TARDIS Project

User Tools

Site Tools

Trace:
howto:specific:nix_hosts

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

howto:specific:nix_hosts [2023/07/29 11:14] – created tcmalhowto:specific:nix_hosts [2023/08/25 23:05] (current) tcmal
Line 24: Line 24:
  
 ==== Installing Nix ==== ==== Installing Nix ====
- 
  
 You'll need something running *nix - either a VM or WSL. MacOS (Darwin) should work, but we haven't tested it. You'll need something running *nix - either a VM or WSL. MacOS (Darwin) should work, but we haven't tested it.
Line 38: Line 37:
 If you do use the official Nix installer, add ''extra-experimental-features = flakes nix-command'' so you can use these extra features. Don't worry - they're barely experimental anymore and are pretty widely deployed. If you do use the official Nix installer, add ''extra-experimental-features = flakes nix-command'' so you can use these extra features. Don't worry - they're barely experimental anymore and are pretty widely deployed.
  
-==== Extra Setup ==== +For this to work, we need to have passwordless ssh to whatever host you are deploying to. This involves proxying through our SSH bastion. You can find more details [[howto:ssh_proxy|here]], but you'll need to add something like this **to ''/etc/ssh/ssh_config''**:
- +
-Remote building works like this: +
- +
-  - Upload your sources to our build server +
-  - Have it build it +
-  - When you deploy, everything gets downloaded from the build server +
- +
-For packages we're not building (most packages that we haven't modified), we want the build server to download it directly from Nix's cache, as opposed to the default where you download it then copy to the build server. +
-To fix this, add ''builders-use-substitutes = true'' to ''/etc/nix/nix.conf''+
- +
-Lastly, we need //root// to have passwordless ssh to ''nixbuild.internal.tardisproject.uk''. This involves proxying through our SSH bastion. You can find more details [[howto:ssh_proxy|here]], but you'll need to add something like this **to ''/etc/ssh/ssh_config''**:+
  
 <code> <code>
Line 57: Line 45:
     HostName tardisproject.uk     HostName tardisproject.uk
  
-Host nixbuild.internal.tardisproject.uk+Host web.tardisproject.uk
     User root     User root
-    HostName nixbuild.internal.tardisproject.uk+    HostName web.internal.tardisproject.uk
     ProxyJump tardis     ProxyJump tardis
     IdentityFile /path/to/tardis/admin/key     IdentityFile /path/to/tardis/admin/key
 </code> </code>
  
-[[hosts:virtual_machines:nixbuild:nix_build_server|This page]] has more info on Nix build servers, and how they're used. 
- 
-Finally, for deployment, you'll need to be able to ssh (from your user) into ''%%<hostname>.tardisproject.uk%%'' without any password. This is covered [[howto:ssh_proxy|here]]. 
- 
-If you've gotten this far, test everything with these commands: 
- 
-<code> 
-# Test using the remote build server 
-nix store ping --store ssh://nixbuild.internal.tardisproject.uk 
-# Test passwordless SSH to root@ wherever youre deploying 
-ssh web.tardisproject.uk 
-</code> 
- 
-==== Doing the thing ==== 
  
 Now that you're all setup, you can use the 3 scripts in our repo for most tasks: Now that you're all setup, you can use the 3 scripts in our repo for most tasks:
howto/specific/nix_hosts.1690629260.txt.gz · Last modified: 2023/07/29 11:14 by tcmal