2021-02-08 18:33:39 +03:00
# NixOS-Infect
2017-03-04 18:22:37 +03:00
2021-02-08 18:33:39 +03:00
## What is this?
A script to install NixOS on non-NixOS hosts.
2017-03-04 18:22:37 +03:00
2021-02-08 18:33:39 +03:00
NixOS-Infect is so named because of the high likelihood of rendering a system inoperable.
Use with extreme caution and preferably only on newly provisioned systems.
2018-12-08 02:16:00 +03:00
2021-02-08 18:33:39 +03:00
This script has successfully been tested on at least the follow hosting providers and plans:
2017-03-04 18:22:37 +03:00
2021-02-08 18:33:39 +03:00
* [DigitalOcean ](https://www.digitalocean.com/products/droplets/ )
* [Hetzner Cloud ](https://www.hetzner.com/cloud )
* [Vultr ](https://www.vultr.com/ )
* [Interserver VPS ](https://www.interserver.net/vps/ )
2021-03-12 15:36:23 +03:00
* [Tencent Cloud Lighthouse ](https://cloud.tencent.com/product/lighthouse )
2021-03-30 12:27:04 +03:00
* [OVHcloud ](https://www.ovh.com/ )
2021-06-09 23:45:06 +03:00
* [Oracle Cloud Infrastructure ](https://www.oracle.com/cloud/ )
2022-04-03 20:21:36 +03:00
* [GalaxyGate ](https://galaxygate.net )
2022-06-13 02:17:46 +03:00
* [Cockbox ](https://cockbox.org )
2022-11-04 08:03:37 +03:00
* [Google Cloud Platform ](https://cloud.google.com/ )
2022-11-04 08:01:56 +03:00
* [Contabo ](https://contabo.com )
2022-12-20 08:47:51 +03:00
* [Liga Hosting ](https://ligahosting.ro )
2022-12-20 08:31:13 +03:00
* [AWS Lightsail ](https://aws.amazon.com/lightsail/ )
2022-12-20 08:28:21 +03:00
* [Windcloud ](https://windcloud.de/ )
2022-12-20 08:24:02 +03:00
* [Clouding.io ](https://clouding.io )
2023-02-03 22:37:44 +03:00
* [Scaleway ](https://scaleway.com )
2023-09-14 17:29:25 +03:00
* [RackNerd ](https://my.racknerd.com/index.php?rp=/store/black-friday-2022 )
2024-09-05 07:08:43 +03:00
* [Severs.com ](https://servers.com )
2018-12-08 02:16:00 +03:00
2021-02-08 18:33:39 +03:00
Should you find that it works on your hoster,
feel free to update this README and issue a pull request.
2017-04-10 18:50:09 +03:00
2021-02-08 18:33:39 +03:00
## Motivation
2017-03-04 18:22:37 +03:00
2021-02-08 18:33:39 +03:00
Motivation for this script: nixos-assimilate should supplant this script entirely,
if it's ever completed.
nixos-in-place was quite broken when I tried it,
and also took a pretty janky approach that was substantially more complex than this
(although it supported more platforms):
it didn't install to root (/nixos instead),
left dregs of the old filesystem
(almost always unnecessary since starting from a fresh deployment),
and most importantly, simply didn't work for me!
(old system was being because grub wasnt properly reinstalled)
## How do I use it?
0) **Read and understand the [the script](./nixos-infect)**
1) Deploy any custom configuration you want on your host
2) Deploy your host as non-Nix Operating System.
3) Deploy an SSH key for the root user.
> *NB:* This step is important.
> The root user will not have a password when nixos-infect runs to completion.
> To enable root login, you *must* have an SSH key configured.
4) run the script with:
```
2024-03-11 18:31:38 +03:00
curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_CHANNEL=nixos-23.05 bash -x
2021-02-08 18:33:39 +03:00
```
2018-12-08 02:16:00 +03:00
2021-02-08 18:33:39 +03:00
*NB*: This script wipes out the targeted host's root filesystem when it runs to completion.
Any errors halt execution.
A failure will leave the system in an inconsistent state,
and so it is advised to run with `bash -x` .
2017-03-04 18:22:37 +03:00
2021-02-08 18:33:39 +03:00
## Hoster notes:
### Digital Ocean
2021-05-18 21:28:34 +03:00
You may utilize Digital Ocean's "user data" mechanism (found in the Web UI or HTTP API),
2021-02-08 18:33:39 +03:00
and supply to it the following example yaml stanzas:
2017-03-04 18:22:37 +03:00
```yaml
#cloud-config
runcmd:
2024-03-11 18:31:38 +03:00
- curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | PROVIDER=digitalocean NIX_CHANNEL=nixos-23.05 bash 2>& 1 | tee /tmp/infect.log
2017-03-04 18:22:37 +03:00
```
2021-02-08 18:33:39 +03:00
#### Potential tweaks:
2017-03-04 18:22:37 +03:00
- `/etc/nixos/{,hardware-}configuration.nix` : rudimentary mostly static config
2021-02-08 18:33:39 +03:00
- `/etc/nixos/networking.nix` : networking settings determined at runtime tweak if no ipv6, different number of adapters, etc.
2017-03-04 18:22:37 +03:00
2017-04-19 02:25:42 +03:00
```yaml
#cloud-config
write_files:
- path: /etc/nixos/host.nix
permissions: '0644'
content: |
{pkgs, ...}:
{
environment.systemPackages = with pkgs; [ vim ];
}
runcmd:
2024-03-11 18:31:38 +03:00
- curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | PROVIDER=digitalocean NIXOS_IMPORT=./host.nix NIX_CHANNEL=nixos-23.05 bash 2>& 1 | tee /tmp/infect.log
2018-12-08 02:16:00 +03:00
```
2021-02-08 18:33:39 +03:00
#### Tested on
|Distribution| Name | Status | test date|
|------------|-----------------|-----------|----------|
|CentOS |6.9 x32 | _failure_ |2020-03-30|
|CentOS |6.9 x64 | _failure_ |2020-03-30|
|CentOS |7.6 x64 | _failure_ |2020-03-30|
|CentOS |8.1 x64 |**success**|2020-03-30|
|CoreOS |2345.3.0 (stable)| _unable_ |2020-03-30|
|CoreOS |2411.1.0 (beta) | _unable_ |2020-03-30|
|CoreOS |2430.0.0 (alpha) | _unable_ |2020-03-30|
|Debian |10.3 x64 |**success**|2020-03-30|
|Debian |9.12 x64 |**success**|2020-03-30|
2024-03-11 18:30:52 +03:00
|Debian |11 x64 |**success**|2023-11-12|
2021-02-08 18:33:39 +03:00
|Fedora |30 x64 |**success**|2020-03-30|
|Fedora |31 x64 |**success**|2020-03-30|
|FreeBSD |11.3 x64 ufs | _failure_ |2020-03-30|
|FreeBSD |11.3 x64 zfs | _failure_ |2020-03-30|
|FreeBSD |12.1 x64 ufs | _failure_ |2020-03-30|
|FreeBSD |12.1 x64 zfs | _failure_ |2020-03-30|
|RancherOS |v1.5.5 | _unable_ |2020-03-30|
|Ubuntu |16.04.6 (LTS) x32|**success**|2020-03-30|
|Ubuntu |16.04.6 (LTS) x64|**success**|2020-03-30|
|Ubuntu |18.04.3 (LTS) x64|**success**|2020-03-30|
|Ubuntu |19.10 x64 |**success**|2020-03-30|
2022-03-28 22:56:24 +03:00
|Ubuntu |20.04 x64 |**success**|2022-03-23|
2023-09-14 17:22:52 +03:00
|Ubuntu |22.04 x64 |**success**|2023-06-05|
|Ubuntu |22.10 x64 | _failure_ |2023-06-05|
2024-03-11 18:32:00 +03:00
|Ubuntu |23.10 x64 | _failure_ |2023-11-16|
2021-02-08 18:33:39 +03:00
### Vultr
2023-02-03 22:37:44 +03:00
To set up a NixOS Vultr server, instantiate an Ubuntu box with the following "Cloud-Init User-Data":
2017-04-19 02:25:42 +03:00
2018-12-08 02:16:00 +03:00
```bash
2018-12-09 01:16:18 +03:00
#!/bin/sh
2024-03-11 18:31:38 +03:00
curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_CHANNEL=nixos-23.05 bash
2017-04-19 02:25:42 +03:00
```
2018-12-09 01:16:18 +03:00
Allow for a few minutes over the usual Ubuntu deployment time for NixOS to download & install itself.
2018-12-08 02:16:00 +03:00
2021-02-08 18:33:39 +03:00
#### Tested on
2022-06-13 02:19:38 +03:00
|Distribution| Name | Status | test date|
|------------|-----------------|-----------|----------|
| Ubuntu | 18.10 x64 |**success**|(Unknown) |
| Ubuntu | 22.04 x64 |**success**|2022-07-04|
2021-02-08 18:33:39 +03:00
2020-02-23 17:10:46 +03:00
2021-02-08 18:33:39 +03:00
### Hetzner cloud
Hetzner cloud works out of the box.
2023-09-14 17:31:59 +03:00
When creating a server provide the following yaml as "Cloud config":
2020-02-23 17:10:46 +03:00
2023-09-14 17:31:59 +03:00
```yaml
#cloud-config
2020-07-19 20:44:53 +03:00
2023-09-14 17:31:59 +03:00
runcmd:
2024-03-11 18:31:38 +03:00
- curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | PROVIDER=hetznercloud NIX_CHANNEL=nixos-23.05 bash 2>& 1 | tee /tmp/infect.log
2020-02-23 17:10:46 +03:00
```
2021-02-08 18:33:39 +03:00
#### Tested on
|Distribution| Name | Status | test date|
|------------|-----------------|-----------|----------|
2023-09-14 17:31:59 +03:00
| Debian | 11 |**success**|2023-04-29|
2023-09-14 17:29:56 +03:00
| Debian | 12 aarch64 |**success**|2023-09-02|
2022-07-11 20:24:22 +03:00
| Ubuntu | 20.04 x64 |**success**|(Unknown) |
2023-09-14 17:31:59 +03:00
| Ubuntu | 22.04 x64 |**success**|2023-04-29|
2023-06-05 12:12:01 +03:00
| Ubuntu | 22.04 aarch64 |**success**|2023-04-16|
2021-02-08 18:33:39 +03:00
### InterServer VPS
2023-02-03 22:37:44 +03:00
2021-02-08 18:33:39 +03:00
#### Tested on
|Distribution| Name | Status | test date|
|------------|-----------------|-----------|----------|
|Debian | 9 |**success**|2021-01-29|
|Debian | 10 |**success**|2021-01-29|
|Ubuntu | 20.04 |**success**|2021-01-29|
|Ubuntu | 18.04 |**success**|2021-01-29|
|Ubuntu | 14.04 |**success**|2021-01-29|
2021-03-12 15:36:23 +03:00
### Tencent Cloud Lighthouse
Tencent Cloud Lighthouse **Hong Kong** Region Works out of the box.
Other Regions in China may not work because of the unreliable connection between China and global Internet or [GFW ](https://en.wikipedia.org/wiki/Great_Firewall ).
#### Tested on
|Distribution| Name | Status | test date|
|------------|-----------------|-----------|----------|
|Debian | 10 |**success**|2021-03-11|
2021-03-30 12:27:04 +03:00
### OVHcloud
Before executing the install script, you may need to check your mounts with `df -h` . By default, OVH adds a relatively short in memory `tmpfs` mount on the `/tmp` folder, so the install script runs short in memory and fails. Just execute `umount /tmp` before launching the install script. Full install process described [here ](https://lyderic.origenial.fr/install-nixos-on-ovh )
|Distribution| Name | Status | test date|
|------------|-------------------|-----------|----------|
|Arch Linux | Arch Linux x86-64 |**success**|2021-03-25|
2021-05-04 09:28:14 +03:00
|Debian | 10 |**success**|2021-04-29|
2021-11-17 23:52:20 +03:00
|Debian | 11 |**success**|2021-11-17|
2022-06-19 23:19:13 +03:00
|Ubuntu | 22.04 |**success**|2022-06-19|
2023-06-05 12:15:41 +03:00
|Ubuntu | 23.04 |**Fails** |2023-06-01|
The 23.04 Ubuntu distribution fails to boot, due to the following error:
```
/dev/sda1 has unsupported feature(s): FEATURE_C12
e2fsck: Get a newer version of e2fsck
```
Using an older Ubuntu version fixes this issue.
2021-06-09 23:45:06 +03:00
### Oracle Cloud Infrastructure
Tested for both VM.Standard.E2.1.Micro (x86) and VM.Standard.A1.Flex (AArch64) instances.
2023-02-03 22:37:44 +03:00
2021-06-09 23:45:06 +03:00
#### Tested on
2022-04-20 11:17:21 +03:00
|Distribution| Name | Status | test date| Shape |
|------------|-----------------|-----------|----------|----------|
|Oracle Linux| 7.9 |**success**|2021-05-31| |
|Ubuntu | 20.04 |**success**|2022-03-23| |
|Ubuntu | 20.04 |**success**|2022-04-19| free arm |
|Oracle Linux| 8.0 | -failure- |2022-04-19| free amd |
|CentOS | 8.0 | -failure- |2022-04-19| free amd |
|Oracle Linux| 7.9[1] |**success**|2022-04-19| free amd |
2022-11-15 06:31:11 +03:00
|Ubuntu | 22.04 |**success**|2022-11-13| free arm |
2023-04-11 03:06:13 +03:00
|Oracle Linux| 9.1[2] |**success**|2023-03-29| free arm |
2023-09-14 17:24:26 +03:00
|Oracle Linux| 8.7[3] |**success**|2023-06-06| free amd |
2023-09-14 17:25:39 +03:00
|AlmaLinux OS| 9.2.20230516 |**success**|2023-07-05| free arm |
2022-04-20 11:17:21 +03:00
[1] The Oracle 7.9 layout has 200Mb for /boot 8G for swap
PR#100 Adopted 8G Swap device
2023-04-11 03:06:13 +03:00
[2] OL9.1 had 2GB /boot, 100MB /boot/efi (nixos used as /boot) and swapfile
2023-09-14 17:24:26 +03:00
[3] Both 22.11 and 23.05 failed to boot, but installing 22.05 and then upgrading
worked out as intended.
2023-04-11 03:11:41 +03:00
2021-12-31 08:58:18 +03:00
### Aliyun ECS
2023-02-03 22:37:44 +03:00
Aliyun ECS tested on ecs.s6-c1m2.large, region **cn-shanghai** , needs a few tweaks:
2021-12-31 08:58:18 +03:00
- replace nix binary cache with [tuna mirror ](https://mirrors.tuna.tsinghua.edu.cn/help/nix/ ) (with instructions in the page)
#### Tested on
|Distribution| Name | Status | test date|
|------------|-----------------|-----------|----------|
|Ubuntu | 20.04 |**success**|2021-12-28|
2023-04-11 03:12:02 +03:00
|Ubuntu | 22.04 |**success**|2023-04-05|
2022-04-03 20:21:36 +03:00
### GalaxyGate
#### Tested on
|Distribution| Name | Status | test date|
|------------|-----------------|-----------|----------|
|Ubuntu | 20.04 |**success**|2022-04-02|
2022-06-13 02:17:46 +03:00
### Cockbox
Requred some Xen modules to work out, after that NixOS erected itself without a hinch.
#### Tested on
|Distribution| Name | Status | test date|
|------------|-----------------|-----------|----------|
|Ubuntu | 20.04 |**success**|2022-06-12|
2022-11-04 08:01:56 +03:00
2022-11-04 08:03:37 +03:00
### Google Cloud Platform
#### Tested on
2024-03-11 18:41:57 +03:00
|Distribution | Name | Status | test date| Machine type |
|-------------------------------------|-----------------|-----------|----------|--------------|
| Debian | 11 |**success**|2023-11-12|ec2-micro |
| Debian (Amd64) | 11 |**success**|2023-11-12| |
| Ubuntu on Ampere Altra (Arm64) | 20.04 |**success**|2022-09-07| |
| Ubuntu | 20.04 |**success**|2022-09-07|Ampere Ultra |
| Ubuntu | 20.04 |-failure- |2023-11-12|ec2-micro |
2022-11-04 08:01:56 +03:00
### Contabo
Tested on Cloud VPS. Contabo sets the hostname to something like `vmi######.contaboserver.net` , Nixos only allows RFC 1035 compliant hostnames ([see here](https://search.nixos.org/options?show=networking.hostName& query=hostname)). Run `hostname something_without_dots` before running the script. If you run the script before changing the hostname - remove the `/etc/nixos/configuration.nix` so it's regenerated with the new hostname.
2023-02-03 22:37:44 +03:00
2022-11-04 08:01:56 +03:00
#### Tested on
|Distribution| Name | Status | test date|
|------------|-----------------|-----------|----------|
|Ubuntu | 22.04 |**success**|2022-09-26|
2022-12-20 08:24:02 +03:00
2022-12-20 08:47:51 +03:00
### Liga Hosting
Liga Hosting works without any issue. You'll need to add your ssh key to the host either during
build time or using `ssh-copy-id` before running nixos-infect
```
#!/bin/sh
2024-03-11 18:31:38 +03:00
curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_CHANNEL=nixos-23.05 bash 2>& 1 | tee /tmp/infect.log
2022-12-20 08:47:51 +03:00
```
#### Tested on
2023-04-11 03:11:41 +03:00
|Distribution| Name | Status | test date|
|------------|-----------------|-----------|----------|
|Debian | 11 |**success**|2022-12-01|
|Ubuntu | 20.04 |**success**|2022-12-01|
|Ubuntu | 22.04 |**success**|2022-12-01|
2022-12-20 08:47:51 +03:00
2022-12-20 08:31:13 +03:00
### AWS Lightsail
2023-04-11 03:11:41 +03:00
Make sure to set `PROVIDER="lightsail"` .
2022-12-20 08:31:13 +03:00
Setting a root ssh key manually is not necessary, the key provided as part of the instance launch process will be used.
If you run into issues, debug using the most similar ec2 instance that is on the Nitro platform. Nitro platform instances have a serial console that allow you to troubleshoot boot issues, and Lightsail instances are just EC2 with a different pricing model and UI.
2022-12-20 08:28:21 +03:00
### Windcloud
Tested on vServer. The network configuration seems to be important so the same tweaks as for DigitalOcean are necessary (see above).
2023-02-03 22:37:44 +03:00
2022-12-20 08:28:21 +03:00
#### Tested on
|Distribution| Name | Status | test date|
|------------|-----------------|-----------|----------|
|Ubuntu | 20.04 |**success**|2022-12-09|
2022-12-20 08:26:47 +03:00
### ServArica
Requires the same static network settings that Digital Ocean does.
2024-03-11 18:31:38 +03:00
curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | PROVIDER=servarica NIX_CHANNEL=nixos-23.05 bash
2022-12-20 08:26:47 +03:00
#### Tested on
|Distribution| Name | Status | test date|
|------------|-----------------|-----------|----------|
2022-12-20 08:31:13 +03:00
|Debian | 11.4 |**success**|2022-12-12|
2022-12-20 08:26:47 +03:00
|Ubuntu | 20.04 | success |2022-11-26|
2022-12-20 08:24:02 +03:00
### Clouding.io
I could not get it to run via UserData scripts, but downloading and executing the script worked flawlessly.
2023-02-03 22:37:44 +03:00
#### Tested on
2022-12-20 08:24:02 +03:00
|Distribution| Name | Status | test date|
|------------|-----------------|-----------|----------|
|Debian | 11 |**success**|2022-12-20|
2022-12-20 08:26:47 +03:00
2023-02-03 22:37:44 +03:00
### Scaleway
2023-04-11 03:11:41 +03:00
As of November 2020, it is easy to get a NixOS VM running on Scaleway by using nixos-infect and Scaleway's support for cloud init.
All that is needed is to follow the nixos-infect recipe for Digital Ocean, removing the Digital Ocean-specific stuff.
2023-02-03 22:37:44 +03:00
So, pragmatically, start an Ubuntu or Fedora VM and use something like the following as your cloud-init startup script:
```cloud-init
#cloud-config
write_files:
- path: /etc/nixos/host.nix
permissions: '0644'
content: |
{pkgs, ...}:
{
environment.systemPackages = with pkgs; [ tmux ];
}
runcmd:
2024-03-11 18:31:38 +03:00
- curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIXOS_IMPORT=./host.nix NIX_CHANNEL=nixos-23.05 bash 2>& 1 | tee /tmp/infect.log
2023-02-03 22:37:44 +03:00
```
#### Tested on
|Distribution| Name | Status | test date|
|------------|-----------------|-----------|----------|
|Ubuntu | 20.04 | success |2020-11-??|
2023-09-14 17:29:25 +03:00
### RackNerd
Remember that the SSH keys are not automatically generated/uploaded,
so you need to create them as usual with `ssh-keygen` or some other means,
add the public key to the `.ssh/authorized_keys` file on the remote host,
and have a copy of the private key on your local box.
On RackNerd's Ubuntu 20.04, there's no `curl` by default, so `wget -O-` needs to be used instead:
```command
2024-03-11 18:31:38 +03:00
# wget -O- https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_CHANNEL=nixos-23.05 bash -x
2023-09-14 17:29:25 +03:00
```
#### Tested on
|Distribution| Name | Status | test date|
|------------|--------|----------------------------|------------|
|AlmaLinux | 8 | _failure (`tar` missing)_ | 2023-08-29 |
|Ubuntu | 20.04 | **success** | 2023-08-29 |