/nixos-hetzner-robot-starter

A sane, batteries-included starter template for running NixOS on Hetzner Robot

Primary LanguageNix

nixos-hetzner-robot-starter

This repository is intended to be a sane, batteries-included starter template for running a LunarVim-powered remote NixOS development environment on a Hetzner Robot dedicated server. It exists as a sister-project of nixos-wsl-starter and nixos-hetzner-cloud-starter.

If you don't want to dig into NixOS too much right now, the only file you need to concern yourself with is home.nix. This is where you can add and remove binaries to your global $PATH.

Go to https://search.nixos.org to find the correct package names, though usually they will be what you expect them to be in other package managers.

unstable-packages is for packages that you want to always keep at the latest released versions, and stable-packages is for packages that you want to track with the current release of NixOS (currently 23.11).

If you want to update the versions of the available unstable-packages, run nix flake update to pull the latest version of the Nixpkgs repository and then apply the changes.

Make sure to look at all the FIXME notices in the various files which are intended to direct you to places where you may want to make configuration tweaks.

If you found this starter template useful, please consider sponsoring and subscribing to my YouTube channel.

What Is Included

This starter is a lightly-opinionated take on a productive terminal-driven development environment based on my own preferences. However, it is trivial to customize to your liking both by removing and adding tools that you prefer.

  • The default editor is lvim
  • The default shell is zsh
  • docker is enabled by default
  • The prompt is Starship
  • fzf, lsd, zoxide, and broot are integrated into zsh by default
    • These can all be disabled easily by setting enable = false in home.nix, or just removing the lines all together
  • direnv is integrated into zsh by default
  • git config is generated in home.nix with options provided to enable private HTTPS clones with secret tokens
  • zsh config is generated in home.nix and includes git aliases, useful WSL aliases, and sensible$WORDCHARS

Quickstart

Watch the walkthrough video

  • Order a server on Hetzner Robot
    • For this tutorial, I am using an AX41-NVMe
    • The disk-config.nix file sets software RAID 1 on the 2x 512GB NVMe SSDs (just as the delivered server has)
  • Set your SSH public key in robot.nix and linux.nix
  • Go through all the FIXME: notices in this repo and make changes wherever you want
  • Make sure you have activated the Hetzner Rescue System by enabling it and then doing an automated hardware reset on the Robot web console
  • Run nixos-anywhere against root@<server-ip-address>
nix run github:numtide/nixos-anywhere -- --flake .#robot root@<server-ip-address>
  • Wait for the installation to complete
  • Try to SSH into the server with ssh <your-username-selected-in-flake.nix>@<server-ip-address>
  • You'll probably receive an error like the one below; follow the steps to remove the ip address from known_hosts
  @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
Please contact your system administrator.
Add correct host key in ~/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in ~/.ssh/known_hosts:6
  remove with:
  ssh-keygen -f ~/.ssh/known_hosts" -R "<ip addrress>"
Host key for <ip_address> has changed and you have requested strict checking.
Host key verification failed.
  • Now you can SSH into the server
  • In a local terminal window, you can apply updated configurations to the remote server
nix run github:serokell/deploy-rs -- --remote-build -s .#robot

Note: If developing in Rust, you'll still be managing your toolchains and components like rust-analyzer with rustup!

Project Layout

In order to keep the template as approachable as possible for new NixOS users, this project uses a flat layout without any nesting or modularization.

  • flake.nix is where dependencies are specified
    • nixpkgs is the current release of NixOS
    • nixpkgs-unstable is the current trunk branch of NixOS (ie. all the latest packages)
    • home-manager is used to manage everything related to your home directory (dotfiles etc.)
    • nur is the community-maintained Nix User Repositories for packages that may not be available in the NixOS repository
    • nix-index-database tells you how to install a package when you run a command which requires a binary not in the $PATH
    • disko is used to prepare VM storage for NixOS
  • robot.nix is where OpenSSH is configured and where the root SSH public key is set
  • linux.nix is where the server is configured
    • The hostname is set here
    • The default shell is set here
    • User groups are set here
    • NixOS options are set here
  • home.nix is where packages, dotfiles, terminal tools, environment variables and aliases are configured