elitak/nixos-infect
1
1
Fork 0
mirror of https://github.com/elitak/nixos-infect.git synced 2024-08-15 14:31:01 +03:00
Code Issues Projects Releases Wiki Activity

Add instructions on how to install NixOS on Media Temple

Browse Source
This commit is contained in:
Gasper Vozel 2022-01-28 10:12:00 +01:00
parent 36e19e3b30
commit d5abe77e22
3 changed files with 250 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

168
MediaTemple/README.md Normal file
View File

@ -0,0 +1,168 @@
# NixOS on Media Temple
On Media Temple we can install NixOS on Ubuntu servers by using a custom infect script.
## Add a new server
1. Click on `Add New Service` and select `Self Managed VPS`.
1. Select appropriate server resources (e.g. 2 CPU, 4GB RAM and 100GB storage) and tick `No control panel`.
1. After order has been processed you will need to finish the installation (selecting Ubuntu
version, setting username and password)
## Infect Ubuntu 20.04
After executing the infect script (`bash infect.sh`) you will need to modify the
`hardware-configuration.nix` file. The script will stop and you will need to do it
manually. You will need to remove all `squashfs` and `vfat` (efi boot) entries.
The automatically generated config will look something like this:
```
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "virtio_scsi" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/e46da1b8-55a0-4df9-842e-8d80c3a22ffc";
fsType = "ext4";
};
fileSystems."/snap/snapd/12883" =
{ device = "/var/lib/snapd/snaps/snapd_12883.snap";
fsType = "squashfs";
options = [ "loop" ];
};
fileSystems."/snap/core20/1081" =
{ device = "/var/lib/snapd/snaps/core20_1081.snap";
fsType = "squashfs";
options = [ "loop" ];
};
fileSystems."/boot/efi" =
{ device = "/dev/disk/by-uuid/7341-10DC";
fsType = "vfat";
};
fileSystems."/snap/lxd/21545" =
{ device = "/var/lib/snapd/snaps/lxd_21545.snap";
fsType = "squashfs";
options = [ "loop" ];
};
fileSystems."/snap/snapd/14549" =
{ device = "/var/lib/snapd/snaps/snapd_14549.snap";
fsType = "squashfs";
options = [ "loop" ];
};
fileSystems."/snap/core20/1270" =
{ device = "/var/lib/snapd/snaps/core20_1270.snap";
fsType = "squashfs";
options = [ "loop" ];
};
fileSystems."/snap/lxd/21835" =
{ device = "/var/lib/snapd/snaps/lxd_21835.snap";
fsType = "squashfs";
options = [ "loop" ];
};
swapDevices = [ ];
}
```
It's also recommended to name `fileSystem."/"` device to `/dev/sda3` in case the server
gets relocated (disk UUID will change) and add `nvme` to `boot.initrd.kernelModules`.
How do I know it's `/dev/sda3` and not e.g. sda1 or sda2? Run `lsblk` and you will see
the correct pact. In our case:
```
root@ip:~# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
loop0 7:0 0 32.3M 1 loop /snap/snapd/12883
loop1 7:1 0 61.8M 1 loop /snap/core20/1081
loop2 7:2 0 67.3M 1 loop /snap/lxd/21545
loop3 7:3 0 43.4M 1 loop /snap/snapd/14549
loop4 7:4 0 61.9M 1 loop /snap/core20/1270
loop5 7:5 0 67.2M 1 loop /snap/lxd/21835
sda 8:0 0 100G 0 disk
├─sda1 8:1 0 4M 0 part
├─sda2 8:2 0 106M 0 part /boot/efi
└─sda3 8:3 0 99.9G 0 part /
```
Optional:
- Add a bit of swap.
- Mount `/dev/sda2` partition on `/boot`
After you remove all the `squashfs` and the efi boot entries you will be left with:
```
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ ];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ];
boot.initrd.kernelModules = [ "nvme" ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/sda3";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/sda2";
fsType = "vfat";
};
swapDevices = [
{
device = "/swapfile";
size = 1024;
priority = 0;
}
];
}
```
The last few lines of infect output will look something like this:
```
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = "en_US.UTF-8",
LC_CTYPE = "UTF-8",
LANG = "C.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to a fallback locale ("C.UTF-8").
updating GRUB 2 menu...
installing the GRUB 2 boot loader on /dev/sda...
Installing for i386-pc platform.
/nix/store/jx1qj6fh98fnifslhllpcaqaia2nhxz5-grub-2.06/sbin/grub-install: warning: cannot open directory `/nix/store/jx1qj6fh98fnifslhllpcaqaia2nhxz5-grub-2.06/share/locale': No such file or directory.
Installation finished. No error reported.
```
Verify `/etc/nixos/*.nix` config files and make sure they are correct (especially IPs in
`configuration.nix`).
After reboot, you should be able to SSH to the server.

40
MediaTemple/configuration.nix Normal file
View File

@ -0,0 +1,40 @@
{ pkgs, ... }: {
imports = [
./hardware-configuration.nix
# Including this by default now to avoid potential problems with missing kernel modules
<nixpkgs/nixos/modules/profiles/all-hardware.nix>
];
boot.loader.grub.device = "/dev/sda";
networking.useDHCP = false;
networking.enableIPv6 = false;
networking.interfaces.ens3.useDHCP = false;
networking.defaultGateway = "169.254.0.1";
networking.nameservers = [ "1.1.1.1" "1.0.0.1" ];
networking.interfaces.ens3 = {
ipv4.addresses = [
{ address = "1.2.3.4"; prefixLength = 32; } # Primary IP
{ address = "1.2.3.5"; prefixLength = 32; } # Secondary IP
];
ipv4.routes = [{
address = "169.254.0.1"; # IP of the gateway
prefixLength = 32;
}];
};
services.openssh = {
enable = true;
permitRootLogin = "prohibit-password";
passwordAuthentication = false;
};
# Set initial root password in case we need to use the rescue console.
# IMPORTANT: change the password!
users.users.root.initialPassword = "secret";
# IMPORTANT: replace with your own key(s)!
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAAD..."
];
system.stateVersion = "21.05";
}

42
MediaTemple/infect.sh Normal file
View File

@ -0,0 +1,42 @@
#!/usr/bin/env bash
set -e -o pipefail
# Add build group and user
groupadd nixbld -g 30000 || true
for i in {1..10}; do
useradd -c "Nix build user $i" -d /var/empty -g nixbld -G nixbld -M -N -r -s "$(which nologin)" "nixbld$i" || true
done
# Install NixOS
curl -L https://nixos.org/nix/install | sh
. /root/.nix-profile/etc/profile.d/nix.sh
nix-channel --add https://nixos.org/channels/nixos-21.05 nixpkgs
nix-channel --update
# Install NixOS installation tools, TODO: Make nicer
nix-env -iE "_: with import <nixpkgs/nixos> { configuration = {}; }; with config.system.build; [ nixos-generate-config ]"
# Set up configurations and install it in a profile
nixos-generate-config
echo "---"
echo "Remove the lxcfs (on Ubuntu 16.04) or squashfs (on Ubuntu 20.04 and 21.04) entry with nano"
sleep 5
nano /etc/nixos/hardware-configuration.nix
cp configuration.nix /etc/nixos
nix-env -p /nix/var/nix/profiles/system -f '<nixpkgs/nixos>' -I nixos-config=/etc/nixos/configuration.nix -iA system
# Set NixOS to boot and replace the original distro
touch /etc/NIXOS
cat > /etc/NIXOS_LUSTRATE <<EOF
etc/nixos
root/.nix-defexpr/channels
EOF
# Switch to NixOS OS
/nix/var/nix/profiles/system/bin/switch-to-configuration boot
echo "---"
echo "Verify all the settings and check if there were any problematic errors."
echo "If everything is OK, reboot"
echo ""
echo "Keep in mind that you have to deal with /old-root after reboot"