/bootstrap

🎞️ | Bootstrapping server from nix flake configs via rescue

Primary LanguageNixMIT LicenseMIT

Kolyma's {Bootstrap}

Bootstraping server starting from partition to configs.

Top Used Language Test CI

About

When you buy a server, specifically from Hetzner, you are not given the option to install NixOS. This repository provides an easy way to install NixOS on a Hetzner server using the nixos-anywhere tool.

Quickstart

  • Order a server on Hetzner Robot
    • For this guide, I used an AX41-NVMe and also tested on a AX52
    • The disk-config.nix file sets software RAID 1 on the 2x 512GB NVMe SSDs (just as the delivered server has)
  • Set your SSH public key in robot.nix and linux.nix
  • Go through all the FIXME: notices in this repo and make changes wherever you want
  • Make sure you have activated the Hetzner Rescue System by enabling it and then doing an automated hardware reset on the Robot web console
  • Run nixos-anywhere against root@<server-ip-address>
nix run github:numtide/nixos-anywhere -- --flake .#robot root@<server-ip-address>
  • Wait for the installation to complete
  • Try to SSH into the server with ssh <your-username-selected-in-flake.nix>@<server-ip-address>
  • You'll probably receive an error like the one below; follow the steps to remove the ip address from known_hosts
  @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
Please contact your system administrator.
Add correct host key in ~/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in ~/.ssh/known_hosts:6
  remove with:
  ssh-keygen -f ~/.ssh/known_hosts" -R "<ip addrress>"
Host key for <ip_address> has changed and you have requested strict checking.
Host key verification failed.
  • Now you can SSH into the server
  • In a local terminal window, you can apply updated configurations to the remote server
nix run github:serokell/deploy-rs -- --remote-build -s .#robot

Note: If developing in Rust, you'll still be managing your toolchains and components like rust-analyzer with rustup!

Project Layout

In order to keep the template as approachable as possible for new NixOS users, this project uses a flat layout without any nesting or modularization.

  • flake.nix is where dependencies are specified
    • nixpkgs is the current release of NixOS
    • nixpkgs-unstable is the current trunk branch of NixOS (ie. all the latest packages)
    • home-manager is used to manage everything related to your home directory (dotfiles etc.)
    • nur is the community-maintained Nix User Repositories for packages that may not be available in the NixOS repository
    • nix-index-database tells you how to install a package when you run a command which requires a binary not in the $PATH
    • disko is used to prepare VM storage for NixOS
  • robot.nix is where OpenSSH is configured and where the root SSH public key is set
  • linux.nix is where the server is configured
    • The hostname is set here
    • The default shell is set here
    • User groups are set here
    • NixOS options are set here
  • home.nix is where packages, dotfiles, terminal tools, environment variables and aliases are configured

License

This project is licensed under the MIT License - see the LICENSE file for details.

Kolyma's {Installer}