blob: 578826e422998cbb165cf8622c849e4bf8ae52ec (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
# VPS
## Workflow
### Re-creating everything from scratch
```shell
git crypt unlock
direnv allow
./terraform-update.sh
# wait for the DNS to propagate, so
# letsencrypt can create the certificates
./nixos-update.sh
```
### After an update on `vps.tf`
Same as above.
### After editing `vps-configuration.nix` or other OS files
Just run the `./nixos-update.sh` script.
## Base image
The basic `configuration.nix` file in the current snapshots looks just like this:
```nix
{ config, pkgs, ... }:
{
imports = [
./hardware-configuration.nix
];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/vda";
networking.useDHCP = false;
networking.interfaces.ens3.useDHCP = true;
environment.systemPackages = with pkgs; [ vim ];
services.openssh.enable = true;
services.openssh.permitRootLogin = "no";
users.extraUsers.andreh = {
uid = 1000;
isNormalUser = true;
extraGroups = [ "wheel" ];
password = "...password...";
openssh.authorizedKeys.keys = [
"...ssh public key..."
];
};
system.stateVersion = "19.09";
}
```
This basic setup allows it to boot, starts the OpenSSH server agent and allows
the listed `openssh.authorizedKeys.keys` to login.
I've also changed the ownership of `/etc/nixos/configuration.nix` to allow my
user to write to it by piping through SSH without trying some
[non-working solutions like before][0]:
```shell
sudo chown andreh /etc/nixos/configuration.nix
```
With that `./nixos-update.sh` can write to the NixOS configuration file without
running into issues with `sudo` password permissions through the SSH pipe while
writing to stdin.
[0]: https://git.sr.ht/~euandreh/vps/tree/a7983c859f3d8890e35c587176f497b73a7a7dc7/nixos-switch.sh#L7
|
