mirror of https://github.com/nix-community/srvos.git synced 2024-09-11 14:17:02 +03:00

NixOS profiles for servers [maintainer=@numtide]

build-with-buildbot buildbot-nix nixos starred-nix-community-repo starred-repo

Go to file

bors[bot] 039594ba84 Merge #60 60: build(deps): bump cachix/install-nix-action from 18 to 19 r=Mic92 a=dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>		2023-02-06 20:57:45 +00:00
.github	build(deps): bump cachix/install-nix-action from 18 to 19	2023-02-06 19:21:10 +00:00
nixos	common: drop Nsncd option	2023-02-04 09:46:49 +01:00
bors.toml	bors: update checks list	2023-01-24 23:20:13 +01:00
default.nix	add nix-remote-builder role	2023-02-04 09:40:57 +01:00
flake.lock	flake.lock: Update	2023-02-06 00:04:50 +00:00
flake.nix	add nix-remote-builder role	2023-02-04 09:40:57 +01:00
LICENSE	Create LICENSE	2023-01-16 23:39:46 +01:00
README.md	add trusted caches mixins	2023-01-20 11:30:58 +01:00

README.md

srvos

STATUS: experimental

Opinionated and sharable set of NixOS configurations.

As we learn more about NixOS in various deployments, we end up re-writing the same modules and configs. This is a way for us to speed up and share our setups.

Usage

Add srvos to your flake.nix and include it in your nixos configuration. For example to deploy a GitHub Action runner on Hetzner:

{
  inputs = {
    srvos.url = "github:numtide/srvos";
  };
  outputs = { srvos, nixpkgs, ... }: {
    nixosConfigurations.myHost = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      modules = [
        srvos.nixosModules.common
        srvos.nixosModules.hardware-hetzner-amd
        srvos.nixosModules.roles-github-actions-runner
      ];
    };
  };
}

Modules

All modules are defined in this file

General

Used to define the type of machine.

server:
- Use this for headless systems that are remotely managed via ssh
- Includes everything from common
- Disables desktop features like sound
- Defaults to UTC
- Enables ssh
- Configures watchdog for reboot
- Sets up sudo without password
- ...
desktop:
- Mostly based on common but also includes some optimization for useful for interactive usage
common:
- Use if you are unsure if your nixos module will be used on server or desktop
- Better nix-daemon defaults
- Better serial console support
- Colored package diffs on nixos-rebuild
- Use systemd in initrd by default and networkd as a backend for the Networking module
- Do not block on networkd/networkmanager's online target
- Better zfs defaults
- Add well-known ssh git ssh keys to the git configuration

Hardware

NixOS hardware configurations that we know about.

hardware-amazon: Amazon AWS virtual machines
hardware-hetzner-cloud: Hardware and network defaults for Hetzner virtual machine
hardware-hetzner-amd: Hardware and network defaults for Hetzner bare-metal servers for AMD and Intel cpus.
hardware-hetzner-intel: "

Mixins

Config extensions for a given machine.

mixins-cloud-init enables cloud-init
mixins-systemd-boot configure systemd-boot as bootloader
mixins-telegraf enables a generic telegraf configuration. See Mic's dotfiles for monitoring rules targeting this telegraf configuration.
mixins-nginx recommended nginx settings
mixins-trusted-nix-caches list of trust-worthy public binary caches

Roles

Designed to take over a machine with the given role.

roles-github-actions-runner configures GitHub actions runner on a machine

License

MIT

This is a Numtide project.