diff options
| author | user@node5.net <user@node5.net> | 2026-05-30 08:58:46 +0200 |
|---|---|---|
| committer | user@node5.net <user@node5.net> | 2026-05-30 08:58:46 +0200 |
| commit | c70b805d3fe4384aa7c5119441f3fc64b0715619 (patch) | |
| tree | 016f39f2edebcee447abee9e6cde60c870dab50d | |
| parent | 812ec4452197c1dd6a56681d409f6d08f94c92e8 (diff) | |
Nix on my server: Do another passthrough improving various things
| -rw-r--r-- | NixOS on my server/index.md | 30 |
1 files changed, 25 insertions, 5 deletions
diff --git a/NixOS on my server/index.md b/NixOS on my server/index.md index 1ae1c27..28a15c4 100644 --- a/NixOS on my server/index.md +++ b/NixOS on my server/index.md @@ -10,7 +10,8 @@ as it mainly serves as my playground. I will be deploying nix the nix way, to get the full benefits. This means transition all my services to being fully declared with nix. -My services: +## My services: + - 1 static NGINX website - 1 CGit instance - 4 python flask applications @@ -25,8 +26,8 @@ you'll be supprised how many small things you've set up over the years ### Problem -I recently set out to migrate this server to NixOS. -It's only available over wireguard, when running `nixos-rebuild switch` with the wireguard address as `--target-host`, + +This server is only available over wireguard, when running `nixos-rebuild switch` with the wireguard address as `--target-host`, it's really easy to set some config option that makes the system unreachable. ### Simple native solution @@ -51,7 +52,12 @@ dry-activate: show what would be done if this configuration were activated ``` Now it would be nice if there was an automated rollback in case the system became unreachable. -This could be as simple as: run a root tmux with `sleep 300 && /run/booted-system/bin/switch-to-configuration` +This could be as simple as: run a root tmux with + +```bash +sleep 300 && /run/booted-system/bin/switch-to-configuration +``` + However what does it do if an activation take more than 5 minutes, what if you forget? Plus i even had once where the wireguard service didn't come up by it self again. It would be nicer with a purpose build tool. @@ -67,6 +73,10 @@ and instructing the target node to automatically roll back if it is not confirme Here's a nice [deploy-rs setup guide - crystalwobsite.gay](https://crystalwobsite.gay/posts/2025-02-09-deploying_nixos#deploying-via-flakes) +#### Test server + +Let's try it out on a test server + <pre> <span style="font-weight:bold;">diff --git a/flake.nix b/flake.nix</span> <span style="font-weight:bold;">index a056d72..b47d632 100644</span> @@ -223,7 +233,15 @@ note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace ~/dot-files master *4 +6 !5 ───────────────────────────────────────────── ✔ 1|0 1m 29s impure 21:38:27 </pre> ---- +Success! + +``` +🚀 ❌ [deploy] [ERROR] Deployment to node node5-test failed, rolled back to previous generation +``` + +#### Prod server wireguard + +Cool, let's ship it to prod 🚢 <pre> 🚀 ℹ️ [deploy] [<span style="color:#00ffff;">INFO</span>] Running checks for flake in /home/user/dot-files/ @@ -250,6 +268,8 @@ stopping the following units: wg-quick-wg0.service </pre> +Bollocks, it still takes down the wireguard service as part of the deployment, and doesn't recover automatically. +Solution: switch from wg-quick to native wireguard. <pre> <span style="font-weight:bold;">diff --git a/modules/hosts/node5-test/wireguard.nix b/modules/hosts/node5-test/wireguard.nix</span> |