GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → johnae → world

johnae / world

Licence: MIT license
NixOS configuration

Programming Languages

Nix
1067 projects
Nu
17 projects
shell
77523 projects
just
2 projects

World

This is the NixOS configuration repository for all my machines and custom packages (i.e not part of nixpkgs yet). In some sense it is my world, which is how it got its name.

It’s based on a relatively recent feature of the Nix package manager called flakes. Flakes are somewhat similar to a Cargo.toml/Cargo.lock from the Rust programming language, a go.mod/go.sum from the Go programming language or the package.json/package.lock files used by the Node Package Manager. The difference being that it is language agnostic - it handles any package(s) or file(s) really. Here, we’re using it to build hosts and software deterministically in a reproducible fashion. This would all be possible using Nix without the flakes feature, but it would be more work to design and keep it up-to-date. While flakes are still labelled “experimental” they have a bright future.

Installing a new machine

Add a new toml file under the hosts/ directory, possibly copying an existing fitting host and modifying it. Add the wanted profiles and other configuration. Commit and push them to this repository. Currently I PXE boot the (mostly automatic) installer which will format disks and install the system and configuration for the defined hosts. To PXE boot the installer, enable any necessary options in BIOS and then, on another machine on the network from a checkout of this repo, run:

nix develop -c world pixieboot

You may have to turn off or tweak your firewall for the above to work. I’ve yet to do anything specific for that but I guess you could probably use the NixOS configuration options for pixiecore which would handle the firewall for you. But since this is usually a one-off thing for me I don’t use that. By the way, I’m using pixiecore currently because it’s super simple to use and setup as opposed to most other pxe boot solutions, check it out. Might add netboot.xyz for remote server setups later.

Anyway, after running the above command you should be able to pxe boot a machine into the installer. You will then be asked which host to install and after that it’s mostly automatic - except for asking you what password to use to unlock the disk.

Installing without pxe booting

Installing without pxe booting should be quite easy as well, though slightly more involved. Just download a recent installer from https://nixos.org/download.html#nixos-iso and enable flakes after booting it:

mkdir -p /etc/nix
cat<<EOF>>/etc/nix/nix.conf
experimental-features = nix-command flakes
EOF

Then proceed to clone this repo:

cd /tmp
git clone https://github.com/johnae/world
cd world

After that, just do:

host=eris
nix build .#"$host"-diskformat
./result/bin/diskformat
nixos-install --flake .#"$host" --no-root-passwd --impure

The pxebooter just automates the above in a nicer fashion. Hosts are defined in the hosts/ directory.

Please note that the setup is quite tailored towards how I like it. For example: all disks are encrypted using dm-crypt and then on top of that formatted as btrfs, swap is automatically setup to a “reasonable” value that is not ideal for a lot of use cases, root is mounted as tmpfs and will therefore use some amount of RAM and it’ll also be ephemeral - a reboot results in a clean slate and you’ll have to opt-in to what you want to keep.

Updating an existing machine

Updates should be handled through standard commit/push/pullreq workflow. Updating a machine called “hello” can be done like this (on that machine):

nixos-rebuild switch --flake github:johnae/world#hello --use-remote-sudo

or via a local clone of this repo:

git clone [email protected]:johnae/world
cd world
nixos-rebuild switch --flake .#hello --use-remote-sudo

Package updates etc

Package updates and OS updates are automated through actions. The update action creates pull requests where all custom packages are built and then all machine configurations are built to test that things seem ok before merging. This should catch many issues coming from OS and package updates before they’re deployed.

License

MIT

This repository references many packages with varying licenses so please only consider the actual code in this repo to be MIT licensed.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].