is that it'll generate the hardware configuration at `./nocix/hardware-configuration.nix` which is different for every host and based on the specific CPU architecture and features.
You'll have to reload the operating system after this. Sorry. Then restart by adding the SSH config with the new password generated when the OS is reloaded.
At this point you can then actually deploy the NixOS anywhere with:
``` ```
$ cd nixos-anywhere $ cd nixos-anywhere
$ nix run github:nix-community/nixos-anywhere -- --flake ./#nocix-amd-legacy-sexcore --target-host root@nocix-amd-legacy-sexcore.gleipnir.technology $ nix run github:nix-community/nixos-anywhere -- --flake ./#nocix --target-host root@1.2.3.4
``` ```
This will take a while, maybe 20 minutes, but after you'll have a fully-functioning NixOS system with the correct SSH keys. This will take a while, maybe 10 minutes, and disconnect and reboot the server. From there you can ping it and wait for it to come back, usually around 10 minutes again. I think. I don't watch it.
#### Deploy full system
At this point you've got a server that has NixOS on it, but it's just a bare system missing most of its purpose. That's because we used nixos-anywhere and a special flake instead of our regular flakes.
You can start with copyng files from a working host
```
$ cp -R host/nocix/amd-legacy-quadcore-123 host/nocix/amd-legacy-quadcore-456
```
Then copy over the configuration files created during the nixos-anywhere steps above
```
$ cp nixos-anywhere/nocix/hardware-configuranion.nix nixos-anywhere/nocix/network.nix host/nocix/amd-legacy-quadcore-456
```
Before this will work you need to commit the files created in the above steps - nix flakes ignore files on disk that aren't in source code management if you're operating in a git repo context.
This may take a while, maybe 20 minutes, but after you'll have a fully-functioning NixOS system with the correct SSH keys.
### Adding a new host to the secrets ### Adding a new host to the secrets

2
nixos-anywhere/nocix/disk-config.nix
View file

@ -4,7 +4,7 @@
disko.devices = { disko.devices = {
disk = { disk = {
root = { root = {
device = "/dev/sda"; device = "/dev/disk/by-id/ata-SATA_SSD_18072512000554";
type = "disk"; type = "disk";
content = { content = {
type = "gpt"; type = "gpt";

7
nixos-anywhere/nocix/hardware-configuration.nix
View file

@ -8,9 +8,9 @@
[ (modulesPath + "/installer/scan/not-detected.nix") [ (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "ahci" "ohci_pci" "ehci_pci" "xhci_pci" "sd_mod" ]; boot.initrd.availableKernelModules = [ "ahci" "ohci_pci" "ehci_pci" "pata_atiixp" "floppy" "sd_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
@ -18,8 +18,7 @@
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

14
nixos-anywhere/nocix/network.nix
View file

@ -2,23 +2,23 @@
{ {
networking = { networking = {
defaultGateway = { defaultGateway = {
address = "63.141.227.153"; address = "107.150.42.1";
interface = "enp3s0"; interface = "enp2s0";
}; };
defaultGateway6 = { defaultGateway6 = {
address = "2604:4300:a:88::1"; address = "2604:4300:a:30::1";
interface = "enp3s0"; interface = "enp2s0";
}; };
firewall = { firewall = {
enable = false; enable = false;
}; };
interfaces.enp3s0 = { interfaces.enp2s0 = {
ipv4.addresses = [{ ipv4.addresses = [{
address = "63.141.227.154"; address = "107.150.42.2";
prefixLength = 29; prefixLength = 29;
}]; }];
ipv6.addresses = [{ ipv6.addresses = [{
address = "2604:4300:a:88::2"; address = "2604:4300:a:30::2";
prefixLength = 64; prefixLength = 64;
}]; }];
}; };