{"id":22525065,"url":"https://github.com/micartey/nixos-server","last_synced_at":"2025-04-14T14:53:20.272Z","repository":{"id":266910543,"uuid":"899738609","full_name":"micartey/nixos-server","owner":"micartey","description":"NixOS Server Template","archived":false,"fork":false,"pushed_at":"2025-03-04T22:24:01.000Z","size":1413,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-28T03:45:20.865Z","etag":null,"topics":["nix","nixos","server"],"latest_commit_sha":null,"homepage":"https://github.com/micartey/nixos-server/wiki","language":"Nix","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/micartey.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-12-06T22:49:31.000Z","updated_at":"2025-03-04T22:24:05.000Z","dependencies_parsed_at":"2024-12-06T23:27:28.878Z","dependency_job_id":"f71c0700-f880-4fdd-8259-9cf5398fb32d","html_url":"https://github.com/micartey/nixos-server","commit_stats":null,"previous_names":["micartey/nixos-server"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/micartey%2Fnixos-server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/micartey%2Fnixos-server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/micartey%2Fnixos-server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/micartey%2Fnixos-server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/micartey","download_url":"https://codeload.github.com/micartey/nixos-server/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248901189,"owners_count":21180367,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["nix","nixos","server"],"created_at":"2024-12-07T06:08:09.103Z","updated_at":"2025-04-14T14:53:20.246Z","avatar_url":"https://github.com/micartey.png","language":"Nix","funding_links":[],"categories":[],"sub_categories":[],"readme":"# nixos-server\n\n\u003cdiv align=\"center\"\u003e\n    \u003cimg src=\"https://github.com/micartey/nixos-server/actions/workflows/nix.yml/badge.svg\" alt=\"pipeline status\"\u003e\n\u003c/div\u003e\n\n- [Introduction](#introduction)\n- [Setup](#setup)\n  - [Add a public key](#add-a-public-key)\n  - [Configure DNS](#configure-dns)\n  - [Configure Traefik](#configure-traefik)\n- [Build Live-ISO file](#build-live-iso-file)\n- [Build Raw Images](#build-raw-images)\n- [Build Docker Image](#build-docker-image)\n\n## Introduction\n\nThis repository serves as a template for NixOS server configurations.\nIt can either be directly used by cloning and installing it on a server, or by building and using images and deploy them on e.g. AWS.\nAlternatively, you can also build an live-ISO file and run it as a temporary playground or use the images for persistant VMs.\n\n### Pre-configured users\n\nThe pre-configured users all have no password and can only be accessed via SSH.\nMake sure to [add a public key](#add-a-public-key).\n\n- sirius (default user)\n- root\n\n### Pre-configured packages\n\n- Traefik (reverse proxy: 80, 443, 8080)\n- Docker (non root)\n- firewall (open ports: 22)\n- fonts and i18n (german keyboard layout)\n- cloudflare DNS\n- catppuccin theme\n- neovim\n- bash, zsh, kitty\n- oh-my-posh\n- git, gh\n- eza, bat, btop, fastfetch, fzf, ripgrep, yazi, zip, unzip, tree, just\n\n## Setup\n\n\u003e [!NOTE]\n\u003e Skip this section if you want to build an ISO or image.\n\u003e You can continue to the [Add a public key](#add-a-public-key) section.\n\nFirst, replace the `hardware-configuration.nix` in `/hosts/sirius`.\nYou can use the following command:\n\n```bash\n# Generate hardware configuration if not already done\nsudo nixos-generate-config\n\n# Use system specific hardware configuration\nsudo cp /etc/nixos/hardware-configuration.nix ./hosts/sirius/hardware-configuration.nix\n\n# Sometimes important information for the boot-loader is inside the configuration.nix file\n# In that case you need to copy that information to hardware-configuration.nix\n```\n\n### Add a public key\n\nAdd you public key in `/dots/ssh` and edit `/hosts/users.nix`.\nYou can do this by adding the following entry to one or both arrays:\n\n```nix\n(builtins.readFile ../dots/ssh/\u003cmy_key\u003e.pub)\n```\n\n### Configure DNS\n\nThe DNS is configured in `/modules/dns/cloudflare.nix` and registered in `/hosts/default.nix`.\nCloudflare uses the following IPv4 addresses:\n\n```plaintext\n1.1.1.1\n1.0.0.1\n```\n\n### Configure Traefik\n\nTraefik is configured in `/hosts/server/traefik.nix` and registered in `/hosts/server/default.nix`.\nYou need to edit the `secrets/secrets.yaml` file and add your cloudflare email and API key.\n\n```yaml\ncloudflare:\n  email: \u003cmy_email\u003e\n  api_key: \u003cglobal_api_key\u003e\n```\n\nFor a more precise guide on how to setup sops, see [here](https://github.com/micartey/nixos/tree/master/secrets).\n\n## Build Live-ISO file\n\n\u003e [!WARNING]\n\u003e You can build and run the ISO file, however, all changes will be stored in RAM and are not persistent.\n\u003e There is currently no installation process from the iso.\n\nTo build an ISO file, run the following command:\n\n```bash\njust iso\n```\n\n### Run Live-ISO file\n\n\u003e [!NOTE]\n\u003e Edit the `justfile` to change the resources located to the VM.\n\u003e The default configuration is 8 CPUs and 16GB of RAM.\n\u003e Keep in mind that everything is stored in the RAM so you should allocate enough RAM to the VM.\n\nTo run the ISO file, run the following command:\n\n```bash\njust iso-vm\n\n# Inside of the VM, run: sudo su sirius\n# This will switch to the sirius (default non-root user) which also has home-manager configured\n```\n\n## Build Raw Images\n\n\u003e [!NOTE]\n\u003e Images can be run on some cloud providers and on all virtualization software.\n\u003e They are persistent and adjust the storage size dynamically.\n\nYou can now also build raw and qcow2 images.\nThese images can be used to run the server on a cloud provider.\nChanges are persistent and survive reboots.\n\n```bash\n# Build raw images (file with .img extension)\n# This type is allegedly used on most cloud providers\nsudo just raw\n\n# Build qcow2 images (file with .qcow2 extension)\nsudo just qcow\n```\n\n### Run Images\n\n```bash\njust raw-vm\n\njust qcow-vm\n```\n\n## Build Docker Image\n\n\u003e [!WARNING]\n\u003e Docker images of this kind should never be used for containers.\n\u003e Containers are meant to be small, lightweight and modular which also means one container per service.\n\u003e An entire OS in a container is a bad practice and should be avoided.\n\u003e Furthermore, containers created from this image need to be run in privileged mode which is a security risk.\n\nIt is also possible to create a docker image.\nHowever, there is a lot of overhead and docker e.g. woudln't work.\nFor the sake of completeness, here is how to create a docker image:\n\n```bash\nnix run github:nix-community/nixos-generators -- \\\n    --format docker \\\n    --flake .#siriusDocker \\\n    -o result\n\n# Copy the tarball to the root directory\nsudo cp result/tarball/*.tar.xz nixos.tar.xz\n```\n\nBefore you can do anything meaningful, you should remove the following files.\nThis step is not necessary as it would also spin to life without it, however, some of these features are obsolete or not working at all.\n\n- /modules/docker.nix\n- /modules/catppuccin.nix\n- /modules/dns\n- /home/git.nix\n- /hosts/fonts.nix\n- /hosts/shell.nix\n- /hosts/i18n.nix\n- ...\n\n### Run Docker Image\n\n```bash\ndocker import nixos.tar.xz nixos-server:latest\ndocker run --privileged -it -p 2222:22 --rm nixos-server:latest /init\n```\n\nYou can connect to the docker container via one of the following methods:\n\n```bash\ndocker exec -it $(docker ps | grep nixos-server:latest | awk '{ print $1 }') /run/current-system/sw/bin/bash\n\n# SSH requires one to open the port 22\nssh -o StrictHostKeychecking=no -p 2222 sirius@localhost\n```\n\nSSH might take a few tens of seconds to start up.\nBe patient when using that method.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmicartey%2Fnixos-server","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmicartey%2Fnixos-server","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmicartey%2Fnixos-server/lists"}