adyxax/www
1
0
Fork 0
Code Issues Activity

Added nixos getting started blog article

Browse source
This commit is contained in:
Julien Dessaux 2023-09-30 23:29:19 +02:00
parent a5216b8136
commit eae2953e7c
Signed by: adyxax
GPG key ID: F92E51B86E07177E
1 changed files with 174 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

174
content/blog/nix/nixos-getting-started.md Normal file
View file

@ -0,0 +1,174 @@
---
title: Getting started with nixos
description: How to setup an UEFI compatible virtual machine running nixos
date: 2023-09-30
tags:
- nix
---
## Introduction
After discovering nix I quickly jumped into nixos, the Linux distribution based on nix. It has been a few months now and I very much like nixos's stability and reproducibility. Upgrades went smoothly each time and I migrated quite a few services to a nixos server.
## Installation
### Virtual machine bootstrap
Installing nixos is really not hard, you quickly get to a basic setup you can completely understand thanks to its declarative nature. When I began tinkering with nixos, my goal was to install it on a vps for which I needed UEFI support, here is how I bootstrapped a virtual machine locally:
```sh
qemu-img create -f raw nixos.raw 4G
qemu-system-x86_64 -drive file=nixos.raw,format=raw,cache=writeback \
-cdrom Downloads/nixos-minimal-23.05.1994.af8279f65fe-x86_64-linux.iso \
-boot d -machine type=q35,accel=kvm -cpu host -smp 2 -m 1024 -vnc :0 \
-device virtio-net,netdev=vmnic -netdev user,id=vmnic,hostfwd=tcp::10022-:22 \
-bios /usr/share/edk2-ovmf/OVMF_CODE.fd
```
### Partitioning
From there, I performed the following simple partitioning (just one big root partition):
```sh
parted /dev/sda -- mklabel gpt
parted /dev/sda -- mkpart ESP fat32 1MB 512MB
parted /dev/sda -- set 1 esp on
parted /dev/sda -- mkpart primary 512MB 100%
mkfs.fat -F 32 -n boot /dev/sda1
mkfs.ext4 -L nixos /dev/sda2
mount /dev/disk/by-label/nixos /mnt
mkdir -p /mnt/boot
mount /dev/disk/by-label/boot /mnt/boot
```
### Initial configuration
The initial configuration is generated with:
```sh
nixos-generate-config --root /mnt
```
This will generate a `/mnt/etc/nixos/hardware-configuration.nix` with the specifics of your machine along with a basic `/mnt/etc/nixos/configuration.nix` that I replaced with:
```sh
{ config, pkgs, ... }:
{
boot.kernelParams = [
"console=ttyS0"
"console=tty1"
"libiscsi.debug_libiscsi_eh=1"
"nvme.shutdown_timeout=10"
];
boot.loader = {
efi.canTouchEfiVariables = true;
systemd-boot.enable = true;
};
environment.systemPackages = with pkgs; [
curl
tmux
vim
];
networking = {
dhcpcd.enable = false;
hostname = "dalinar";
nameservers = [ "1.1.1.1" "9.9.9.9" ];
firewall = {
allowedTCPPorts = [ 22 ];
logRefusedConnections = false;
logRefusedPackets = false;
};
usePredictableInterfaceNames = false;
};
nix = {
settings.auto-optimise-store = true;
extraOptions = ''
min-free = ${toString (1024 * 1024 * 1024)}
max-free = ${toString (2048 * 1024 * 1024)}
'';
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
};
security = {
doas.enable = true;
sudo.enable = false;
};
services = {
services = {
openssh = {
enable = true;
settings.KbdInteractiveAuthentication = false;
settings.PasswordAuthentication = false;
};
resolved.enable = false;
};
systemd.network.enable = true;
time.timeZone = "Europe/Paris";
users.users = {
adyxax = {
description = "Julien Dessaux";
extraGroups = [ "wheel" ];
isNormalUser = true;
hashedPassword = "$y$j9T$Nne7Ad1nxNmluCKBzBG3//$h93j8xxfBUD98f/7nGQqXPeM3QdZatMbzZ0p/G2P/l1";
home = "/home/julien";
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILOJV391WFRYgCVA2plFB8W8sF9LfbzXZOrxqaOrrwco adyxax@yen" ];
};
root = {
hashedPassword = "$y$j8F$ummLlZmPdS1KGxSnwH8CY.$bjvADB9IdfwzO6/2if5Sl9DeCmCRdasknq4IJEAuxyA";
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILOJV391WFRYgCVA2plFB8W8sF9LfbzXZOrxqaOrrwco adyxax@yen" ];
};
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05";
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
system.copySystemConfiguration = true;
}
```
This will setup a system that in particular will use the systemd-bootd boot loader in lieu of grub and systemd-networkd instead of NetworkManager. Not much else is going on. The nix section slows builds a bit but greatly reduced disk space consumption.
### Installation
```sh
nixos-install --no-root-passwd
```
### Rebooting
In order to boot on the newlly installed system and not the installer, the virtual machine command needs to be changed, so shutdown your system with:
```sh
halt -p
```
And start it with:
```sh
qemu-system-x86_64 -drive file=nixos.raw,format=raw,cache=writeback \
-boot c -machine type=q35,accel=kvm -cpu host -smp 2 -m 1024 -vnc :0 \
-device virtio-net,netdev=vmnic -netdev user,id=vmnic,hostfwd=tcp::10022-:22 \
-bios /usr/share/edk2-ovmf/OVMF_CODE.fd
```
## Updating the configuration
If you change the configuration, you need to rebuild the system with:
```sh
nixos-rebuild switch
```
## Upgrading
You can rebuild your system with the latest nixos packages using:
```sh
nix-channel --update
nixos-rebuild switch
```
## Conclusion
Installing and tinkering with nixos is quite fun! In the next articles I will explain how I organized my configurations to manage multiple servers, how to use a luks encrypted system and remotely unlock them after rebooting, and how to run the builds for small servers from a much more powerful machine.