nixos-and-flakes-book/docs/best-practices/remote-deployment.md

56 lines
2.3 KiB
Markdown
Raw Normal View History

2023-07-04 04:18:46 +00:00
# Remote Deployment
2023-06-23 14:22:13 +00:00
2023-07-04 04:18:46 +00:00
Deploying NixOS configuration to remote hosts can be accomplished using tools like [NixOps](https://github.com/NixOS/nixops), [deploy-rs](https://github.com/serokell/deploy-rs), and [colmena](https://github.com/zhaofengli/colmena). However, if you prefer a simpler approach, you can use the built-in remote deployment capability of `nixos-rebuild` with SSH protocol.
2023-06-23 14:22:13 +00:00
2023-07-04 04:18:46 +00:00
Before using `nixos-rebuild` for remote deployment, there are a few prerequisites:
2023-06-23 14:22:13 +00:00
2023-07-04 04:18:46 +00:00
1. Configure SSH public key authentication for the remote hosts.
2. To prevent sudo password verification failures, either deploy as the `root` user or grant the user sudo permission without password verification.
- Related issue: <https://github.com/NixOS/nixpkgs/issues/118655>
2023-06-23 14:22:13 +00:00
2023-07-04 04:18:46 +00:00
Once the above configurations are in place, you can deploy the configuration to the server using the following command:
2023-06-23 14:22:13 +00:00
```bash
2023-07-04 04:18:46 +00:00
# 1. Add the SSH key to ssh-agent first
2023-06-23 14:22:13 +00:00
ssh-add ~/.ssh/ai-idols
2023-07-04 04:18:46 +00:00
# 2. Deploy the configuration to the remote host, using the SSH key added in step 1.
# The username defaults to `$USER`, in my case, it's `ryan`.
2023-06-23 14:22:13 +00:00
nixos-rebuild --flake .#aquamarine --target-host 192.168.4.1 --build-host 192.168.4.1 switch --use-remote-sudo --verbose
```
2023-07-04 04:18:46 +00:00
The command above will build and deploy the configuration to the `aquamarine` server, and the build process will also execute on `aquamarine`. The `--use-remote-sudo` option indicates that sudo permission is required on the remote server for deploying the configuration.
2023-06-23 14:22:13 +00:00
2023-07-04 04:18:46 +00:00
If you prefer to build the configuration locally and deploy it to the remote server, replace `--build-host aquamarine` with `--build-host localhost`. Additionally, instead of using the IP address directly, you can define host aliases in `~/.ssh/config` or `/etc/ssh/ssh_config`. For example:
2023-06-23 14:22:13 +00:00
2023-07-04 04:18:46 +00:00
> The SSH config can be generated entirely through Nix configuration, and this task is left to you.
2023-06-23 14:22:13 +00:00
```bash
cat ~/.ssh/config
# ......
Host ai
HostName 192.168.5.100
Port 22
Host aquamarine
HostName 192.168.5.101
Port 22
Host ruby
HostName 192.168.5.102
Port 22
Host kana
HostName 192.168.5.103
Port 22
```
2023-07-04 04:18:46 +00:00
You can then use the host aliases to deploy the configuration:
2023-06-23 14:22:13 +00:00
```bash
nixos-rebuild --flake .#aquamarine --target-host aquamarine --build-host aquamarine switch --use-remote-sudo --verbose
```
2023-07-04 04:18:46 +00:00
This allows for more convenient deployment using the defined host aliases.