From eae2953e7c830b4edc1eec9d56be059796b22460 Mon Sep 17 00:00:00 2001 From: Julien Dessaux Date: Sat, 30 Sep 2023 23:29:19 +0200 Subject: Added nixos getting started blog article --- content/blog/nix/nixos-getting-started.md | 174 ++++++++++++++++++++++++++++++ 1 file changed, 174 insertions(+) create mode 100644 content/blog/nix/nixos-getting-started.md (limited to 'content/blog') diff --git a/content/blog/nix/nixos-getting-started.md b/content/blog/nix/nixos-getting-started.md new file mode 100644 index 0000000..b7c5811 --- /dev/null +++ b/content/blog/nix/nixos-getting-started.md @@ -0,0 +1,174 @@ +--- +title: Getting started with nixos +description: How to setup an UEFI compatible virtual machine running nixos +date: 2023-09-30 +tags: +- nix +--- + +## Introduction + +After discovering nix I quickly jumped into nixos, the Linux distribution based on nix. It has been a few months now and I very much like nixos's stability and reproducibility. Upgrades went smoothly each time and I migrated quite a few services to a nixos server. + +## Installation + +### Virtual machine bootstrap + +Installing nixos is really not hard, you quickly get to a basic setup you can completely understand thanks to its declarative nature. When I began tinkering with nixos, my goal was to install it on a vps for which I needed UEFI support, here is how I bootstrapped a virtual machine locally: +```sh +qemu-img create -f raw nixos.raw 4G +qemu-system-x86_64 -drive file=nixos.raw,format=raw,cache=writeback \ + -cdrom Downloads/nixos-minimal-23.05.1994.af8279f65fe-x86_64-linux.iso \ + -boot d -machine type=q35,accel=kvm -cpu host -smp 2 -m 1024 -vnc :0 \ + -device virtio-net,netdev=vmnic -netdev user,id=vmnic,hostfwd=tcp::10022-:22 \ + -bios /usr/share/edk2-ovmf/OVMF_CODE.fd +``` + +### Partitioning + +From there, I performed the following simple partitioning (just one big root partition): +```sh +parted /dev/sda -- mklabel gpt +parted /dev/sda -- mkpart ESP fat32 1MB 512MB +parted /dev/sda -- set 1 esp on +parted /dev/sda -- mkpart primary 512MB 100% +mkfs.fat -F 32 -n boot /dev/sda1 +mkfs.ext4 -L nixos /dev/sda2 +mount /dev/disk/by-label/nixos /mnt +mkdir -p /mnt/boot +mount /dev/disk/by-label/boot /mnt/boot +``` + +### Initial configuration + +The initial configuration is generated with: +```sh +nixos-generate-config --root /mnt +``` + +This will generate a `/mnt/etc/nixos/hardware-configuration.nix` with the specifics of your machine along with a basic `/mnt/etc/nixos/configuration.nix` that I replaced with: +```sh +{ config, pkgs, ... }: +{ + boot.kernelParams = [ + "console=ttyS0" + "console=tty1" + "libiscsi.debug_libiscsi_eh=1" + "nvme.shutdown_timeout=10" + ]; + boot.loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = true; + }; + environment.systemPackages = with pkgs; [ + curl + tmux + vim + ]; + networking = { + dhcpcd.enable = false; + hostname = "dalinar"; + nameservers = [ "1.1.1.1" "9.9.9.9" ]; + firewall = { + allowedTCPPorts = [ 22 ]; + logRefusedConnections = false; + logRefusedPackets = false; + }; + usePredictableInterfaceNames = false; + }; + nix = { + settings.auto-optimise-store = true; + extraOptions = '' + min-free = ${toString (1024 * 1024 * 1024)} + max-free = ${toString (2048 * 1024 * 1024)} + ''; + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; + }; + security = { + doas.enable = true; + sudo.enable = false; + }; + services = { + services = { + openssh = { + enable = true; + settings.KbdInteractiveAuthentication = false; + settings.PasswordAuthentication = false; + }; + resolved.enable = false; + }; + systemd.network.enable = true; + time.timeZone = "Europe/Paris"; + users.users = { + adyxax = { + description = "Julien Dessaux"; + extraGroups = [ "wheel" ]; + isNormalUser = true; + hashedPassword = "$y$j9T$Nne7Ad1nxNmluCKBzBG3//$h93j8xxfBUD98f/7nGQqXPeM3QdZatMbzZ0p/G2P/l1"; + home = "/home/julien"; + openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILOJV391WFRYgCVA2plFB8W8sF9LfbzXZOrxqaOrrwco adyxax@yen" ]; + }; + root = { + hashedPassword = "$y$j8F$ummLlZmPdS1KGxSnwH8CY.$bjvADB9IdfwzO6/2if5Sl9DeCmCRdasknq4IJEAuxyA"; + openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILOJV391WFRYgCVA2plFB8W8sF9LfbzXZOrxqaOrrwco adyxax@yen" ]; + }; + }; + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It's perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + system.copySystemConfiguration = true; +} +``` + +This will setup a system that in particular will use the systemd-bootd boot loader in lieu of grub and systemd-networkd instead of NetworkManager. Not much else is going on. The nix section slows builds a bit but greatly reduced disk space consumption. + +### Installation + +```sh +nixos-install --no-root-passwd +``` + +### Rebooting + +In order to boot on the newlly installed system and not the installer, the virtual machine command needs to be changed, so shutdown your system with: +```sh +halt -p +``` + +And start it with: +```sh +qemu-system-x86_64 -drive file=nixos.raw,format=raw,cache=writeback \ + -boot c -machine type=q35,accel=kvm -cpu host -smp 2 -m 1024 -vnc :0 \ + -device virtio-net,netdev=vmnic -netdev user,id=vmnic,hostfwd=tcp::10022-:22 \ + -bios /usr/share/edk2-ovmf/OVMF_CODE.fd +``` + +## Updating the configuration + +If you change the configuration, you need to rebuild the system with: +```sh +nixos-rebuild switch +``` + +## Upgrading + +You can rebuild your system with the latest nixos packages using: +```sh +nix-channel --update +nixos-rebuild switch +``` + +## Conclusion + +Installing and tinkering with nixos is quite fun! In the next articles I will explain how I organized my configurations to manage multiple servers, how to use a luks encrypted system and remotely unlock them after rebooting, and how to run the builds for small servers from a much more powerful machine. -- cgit v1.2.3