Payload Logo
Tech

First Steps with NixOS

Author

Jonathan

Date Published

A pair of hands working some kind of machine with a wrench.

I got infected by the NixOS Virus. I've been hearing about this declarative operating system stuff for a while now but never got intrigued enough to try it out. Partly because I knew it would be a huge time-sink.

Last week I started thinking about converting my VPS into a NixOS machine. It's not much more than a proxy for my Unraid Server at home. It exposes a bunch of services to the internet using tailscale and hosts my homepage and this blog. Seems like an easy target for trying out NixOS.

Deployment

Remote deployment took me a few hours/weeks/??? to grasp and to configure. I settled for nixos-anywhere.

Now the workflow for setting up the server from scratch looks like:

  • Create a new machine at Hetzner, make sure you add a SSH key
  • Run the init.sh in my nixos repo and watch the magic happen

Could not be any simpler.

To update the system, I just change the configuration and run another script, aptly named pu.sh which essentially runs the nixos-rebuild command with a few options.

Homeserver Proxy

I have Tailscale running on most of my devices. This enables me to use my VPS as a proxy for my homeserver, so I have access to my local Nextcloud over a public domain, without being in the Tailnet myself. In my Tailscale ACLs I allowed the VPS to only access ports which these public services need and added a smol virtual host to my caddy configuration:

1{ ... }:
2let
3  domain = "cloud.inhji.de";
4  host = "neuromancer.banded-sun.ts.net";
5  port = "11000";
6in
7{
8  # Virtual Host
9  services.caddy.virtualHosts.${domain}.extraConfig = ''
10    reverse_proxy ${host}:${port}
11  '';
12}


That's it for now. This is a complete enough setup which I can let run.

Now If you'll excuse me, I will go out and touch some grass.

First Steps with NixOS | Inhji.de