mirror of https://github.com/nix-community/srvos.git synced 2024-09-11 14:17:02 +03:00

NixOS profiles for servers [maintainer=@numtide]

build-with-buildbot buildbot-nix nixos starred-nix-community-repo starred-repo

Go to file

github-actions[bot] 09f1f79636 flake.lock: Update Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/d13b0f290c4969d26decd23415a6d38912a035ae' (2023-02-08) → 'github:NixOS/nixpkgs/0394479b9e8d5492f2d29482825661522219499a' (2023-02-12)		2023-02-13 00:04:45 +00:00
.github	build(deps): bump cachix/install-nix-action from 18 to 19	2023-02-06 19:21:10 +00:00
nixos	common/openssh: update renamed setting	2023-02-10 13:22:59 +10:00
bors.toml	bors.toml: re-generate from the current checks	2023-02-07 18:29:57 +01:00
default.nix	add nix-remote-builder role	2023-02-04 09:40:57 +01:00
flake.lock	flake.lock: Update	2023-02-13 00:04:45 +00:00
flake.nix	add nix-remote-builder role	2023-02-04 09:40:57 +01:00
LICENSE	Create LICENSE	2023-01-16 23:39:46 +01:00
README.md	README: misc fixes	2023-02-07 18:30:25 +01:00

README.md

SrvOS - NixOS for your server

STATUS: experimental

SrvOS is a collection of opinionated and sharable NixOS configurations.

As we learn more about NixOS in various deployments, we end up re-writing the same modules and configs. This is a way for us to speed up and share our setups.

Instead of supporting everything, our goal is to target certain verticals and make the support super smooth there.

Usage

Add srvos to your flake.nix and include it in your nixos configuration. For example to deploy a GitHub Action runner on Hetzner:

{
  inputs = {
    srvos.url = "github:numtide/srvos";
  };
  outputs = { srvos, nixpkgs, ... }: {
    nixosConfigurations.myHost = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      modules = [
        srvos.nixosModules.common
        srvos.nixosModules.hardware-hetzner-amd
        srvos.nixosModules.roles-github-actions-runner
      ];
    };
  };
}

Modules

All modules are defined in this file

General

Used to define the type of machine.

server:
- Use this for headless systems that are remotely managed via ssh
- Includes everything from common
- Disables desktop features like sound
- Defaults to UTC
- Enables ssh
- Configures watchdog for reboot
- Sets up sudo without password
- ...
desktop:
- Mostly based on common but also includes some optimization for useful for interactive usage
common:
- Use if you are unsure if your nixos module will be used on server or desktop
- Better nix-daemon defaults
- Better serial console support
- Colored package diffs on nixos-rebuild
- Use systemd in initrd by default and networkd as a backend for the Networking module
- Do not block on networkd/networkmanager's online target
- Better zfs defaults
- Add well-known ssh git ssh keys to the git configuration

Hardware

NixOS hardware configurations that we know about.

hardware-amazon: Amazon AWS virtual machines
hardware-hetzner-cloud: Hardware and network defaults for Hetzner virtual machine
hardware-hetzner-amd: Hardware and network defaults for Hetzner bare-metal servers for AMD and Intel cpus.
hardware-hetzner-intel: "

Mixins

Config extensions for a given machine.

mixins-cloud-init enables cloud-init
mixins-systemd-boot configure systemd-boot as bootloader
mixins-telegraf enables a generic telegraf configuration. See Mic's dotfiles for monitoring rules targeting this telegraf configuration.
mixins-nginx recommended nginx settings
mixins-trusted-nix-caches list of trust-worthy public binary caches

Roles

Designed to take over a machine with the given role.

roles-github-actions-runner configures GitHub actions runner on a machine

License

MIT

This is a Numtide project.