mirror of
https://github.com/elitak/nixos-infect.git
synced 2024-12-23 08:38:28 +03:00
198 lines
7.7 KiB
Markdown
198 lines
7.7 KiB
Markdown
# NixOS-Infect
|
|
|
|
## What is this?
|
|
A script to install NixOS on non-NixOS hosts.
|
|
|
|
NixOS-Infect is so named because of the high likelihood of rendering a system inoperable.
|
|
Use with extreme caution and preferably only on newly provisioned systems.
|
|
|
|
This script has successfully been tested on at least the follow hosting providers and plans:
|
|
|
|
* [DigitalOcean](https://www.digitalocean.com/products/droplets/)
|
|
* [Hetzner Cloud](https://www.hetzner.com/cloud)
|
|
* [Vultr](https://www.vultr.com/)
|
|
* [Interserver VPS](https://www.interserver.net/vps/)
|
|
* [Tencent Cloud Lighthouse](https://cloud.tencent.com/product/lighthouse)
|
|
* [OVHcloud](https://www.ovh.com/)
|
|
* [Oracle Cloud Infrastructure](https://www.oracle.com/cloud/)
|
|
|
|
Should you find that it works on your hoster,
|
|
feel free to update this README and issue a pull request.
|
|
|
|
## Motivation
|
|
|
|
Motivation for this script: nixos-assimilate should supplant this script entirely,
|
|
if it's ever completed.
|
|
nixos-in-place was quite broken when I tried it,
|
|
and also took a pretty janky approach that was substantially more complex than this
|
|
(although it supported more platforms):
|
|
it didn't install to root (/nixos instead),
|
|
left dregs of the old filesystem
|
|
(almost always unnecessary since starting from a fresh deployment),
|
|
and most importantly, simply didn't work for me!
|
|
(old system was being because grub wasnt properly reinstalled)
|
|
|
|
## How do I use it?
|
|
|
|
0) **Read and understand the [the script](./nixos-infect)**
|
|
1) Deploy any custom configuration you want on your host
|
|
2) Deploy your host as non-Nix Operating System.
|
|
3) Deploy an SSH key for the root user.
|
|
|
|
> *NB:* This step is important.
|
|
> The root user will not have a password when nixos-infect runs to completion.
|
|
> To enable root login, you *must* have an SSH key configured.
|
|
|
|
4) run the script with:
|
|
```
|
|
curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_CHANNEL=nixos-21.11 bash -x
|
|
```
|
|
|
|
*NB*: This script wipes out the targeted host's root filesystem when it runs to completion.
|
|
Any errors halt execution.
|
|
A failure will leave the system in an inconsistent state,
|
|
and so it is advised to run with `bash -x`.
|
|
|
|
## Hoster notes:
|
|
### Digital Ocean
|
|
You may utilize Digital Ocean's "user data" mechanism (found in the Web UI or HTTP API),
|
|
and supply to it the following example yaml stanzas:
|
|
|
|
```yaml
|
|
#cloud-config
|
|
|
|
runcmd:
|
|
- curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | PROVIDER=digitalocean NIX_CHANNEL=nixos-21.11 bash 2>&1 | tee /tmp/infect.log
|
|
```
|
|
|
|
#### Potential tweaks:
|
|
- `/etc/nixos/{,hardware-}configuration.nix`: rudimentary mostly static config
|
|
- `/etc/nixos/networking.nix`: networking settings determined at runtime tweak if no ipv6, different number of adapters, etc.
|
|
|
|
```yaml
|
|
#cloud-config
|
|
write_files:
|
|
- path: /etc/nixos/host.nix
|
|
permissions: '0644'
|
|
content: |
|
|
{pkgs, ...}:
|
|
{
|
|
environment.systemPackages = with pkgs; [ vim ];
|
|
}
|
|
runcmd:
|
|
- curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | PROVIDER=digitalocean NIXOS_IMPORT=./host.nix NIX_CHANNEL=nixos-21.11 bash 2>&1 | tee /tmp/infect.log
|
|
```
|
|
|
|
|
|
#### Tested on
|
|
|Distribution| Name | Status | test date|
|
|
|------------|-----------------|-----------|----------|
|
|
|CentOS |6.9 x32 | _failure_ |2020-03-30|
|
|
|CentOS |6.9 x64 | _failure_ |2020-03-30|
|
|
|CentOS |7.6 x64 | _failure_ |2020-03-30|
|
|
|CentOS |8.1 x64 |**success**|2020-03-30|
|
|
|CoreOS |2345.3.0 (stable)| _unable_ |2020-03-30|
|
|
|CoreOS |2411.1.0 (beta) | _unable_ |2020-03-30|
|
|
|CoreOS |2430.0.0 (alpha) | _unable_ |2020-03-30|
|
|
|Debian |10.3 x64 |**success**|2020-03-30|
|
|
|Debian |9.12 x64 |**success**|2020-03-30|
|
|
|Fedora |30 x64 |**success**|2020-03-30|
|
|
|Fedora |31 x64 |**success**|2020-03-30|
|
|
|FreeBSD |11.3 x64 ufs | _failure_ |2020-03-30|
|
|
|FreeBSD |11.3 x64 zfs | _failure_ |2020-03-30|
|
|
|FreeBSD |12.1 x64 ufs | _failure_ |2020-03-30|
|
|
|FreeBSD |12.1 x64 zfs | _failure_ |2020-03-30|
|
|
|RancherOS |v1.5.5 | _unable_ |2020-03-30|
|
|
|Ubuntu |16.04.6 (LTS) x32|**success**|2020-03-30|
|
|
|Ubuntu |16.04.6 (LTS) x64|**success**|2020-03-30|
|
|
|Ubuntu |18.04.3 (LTS) x64|**success**|2020-03-30|
|
|
|Ubuntu |19.10 x64 |**success**|2020-03-30|
|
|
|
|
### Vultr
|
|
|
|
To set up a NixOS Vultr server,
|
|
instantiate an Ubuntu box with the following "Startup Script":
|
|
|
|
```bash
|
|
#!/bin/sh
|
|
|
|
curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_CHANNEL=nixos-21.11 bash
|
|
```
|
|
|
|
Allow for a few minutes over the usual Ubuntu deployment time for NixOS to download & install itself.
|
|
|
|
#### Tested on
|
|
|Distribution| Name | Status | test date| Slug | ID |
|
|
|------------|-----------------|-----------|----------|------------------|---------|
|
|
| Ubuntu | 18.10 x64 |**success**|(Unknown) | (Unknown) |(Unknown)|
|
|
|
|
|
|
### Hetzner cloud
|
|
|
|
Hetzner cloud works out of the box.
|
|
When creating a server provide the following script as "User data":
|
|
|
|
```
|
|
#!/bin/sh
|
|
|
|
curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_CHANNEL=nixos-21.11 bash 2>&1 | tee /tmp/infect.log
|
|
```
|
|
|
|
#### Tested on
|
|
|Distribution| Name | Status | test date|
|
|
|------------|-----------------|-----------|----------|
|
|
|Debian | 11 |**success**|2021-11-26|
|
|
|Ubuntu | 20.04 x64 |**success**|(Unknown) |
|
|
|
|
### InterServer VPS
|
|
#### Tested on
|
|
|Distribution| Name | Status | test date|
|
|
|------------|-----------------|-----------|----------|
|
|
|Debian | 9 |**success**|2021-01-29|
|
|
|Debian | 10 |**success**|2021-01-29|
|
|
|Ubuntu | 20.04 |**success**|2021-01-29|
|
|
|Ubuntu | 18.04 |**success**|2021-01-29|
|
|
|Ubuntu | 14.04 |**success**|2021-01-29|
|
|
|
|
|
|
### Tencent Cloud Lighthouse
|
|
|
|
Tencent Cloud Lighthouse **Hong Kong** Region Works out of the box.
|
|
|
|
Other Regions in China may not work because of the unreliable connection between China and global Internet or [GFW](https://en.wikipedia.org/wiki/Great_Firewall).
|
|
|
|
#### Tested on
|
|
|Distribution| Name | Status | test date|
|
|
|------------|-----------------|-----------|----------|
|
|
|Debian | 10 |**success**|2021-03-11|
|
|
|
|
|
|
### OVHcloud
|
|
|
|
Before executing the install script, you may need to check your mounts with `df -h`. By default, OVH adds a relatively short in memory `tmpfs` mount on the `/tmp` folder, so the install script runs short in memory and fails. Just execute `umount /tmp` before launching the install script. Full install process described [here](https://lyderic.origenial.fr/install-nixos-on-ovh)
|
|
|
|
|Distribution| Name | Status | test date|
|
|
|------------|-------------------|-----------|----------|
|
|
|Arch Linux | Arch Linux x86-64 |**success**|2021-03-25|
|
|
|Debian | 10 |**success**|2021-04-29|
|
|
|Debian | 11 |**success**|2021-11-17|
|
|
|
|
### Oracle Cloud Infrastructure
|
|
Tested for both VM.Standard.E2.1.Micro (x86) and VM.Standard.A1.Flex (AArch64) instances.
|
|
#### Tested on
|
|
|Distribution| Name | Status | test date|
|
|
|------------|-----------------|-----------|----------|
|
|
|Oracle Linux| 7.9 |**success**|2022-01-08|
|
|
|
|
After infection, you will have to use `root` instead of the non-privileged user to enter the instance with SSH.
|
|
|
|
### Aliyun ECS
|
|
|
|
Aliyun ECS tested on ecs.s6-c1m2.large, region **cn-shanghai**, needs a little bit tweaks:
|
|
|
|
- replace nix binary cache with [tuna mirror](https://mirrors.tuna.tsinghua.edu.cn/help/nix/) (with instructions in the page)
|
|
|
|
#### Tested on
|
|
|Distribution| Name | Status | test date|
|
|
|------------|-----------------|-----------|----------|
|
|
|Ubuntu | 20.04 |**success**|2021-12-28|
|