We'll use NixOps to deploy, so we need to install it
nix-env -i nixops
And to deploy on DigitalOcean we need to have an account and create an API access token for it.
Let's start by configuring our server, I'll store mine in testserver.nix
.
This is just the same as your plain old configuration.nix
for the server
but assigned to a variable. This allows us to declare multiple different servers.
It's also possible to declare some details about the network of servers in
the configuration. Currently description
and enableRollback
are supported.
These were hard to find but seems to be defined by the python script
development.py
{
network.description = "Network description";
servername = { config, pkgs, ... }: {
# server configuration
}
}
Before we can deploy we'll need to define the environment for the server to run in.
This can be done through the deployment.*
directives in a server configuration.
For sanitys sake I'll keep it in a separate file testserver_hw.nix
. In this file
I'll also store the references to the ssh-keys with
resources.sshKeyPairs.ssh-key = {
publicKey = builtins.readFile ./tstKey.pub;
privateKey = builtins.readFile ./tstKey;
}
Lastly we'll generate these ssh-keys by running ssh-keygen
and name them the the
same as in the configuration.
So now that we're all configured. We'll tell NixOps to add the network
nixops create ./testserver.nix ./testserver_hw.nix --deployment testserver_DO
We can see that the operation was successfull by entering the command
$ nixops info --deployment testserver_DO
Network name: testserver_DO
Network UUID: 80b97b02-f857-11e7-985d-1002b500deb7
Network description: Test server
Nix expressions: /path/to/testserver.nix /path/to/testserver_hw.nix
+------------+----------------------+--------------+-------------+------------+
| Name | Status | Type | Resource Id | IP address |
+------------+----------------------+--------------+-------------+------------+
| testserver | Missing / Up-to-date | digitalOcean | | |
| ssh-key | Up / Up-to-date | ssh-keypair | | |
+------------+----------------------+--------------+-------------+------------+
Now, the deployment.digitalOcean.authToken
option doesn't seem to work, so we'll
add it to our environmnet variables instead
export DIGITAL_OCEAN_AUTH_TOKEN={{API TOKEN}}
And finally we can deploy it
nixops deploy --deployment testserver_DO
NixOps will create an Ubuntu droplet and try to change it to NixOS and deploy the server.
This might take a while. In the end you'll hopefully see testserver_DO> deployment finished successfully
I'm surprised a Nix-hosted auth token is even an option, considering it would inevitably end up somewhere in the /nix/store aka world readable.