Blog

--now-without-javascript

A determined and fiercely loyal little monster

Mushrooms are good.

 2018-09-11 00:00:00 +0000

See title.

Setting up a NixOS VPS - Part 1

 2018-01-28 00:00:00 +0000

Today I decided to begin the switch from my ad-hok and unreproducable ArchLinux setup to a more cleanly defined VPS service. My recent experiences with NixOS have left a very positive impression, so this is what I’ve decided to use for the VPS.

Installing NixOS

There are a great number of VPS providers, none of which “properly” support NixOS as far as I’m aware. I already had an account and my previous vps at https://ovh.co.uk, so I decided to use this for my new NixOS setup as well. To begin with, I ordered a new server, with a fresh ArchLinux install.

To get NixOS installed, I use the nixos-in-place software, which installes NixOS over an existing operating system:

To start with, I had to copy over my terminal’s (kitty) terminfo files from my local NixOS machine, in order to make the ssh shell bearable.

$ scp -r /nix/store/yy2i18596jynsx0nkrs9rgywgv74kf3r-kitty-0.6.0/share/terminfo root@vps508771.ovh.net:.terminfo
$ ssh root@vps508771.ovh.net
# pacman wget squashfs-tools git
# git clone https://github.com/jeaye/nixos-in-place.git

This complained about certificate errors, and it turned out that the certificate store wasn’t properly initialised. I reinstalled it, and continued:

# pacman -Sy ca-certificates-utils
# git clone https://github.com/jeaye/nixos-in-place.git
# cd nixos-in-place

Nixos-in-place operates in /tmp, and the tmpfs set up there will likely run out of space, so I unmounted it. The other caveats didn’t seem to apply in my case, and the default installation disks matched what I needed, so I went ahead and ran it…

# umount /tmp
# ./install
>>> Checking environment... seems sane
>>> NixOS installer (nixos-in-place)
>>>    GRUB => /dev/vda
>>>    Root => /dev/vda1 (ext4)
>>>    ISO => nixos-minimal-16.09.680.4e14fd5-x86_64-linux.iso
>>>    Digital Ocean => false
>>>    Working directory => /tmp/tmp.sHBuYFoIGE
>>>    Extra config => /root/nixos-in-place/no-extra-config
>>> Continue? [yn] y

Everything went quite cleanly now, and it asked me to reboot. I have no idea if sshd is installed, or even what the root password is (the same as before? empty?), but hey, what is the worst that could happen? Ssh complains loudly about the host keys having changed, which at least implies that sshd is running, so I dutifully delete the old keys and do what you should never do (but everyone does), and just accept, ignoring the fingerprint. (Technically, I should first log in through the web console, confirm that the fingerprints match, and then continue)

Restoring Normalcy

My logins fail with the previous password. Checking the readme, the password should be set to nixos, so I try that too, but it also fails. Finally, I realise that this is likely a different ssh configuration that rejects root logins, so I try logging in through the web shell instead. This works quite nicely!

The next stop is to load my base configuration. I’ve already set up a config for archimedes, which is the new name of the VPS. I set things up in the web shell:

# cd /etc
# mv nixos nixos.old
# nix-shell -p git
[nix-shell]# git clone https://git.drwx.org/tk/config.git
# cd nixos
# ln -s hosts/archimedes.nix host.nix
# cp ../nixos.old/{hardware-configuration,nixos-in-place}.nix .

Now there are a few discrepencies between the config file I set up, and the base one that nixos-in-place installed: The boot loader differs, as does the state version. To fix them, I edit archimedes.nix to override my base configuration to match nixos-in-place:

{ ... }:

{
  systemOverrides = {
    networking.hostName = "archimedes";
    boot.loader = {
      grub = {
        enable = true;
        version = 2;
      };
    };
    imports = [../hardware-configuration.nix ../nixos-in-place.nix];
    system.stateVersion = "16.09";
  };
  server = true;
}

Then, I setup the channels, nixos pointing to nixos-17.09, and nixos-unstable pointing to, well, nixos-unstable.

nix-channel --add https://nixos.org/channels/nixos-17.09 nixos
nix-channel --add https://nixos.org/channels/nixos-unstable nixos-unstable
nix-channel --update
nixos-rebuild switch

The rebuild took quite a while, and fortunately, after rebooting, everything seemed in order. The next order of business was re-establishing ssh connection. Now that my base config was setup, I just had to set up a password for my user. As the keyboard input to the web interface is a little glitchy, and sometimes duplicates keystrokes, I chose a short, temporary password for now.

# passwd tk

Finally, I could ssh into the new setup… and it worked! Next up I set up Home Manager; it turned out that I needed to tweak my config a little to avoid pulling in xorg (whoops!), setup a proper password, hand over ownership of /etc/nixos to my user (this is just a personal preference of mine), and clean up most of the junk from the ArchLinux install.

[turing]$ ssh vps508771.ovh.net
$ passwd
$ sudo chown -R tk:users /etc/nixos
$ nix-shell https://github.com/rycee/home-manager/archive/master.tar.gz -A install
# rm -rf /old-root/{bin,boot,community-adf3e2d5d311903e3a4429d50764b6add2c21e8b,community-adf3e2d5d311903e3a4429d50764b6add2c21e8b.tar.xz,dev,etc,home,lib,lib64,lost+found,mnt,opt,proc,root,run,sbin,srv,sys,tmp,usr,var}

That’s all for part 1, what’s still left is to remove the nixos-in-place setup part entirely, and get all services I need running.

Basic Test

 2017-01-11 22:23:43 +0000

Hay.

Basic Test

 2017-01-09 22:23:43 +0000

Hoy.