Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/azazel75/giskard-configuration

Remote-managed configuration of my home server using NixOS
https://github.com/azazel75/giskard-configuration

configuration nix nixos

Last synced: 3 months ago
JSON representation

Remote-managed configuration of my home server using NixOS

Host: GitHub
URL: https://github.com/azazel75/giskard-configuration
Owner: azazel75
License: gpl-3.0
Created: 2018-09-19T02:03:10.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2022-02-27T14:54:51.000Z (almost 3 years ago)
Last Synced: 2024-07-30T19:32:44.890Z (6 months ago)
Topics: configuration, nix, nixos
Language: Nix
Size: 85 KB
Stars: 5
Watchers: 4
Forks: 2
Open Issues: 0
Metadata Files:
- Readme: README.rst
- License: LICENSE

Awesome Lists containing this project

README

        .. -*- coding: utf-8 -*-

.. :Project:   giskard -- Some little documentation

.. :Created:   mar 18 set 2018 22:21:11 CEST

.. :Author:    Alberto Berti 

.. :License:   GNU General Public License version 3 or later

.. :Copyright: © 2018 Alberto Berti

..

=========================

 Giskard's configuration

=========================

This is the configuration of my home server named *Giskard*. Its

configuration is made with NixOS__. I had it saved on the server

as NixOS own manual__ recommends.

After reading Gabriel's `NixOS in production`__ post I finally knew

how to obtain a bare functionality like NixOps__, but without NixOps

dependency and its "saved states". This a simple configuration for a

single, *bare metal*, server and there's no metadata due to a cloud

infrastructure being involved.

I copied Giskard's ``/etc/nixos/configuration.nix`` here and then

condensed Gabriel's wisdom and that of others in the ``Makefile`` and

``default.nix`` sources. What's here?

- A NixOS configuration that can be built locally and then pushed and

  installed into the designated server using ``ssh``. A new profile

  generation is created in the process so that the server's

  configuration can be rolled back in case the new one isn't working

  properly.

- The ``nixpkgs`` archive is pinned to a known release using NixOS'

  `channel commit ash`__.

- A command to query the built configuration.

- Secrets and passwords protected using `git crypt`__

__ https://nixos.org

__ https://nixos.org/nixos/manual/

__ http://www.haskellforall.com/2018/08/nixos-in-production.html

__ https://nixos.org/nixops/

__ https://releases.nixos.org/nixos/18.09/nixos-18.09beta302.9fa6a261fb2/git-revision

__ https://github.com/AGWA/git-crypt

How to use this repository

==========================

You will have to clone it, replace my server's configuration with

yours and change the ``DEST`` variable inside the ``shell.nix``. You

will have also to update the commit hashes in ``shell.nix``, have a

look here__.

__ https://nixos.org/channels/

Then to activate the commands run the following in a terminal::

  $ source env.sh

This command will install Nix__ if it isn't installed already. In such

case it will ask you for your password because it will need superuser

privileges to create the ``/nix`` directory, where it will store its

packages.

__ https://nixos.org/nix/

Then you will have the following commands at your disposal:

**build**

  This command will:

  1. instantiate (i.e. evaluate the nix expression and generate the

     derivation) the (configuration) *Nix* expression in ``nixos.nix``;

  2. copy it to the destination server;

  3. build the configuration on the same destination.

**deploy**

  This command will perform the following actions:

  1. execute the **build** command;

  2. add a new profile's generation to the *system* profile, that way

     it can be rolled back if necessary;

  3. activate the new configuration.

**print_option** **

  This command allows you to know the final value of a configuration

  option, much like NixOS own ``nixos-option`` command but instead

  looks up the value in the built configuration. If I want to know the

  value of the ``boot.kernel.sysctl`` option, I'll execute the

  following::

    print_option boot.kernel.sysctl

    ➤➤ Printing config option "boot.kernel.sysctl"...

    { "fs.inotify.max_user_watches" = 524288; "fs.protected_hardlinks" = true; "fs.protected_symlinks" = true; "kernel.core_pattern" = "core"; "kernel.kptr_restrict" = 1; "kernel.poweroff_cmd" = "/nix/store/wpcfjs9wn6nq1fy8hma177dqd3p6813h-systemd-239/sbin/poweroff"; "kernel.printk" = 4; "kernel.yama.ptrace_scope" = 0; "net.core.somaxconn" = 1024; "net.ipv6.conf.all.disable_ipv6" = true; "net.ipv6.conf.all.forwarding" = false; "net.ipv6.conf.default.disable_ipv6" = true; }

**clean**

  will delete the subproducts of *build* and *deploy* commands execution