You are browsing as a guest. Sign up (or log in) to start making projects!

nix vps config

By @moon

  • 5 Devlogs
  • 10 Total hours

its my vps config made in nix! I'll be trying to run everything baremetal and only some things under containers (like docker or podman)
Open comments for this post

@moon on nix vps config

1h 25m 45s logged

I added what I always forget to do because I am lazy!!! A readme. That’s it. There’s not much to it, like I explain about the secret stuff and services AND how to deploy it. short short commit that make other people than me happy

@moon

I added what I always forget to do because I am lazy!!! A readme. That’s it. There’s not much to it, like I explain about the secret stuff and services AND how to deploy it. short short commit that make other people than me happy

Replying to @moon
0
1
Open comments for this post

@moon on nix vps config

1h 39m 19s logged

okay so today was mostly “polish and quality of life” stuff… if you can call it that.
i added a proper nix dev shell so when i’m working on the config I just do nix develop and boom I have deploy-rs, agenix and nixos-anywhere all ready to go without installing anything globally. pretty neat (thanks you tube).
also added nixfmt-tree as the formatter so the nix files are all consistently formatted now, no more weird stuff i guess… i mean they ARE already correctly formatted (somehow) so this was useless.
fixed a stupid issue with mr home manager where it really wasnt homemanaging mr fish aliases because stupid me didnt know you had to set the fish shell to “enabled” to be able to use the aliases that i set on the home manager thingy when i already have IT enabled on the whole system (right?).
anddd added a motd when going into the vps with the name that i’ve give to the vps, it just shows disk usage, ram and swap usage, and uptime. now when i am bored i can ssh to my vps and see pretty stats and be again bored for the rest of the day and keep repeating the cycle until i am dust.
honestly the vps config feels pretty much done at this point. i think the service factory is working (gotta test it with my auth thingy), caddy with cloudflare is set up (don’t know if it really works yet), agenix for secrets, tailscale, postgres with per service users, deploy-rs for deploying… i just gotta deploy something to it so i can have something to actually show, like “oh yeah look at my auth server, its running my vps!11!1 woo… (silence)”. oh right, i also did “nix flake update”. what a useless devlog

@moon

okay so today was mostly “polish and quality of life” stuff… if you can call it that.
i added a proper nix dev shell so when i’m working on the config I just do nix develop and boom I have deploy-rs, agenix and nixos-anywhere all ready to go without installing anything globally. pretty neat (thanks you tube).
also added nixfmt-tree as the formatter so the nix files are all consistently formatted now, no more weird stuff i guess… i mean they ARE already correctly formatted (somehow) so this was useless.
fixed a stupid issue with mr home manager where it really wasnt homemanaging mr fish aliases because stupid me didnt know you had to set the fish shell to “enabled” to be able to use the aliases that i set on the home manager thingy when i already have IT enabled on the whole system (right?).
anddd added a motd when going into the vps with the name that i’ve give to the vps, it just shows disk usage, ram and swap usage, and uptime. now when i am bored i can ssh to my vps and see pretty stats and be again bored for the rest of the day and keep repeating the cycle until i am dust.
honestly the vps config feels pretty much done at this point. i think the service factory is working (gotta test it with my auth thingy), caddy with cloudflare is set up (don’t know if it really works yet), agenix for secrets, tailscale, postgres with per service users, deploy-rs for deploying… i just gotta deploy something to it so i can have something to actually show, like “oh yeah look at my auth server, its running my vps!11!1 woo… (silence)”. oh right, i also did “nix flake update”. what a useless devlog

Replying to @moon
0
1
Open comments for this post

@moon on nix vps config

3h 16m 40s logged

okay, we got now what I call “the service factory” (wooo). Instead of C&P the same systemd boilerplate and caddy config, postgres user and database setup and agenix env loading every single time i want to slap a new service on the server. Sooo, I just call makeService (that’s the name I gave it) with a name, a flake, and then whatever config like domain or postgres config and boom works.

everything is nested underneath the “moonix” umbrella, which is neat. I set up options for the typical stuff like enabling or disabling the service and the other things i commented up there. I mean, it is a bit janky with me doing some stupid things but it works! And i even “hardened” the systemd service of the service, which i didn’t know even existed but okay lol.

AH, and i also fixed the stupid interactiveSudo annoying “hey it aint secure using a password, you should use a ssh key correctly setup, dummy.” by just setting the sudo security to none :D. I am using ssh keys anyway to connect to the vps, might have thrown to the trash the security but i dunno :3.

AND one of the cool hings about this factory thingy is that now each service gets its own postgres user and database automagically. Like, it creates its role and databases with the service being the owner without me doing anything… so no manual labor muahahahaahhahahahah.

I mean, this is pretty short and quick but GOD i take too much time trying to make stuff and then having to search and stuff because it aint working as I wanted lol, but still, I do be eating too much time for simple things like god. Even the commit changes are really tiny like gosh. the only great thing is that I am will no longer touch this hecking thing, I will JUST USE IT and boom deployment made.

oh god, nono, I just thought about automated deploys via github’s ci. i actually don’t even hecking know how would that even work agh, hecking hell.

@moon

okay, we got now what I call “the service factory” (wooo). Instead of C&P the same systemd boilerplate and caddy config, postgres user and database setup and agenix env loading every single time i want to slap a new service on the server. Sooo, I just call makeService (that’s the name I gave it) with a name, a flake, and then whatever config like domain or postgres config and boom works.

everything is nested underneath the “moonix” umbrella, which is neat. I set up options for the typical stuff like enabling or disabling the service and the other things i commented up there. I mean, it is a bit janky with me doing some stupid things but it works! And i even “hardened” the systemd service of the service, which i didn’t know even existed but okay lol.

AH, and i also fixed the stupid interactiveSudo annoying “hey it aint secure using a password, you should use a ssh key correctly setup, dummy.” by just setting the sudo security to none :D. I am using ssh keys anyway to connect to the vps, might have thrown to the trash the security but i dunno :3.

AND one of the cool hings about this factory thingy is that now each service gets its own postgres user and database automagically. Like, it creates its role and databases with the service being the owner without me doing anything… so no manual labor muahahahaahhahahahah.

I mean, this is pretty short and quick but GOD i take too much time trying to make stuff and then having to search and stuff because it aint working as I wanted lol, but still, I do be eating too much time for simple things like god. Even the commit changes are really tiny like gosh. the only great thing is that I am will no longer touch this hecking thing, I will JUST USE IT and boom deployment made.

oh god, nono, I just thought about automated deploys via github’s ci. i actually don’t even hecking know how would that even work agh, hecking hell.

Replying to @moon
0
1
Open comments for this post

@moon on nix vps config

2h 22m 2s logged

pew pew. I added tailscale, happily learn that home manager and agenix exists and we got caddy with cloudflare dns working!!

why tailscale?… well, with it i don’t need to expose my machine to the outside world, i can just connect to it via tailscale and do the same stuff i would if i was connecting to it via its public ip. Now i can just firewall it and only let in cloudflare ips :D.

home manager to just give me the birb kisses (mwa :3), giving me the same stuff I already have on mah terminal in my arch laptop but on my vps AND it do be using some pretty syntax making me not juggle around config files for each hecking thing I want to add. and also it lets me install stuff for “my user” instead of the whole system, pretty neat.

AGENIX, ah, storing secrets havent been easier. I just have to do “agenix -e name.age” set the secrets in there and boom, i can use it in my config file without worrying about it being exposed because i somehow committed the .env file. It just decrypts it on the vps, i just followed the tutorial on the agenix repo and it really was straight forward. sadly i have to manually set the “where is this secret stored” to be able to really use it (i just use another .nix file to not make my main config file too cluttered with stuffies).

and finally, caddy with cloudflare dns. at first i was thinking about using cloudflared (cloudflare tunnels) but i indeed ended up not using it because I AM ALREADY PAYING FOR A ipv4 ADDRESS FOR GODS sake, soooo I just set up caddy with cloudflare dns, had some problemos because it didn’t like having “https://” on the url and that i needed a dummy hash so when building the flake (is that how its called?) it would give me the real hash. The idea is that i make something that lets me make new services, like a pretty template, setting up the caddy config, a systemd service and a user with a group for it.

oh and also, i enabled postgresql. there’s not much about, i just set it as an enabled service lol.

@moon

pew pew. I added tailscale, happily learn that home manager and agenix exists and we got caddy with cloudflare dns working!!

why tailscale?… well, with it i don’t need to expose my machine to the outside world, i can just connect to it via tailscale and do the same stuff i would if i was connecting to it via its public ip. Now i can just firewall it and only let in cloudflare ips :D.

home manager to just give me the birb kisses (mwa :3), giving me the same stuff I already have on mah terminal in my arch laptop but on my vps AND it do be using some pretty syntax making me not juggle around config files for each hecking thing I want to add. and also it lets me install stuff for “my user” instead of the whole system, pretty neat.

AGENIX, ah, storing secrets havent been easier. I just have to do “agenix -e name.age” set the secrets in there and boom, i can use it in my config file without worrying about it being exposed because i somehow committed the .env file. It just decrypts it on the vps, i just followed the tutorial on the agenix repo and it really was straight forward. sadly i have to manually set the “where is this secret stored” to be able to really use it (i just use another .nix file to not make my main config file too cluttered with stuffies).

and finally, caddy with cloudflare dns. at first i was thinking about using cloudflared (cloudflare tunnels) but i indeed ended up not using it because I AM ALREADY PAYING FOR A ipv4 ADDRESS FOR GODS sake, soooo I just set up caddy with cloudflare dns, had some problemos because it didn’t like having “https://” on the url and that i needed a dummy hash so when building the flake (is that how its called?) it would give me the real hash. The idea is that i make something that lets me make new services, like a pretty template, setting up the caddy config, a systemd service and a user with a group for it.

oh and also, i enabled postgresql. there’s not much about, i just set it as an enabled service lol.

Replying to @moon
0
2
Open comments for this post

@moon on nix vps config

1h 23m 34s logged

wow. that’s nix, first time touching it and god its soo cool but i don’t understand anything. i am serious, i have to watch some tutorials to understand how it works, but its cool nonetheless.

The use ill be giving it is to host my apps in my vps because i think its quite a bit wasteful to make a docker container running my already compiled rust binary, plus ill be trying to run stuff baremetal instead of running containers for small things …… its a tiny vp, not a big one because i am not made out of gold or precious items that a space birb can have (i have none ;3). I mean, i am following the nixos on hetzner guide and from the start it didn’t work because the vps didnt like to use kexec so I tried searching around, and found out about hetzner’s rescue system because i saw it on the dashboard, used it and boom it worked.

AND for the next minutes you have me hecking around with the stuff to try to learn by uhh touching stuff and then i broke it and it didnt install anymore. At that point i found out about the “nix-starter-configs” and boom it works again without doing much. i guess this will not take too much time to setup BUT it is useful on the long run :D

@moon

wow. that’s nix, first time touching it and god its soo cool but i don’t understand anything. i am serious, i have to watch some tutorials to understand how it works, but its cool nonetheless.

The use ill be giving it is to host my apps in my vps because i think its quite a bit wasteful to make a docker container running my already compiled rust binary, plus ill be trying to run stuff baremetal instead of running containers for small things …… its a tiny vp, not a big one because i am not made out of gold or precious items that a space birb can have (i have none ;3). I mean, i am following the nixos on hetzner guide and from the start it didn’t work because the vps didnt like to use kexec so I tried searching around, and found out about hetzner’s rescue system because i saw it on the dashboard, used it and boom it worked.

AND for the next minutes you have me hecking around with the stuff to try to learn by uhh touching stuff and then i broke it and it didnt install anymore. At that point i found out about the “nix-starter-configs” and boom it works again without doing much. i guess this will not take too much time to setup BUT it is useful on the long run :D

Replying to @moon
0
3

Followers

Loading…