Threads for ratsclub

  1. 3

    I had the experience of migrating my Debian VPS to my own NixOS box under my table this past few weeks and I had a similar experience as the author, almost on the same exact steps (didn’t migrate the cache directory and didn’t know how to setup ACME on the testing VM)!

    However, I have some tips (for everyone) to avoid some of the problems they faced over the setup:

    when I initialized the NixOS Mastodon module it starts an Nginx server because Mastodon requires TLS, it uses Let’s Encrypt for that and this requires the DNS record to point to the NixOS instance […] I decided to tell the Mastodon module to skip Nginx configuration for now setting services.mastodon.configureNginx=false

    This kind of option on NixOS modules often bites me too. I don’t have an actual fix for this scenario but what I usually do is go to search.nixos.org, take a look at the service options and sometimes look at what the options do on the source code. Here’s the line that causes the trouble with SSL.

    I know, having to read source code sucks but at this point I just do it over reading documentation for NixOS. :(


    How to manage password in NixOS is a question I don’t feel comfortable answering yet

    I use agenix to manage my passwords and the workflow is the following:

    1. Install a barebones configuration on the host
    2. Copy the public ssh key generated through the install
    3. Add it to the list of users on secrets.nix on the configuration repository
    4. Rekey everything with agenix --rekey
    5. Install the “complete” configuration

    I’m not sure if this is the best way to do it but it works wonderfully for me with about 3 hosts I manage.


    Now, I don’t have much experience with multi-node setups as I only have single-box and it is enough for my needs. Nonetheless, the experience hosting NixOS has been a blast for me, and I wanted to share some things that blew my mind.

    Monitoring

    This has been much easier than the setup I had on my Debian machine, it’s so easy to setup Grafana, Loki and Prometheus together! I’m going to omit most of the configuration to make it as brief as possible for this comment:

    services.grafana.provision.datasources.settings.datasources = [
      {
        name = "Prometheus";
        type = "prometheus";
        url = "http://localhost:${toString config.services.prometheus.port}";
      }
    ];
    services.prometheus.scrapeConfigs = [
      {
        job_name = "${config.networking.hostName} - node";
        static_configs = [{
        targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ];
      }
    ];
    

    At first it didn’t click me how much better this was over my bare-metal configuration in Debian, although, after tweaking a lot it was more apparent.

    • If I change Prometheus’ port, Grafana will restart with the new configuration.
    • config.networking.hostName is something declared on the configuration, right? So, I can introduce my other hosts’ metrics declaratively through code and keep everything in sync, forever.
    ZFS

    NixOS has a superb ZFS support, it was really easy to setup snapshots, scrubing and monitoring for my raid-z2 pool.

    services.zfs.autoSnapshot.enable = true; # this needs some manual work :(
    services.zfs.autoScrub.enable = true;
    services.prometheus = {
      exporters.zfs.enable = true;
      scrapeConfigs  = {
        job_name = "${config.networking.hostName} - zfs";
        static_configs = [{
        targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.zfs.port}" ];
      }];
    };
    
    1. 2

      r.e. ZFS on NixOS - check out services.sanoid and services.syncoid options to handle snapshotting. No manual configuration required.