Install NixOS on GCE: Difference between revisions
imported>Korfuri Update instructions for GCE NixOS setup, reflecting the lack of updates since 20.09. Focus on the only current option, build-your-own-image. |
update example to 24.11 |
||
| (11 intermediate revisions by 6 users not shown) | |||
| Line 1: | Line 1: | ||
This is a recipe for creating a NixOS machine on Google Compute Engine (GCE) which is part of [https://cloud.google.com/ Google Cloud Platform]. | This is a recipe for creating a NixOS machine on Google Compute Engine (GCE) which is part of [https://cloud.google.com/ Google Cloud Platform]. | ||
This tutorial assumes you have already set up and account and project under Google Cloud Platform. | This tutorial assumes you have already set up and account and project under Google Cloud Platform. We also assume that you have [https://nixos.org/download nix-shell] and KVM virtualization support, the latter is not available in Google Cloud Shell. | ||
There are no publicly provided images of recent releases of NixOS. There are some old releases at [https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/gce-images.nix <nixpkgs/nixos/modules/virtualisation/gce-images.nix>] and in the <code>gs://nixos-images</code> and <code>gs://nixos-cloud-images</code> public buckets, but these have not been updated in years. Instead, it is recommended you build your own image. | There are no publicly provided images of recent releases of NixOS. There are some old releases at [https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/gce-images.nix <nixpkgs/nixos/modules/virtualisation/gce-images.nix>] and in the <code>gs://nixos-images</code> and <code>gs://nixos-cloud-images</code> public buckets, but these have not been updated in years. Instead, it is recommended you build your own image. | ||
This guide is for people who really need NixOS... not just the Nix package manager. If Nix is all you need, you can install it automatically with a [https://cloud.google.com/compute/docs/instances/startup-scripts/linux startup script]. Debian 12 startup script example: | |||
<syntaxhighlight lang="bash"> | |||
#!/bin/bash | |||
HOME="/root" sh <(curl -L https://nixos.org/nix/install) --daemon --yes | |||
source /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh | |||
nix-env -i cowsay | |||
cowsay 'nix is fully operational' | |||
</syntaxhighlight> | |||
== Bootstrapping a NixOS image from the build of your choice == | == Bootstrapping a NixOS image from the build of your choice == | ||
This assumes you have created a Google Cloud project and a Google Cloud Storage bucket in that project. Set them as variables: | This assumes you have created a Google Cloud project and a Google Cloud Storage bucket that allows public access and uses Fine-grained access control (as opposed to Uniform) in that project. Set them as variables: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
| Line 20: | Line 30: | ||
$ gcloud auth login | $ gcloud auth login | ||
[ ... this opens a webpage to authenticate your gcloud SDK, follow the authentication prompt in your browser] | [ ... this opens a webpage to authenticate your gcloud SDK, follow the authentication prompt in your browser] | ||
$ | $ gcloud config set project $PROJECT_ID | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 26: | Line 36: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
$ git clone --depth=1 --branch nixos-24.11 https://github.com/NixOS/nixpkgs.git | |||
$ BUCKET_NAME=my_bucket_name nixpkgs/nixos/maintainers/scripts/gce/create-gce.sh | $ BUCKET_NAME=my_bucket_name nixpkgs/nixos/maintainers/scripts/gce/create-gce.sh | ||
</syntaxhighlight> | </syntaxhighlight> | ||
This will create an image and upload it to the bucket. It will also create a GCE image that VMs can use. | This will create an image and upload it to the bucket. It will also create a GCE image that VMs can use. | ||
Warning: this script makes the GCS object and the GCE image world-readable. If you are building from a custom configuration that embeds secrets, you should instead read the contents of the script and build and upload manually, setting your own ACLs. | |||
Note: If you build an image from a commit later then [https://github.com/NixOS/nixpkgs/commit/b894dd8b821d74b25911f63762c24024107d9372 this one], you will need to add <code>enable-oslogin = "TRUE"</code> to the instance metadata, to be able to login. | Note: If you build an image from a commit later then [https://github.com/NixOS/nixpkgs/commit/b894dd8b821d74b25911f63762c24024107d9372 this one], you will need to add <code>enable-oslogin = "TRUE"</code> to the instance metadata, to be able to login. | ||
| Line 41: | Line 54: | ||
## <b>Metadata</b> | ## <b>Metadata</b> | ||
### <b>key</b> : <i>enable-oslogin</i> | ### <b>key</b> : <i>enable-oslogin</i> | ||
### <b>value</b> : <i>TRUE</i> | ### <b>value</b> : <i>"TRUE"</i> | ||
# Click <b>Create</b> | # Click <b>Create</b> | ||
# Wait until your VM instance is ready | # Wait until your VM instance is ready | ||
| Line 76: | Line 89: | ||
At this point you may want to snapshot this image and use this snapshot to make future VMs. | At this point you may want to snapshot this image and use this snapshot to make future VMs. | ||
[[Category:Server]] | [[Category:Server]][[Category:Cookbook]] | ||
[[Category:Deployment]] | |||