4o1x5/4o1x5.dev
4o1x5/4o1x5.dev
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

remote deployments blog:

Browse source 
added a whole guide for getting started with nix remote deployments
fixed shortcodes view (still needs work)
This commit is contained in:
2005 2024-05-07 22:40:10 +02:00
parent 5652cfd45e
commit 84df8d1671
9 changed files with 274 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
config/_default/icons.toml
View file

24
content/post/guides/nix/remote-development/diagram1.svg Normal file
View file

File diff suppressed because one or more lines are too long
Side by side

After

Width:  |  Height:  |  Size: 10 KiB

248
content/post/guides/nix/remote-development/index.md Normal file
View file

@ -0,0 +1,248 @@
---
#title: Getting started with remote deployment on NixOs
title: Remote deployments on NixOs
description: A quick and dirty guide to get started with building systems to remote instances
date: 2024-05-04 00:00:00+0000
image: taylor-vick-M5tzZtFCOfs-unsplash.jpg
categories:
- Nix
- Guide
- Sysadmin
tags:
- Nix
- NixOs
- Server Management
draft: false
---
With the capabilities of Nix & Nixos, we can tailor-make services on our local computer,
build the system, and then transmit it to a remote server using the `--target-host` argument for `nixos-rebuild`
command. This is an efficient method of deploying services to distant servers because you
don't have to connect to the machine via SSH and set up the files locally before building
them there.
## How remote deployments work
![](diagram1.svg)
NixOS allows for a seamless build process, where you can create the system on your local computer and then use
SSH to transfer the configuration files to a remote machine where the services are deployed.
This process is easy to manage and streamline. Ez to learn!
## Getting started
First you will need a machine running NixOs. Duh. But also you will need to have root access to it in some way.
If you have the root user and its password then you are set to go and can skip to the section where [I explain how to get ready for remote deployment](#first-boot)
### Setting up NixOs on a server.
#### Installing
I assume if you are reading this article you know how to install an operating system.
You will need to flash an usb drive with NixOs, for the sake of an easy install I will use `latest-nixos-plasma5-x86_64-linux.iso` since It comes with a fearly easy to use Calamares installer.
![Installer](nixosinstaller.png)
You can go ahead and click through it and it will install.
## First boot
For remote deployment to work you will need to enable ssh and configure some parameters for it to work.
We are enabling root login and also sftp for file transfer.
```nix
# configuration.nix
services.openssh = {
enable = true;
allowSFTP = true;
settings = {
PasswordAuthentication = true;
PermitRootLogin = "yes";
};
};
networking.hostName = "server1";
networking.domain = "localhost";
```
**Rebuild the system**
```zsh
sudo nixos-rebuild switch
```
## Setting up key auth
To facilitate easy deployments, you can transfer your public SSH key to the remote machine, allowing you to log
in without having to enter the password for each rebuild. This method is both more convenient and safe
```bash
ssh-copy-id root@server
```
## Create a directory for the remote
On your local machine, it's important to organize your files into a directory, particularly when working with
multiple servers. This is demonstrated below, where I showcase my personal file
organization method.
{{< filetree/container >}}
{{< filetree/folder name="servers" >}}
{{< filetree/folder name="server1" state="closed" >}}
{{< filetree/file name="configuration.nix" >}}
{{< filetree/file name="flake.nix" >}}
{{< filetree/file name="flake.lock" >}}
{{< /filetree/folder >}}
{{< filetree/folder name="server2" state="closed" >}}
{{< filetree/file name="configuration.nix" >}}
{{< filetree/folder name="services" state="closed" >}}
{{< filetree/file name="matrix.nix" >}}
{{< filetree/file name="webserver.nix" >}}
{{< /filetree/folder >}}
{{< filetree/file name="flake.nix" >}}
{{< filetree/file name="flake.lock" >}}
{{< /filetree/folder >}}
{{< /filetree/folder >}}
{{< /filetree/container >}}
## Copying essential files from remote
NixOS does not support partial builds, so you will need to transfer all the necessary files from `/etc/nixos` to
your local machine. This includes files such as `hardware-configuration.nix` and `configuration.nix`.
```bash
scp configuration.nix root@server:/etc/nixos
```
```bash
scp hardware-configuration.nix root@server:/etc/nixos
```
## Create flakes
You can create a file called `flake.nix` or use `nix` to do so.
```bash
nix flake init .
```
Paste the following in the file.
```nix
# flake.nix
{
description = "Server1 deployments";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
};
outputs =
{ self
, nixpkgs
, ...
}:
let
system = "x86_64-linux";
in
{
nixosConfigurations.server1 = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
./configuration.nix
];
};
};
}
```
Here is an example of how your `configuration.nix` should look like.
```nix
# configuration.nix
{ config, pkgs, ... }:
{
imports =
[
./hardware-configuration.nix
];
networking.hostName = "server1";
networking.domain = "example.com";
services.openssh = {
enable = true;
allowSFTP = true;
settings = {
PasswordAuthentication = true;
PermitRootLogin = "yes";
};
};
}
```
## Set up a service
This little example shows a dummy nginx service.
```nix
# nginx.nix
services.nginx = {
enable = true;
virtualHosts = {
"example.com" = {
locations."/" = {
# ...
};
};
};
}
```
Insert it in the configuration.nix `imports` section.
```nix
imports = [
./hardware-configuration.nix
./nginx.nix
];
```
## Deploy!
After all this we can just go ahead and execute a rebuild like we would do on our local machine. Except in this case we have to add the `--flake` to the rebuild command and also add the hostname we are building for.
```bash
nixos-rebuild switch --flake .#server1 --target-host root@server --show-trace
```
## Service management
Since NixOs uses systemd we can utilize its tools such as `journalctl` or `systemcl` to check up on how our services are doing.
Here are a few commands I recommend using
Prints the last 100 logs of nginx
```bash
journalctl -u nginx.service -n 200
```
Displays the status of the service
```bash
systemctl status nginx.service
```
## Afterthoughts
The first-boot section could be skipped if you [create a custom nixos installation media](https://wiki.nixos.org/wiki/Creating_a_NixOS_live_CD) then flash that to the server. With a custom media you can define ssh to already have these options enabled and also can add your public key.
This is how I've been doing my deployments for the past 1 month for the 4 of my servers. It's much easier than my old-school method of ssh-ing into my alpine machines and manage my deployments with `docker-compose`

BIN
content/post/guides/nix/remote-development/nixosinstaller.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 526 KiB

BIN
content/post/guides/nix/remote-development/taylor-vick-M5tzZtFCOfs-unsplash.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.5 MiB

1
content/post/guides/nix/setting-up-a-hugo-site-using-nix/index.en.md
View file

@ -6,6 +6,7 @@ image: daniele-levis-pelusi-YKsqkazGaOw-unsplash.jpg
categories: categories:
- Nix - Nix
- Guide - Guide
- Sysadmin
tags: tags:
- Nix - Nix

1
content/post/guides/switch-to-forgejo-now/index.md
View file

@ -6,6 +6,7 @@ image: yancy-min-842ofHC6MaI-unsplash.jpg
categories: categories:
- Blog - Blog
- Guide - Guide
- Sysadmin
tags: tags:
- Nix - Nix

1
layouts/shortcodes/filetree/file.html
View file

@ -3,7 +3,6 @@
<li class="hx-flex hx-list-none folder"> <li class="hx-flex hx-list-none folder">
<span class="hx-inline-flex hx-cursor-default hx-items-center hx-py-1"> <span class="hx-inline-flex hx-cursor-default hx-items-center hx-py-1">
{{- partial "utils/icon" (dict "name" "document-text" "attributes" "width=1em") -}}
<span class="ltr:hx-ml-1 rtl:hx-mr-1">{{ $name | markdownify }}</span> <span class="ltr:hx-ml-1 rtl:hx-mr-1">{{ $name | markdownify }}</span>
</span> </span>
</li> </li>

2
layouts/shortcodes/filetree/folder.html
View file

@ -4,10 +4,8 @@
<li class="hx-group hx-flex hx-list-none hx-flex-col"> <li class="hx-group hx-flex hx-list-none hx-flex-col">
<button class="hextra-filetree-folder hx-inline-flex hx-cursor-pointer hx-items-center hx-py-1 hover:hx-opacity-60"> <button class="hextra-filetree-folder hx-inline-flex hx-cursor-pointer hx-items-center hx-py-1 hover:hx-opacity-60">
<span data-state="{{ $state }}" class="data-[state=open]:hx-hidden"> <span data-state="{{ $state }}" class="data-[state=open]:hx-hidden">
{{- partial "utils/icon" (dict "name" "folder" "attributes" "width=1em") -}}
</span> </span>
<span data-state="{{ $state }}" class="data-[state=closed]:hx-hidden"> <span data-state="{{ $state }}" class="data-[state=closed]:hx-hidden">
{{- partial "utils/icon" (dict "name" "folder-open" "attributes" "width=1em") -}}
</span> </span>
<span class="ltr:hx-ml-1 rtl:hx-mr-1">{{ $name }}</span> <span class="ltr:hx-ml-1 rtl:hx-mr-1">{{ $name }}</span>
</button> </button>