Install NixOS on GCE: Difference between revisions

Line 14:

Next we will create a NixOS image. A source for NixOS images can be found the google storage bucket named [https://storage.cloud.google.com/nixos-images gs://nixos-images].

$ gsutil ls -l gs://nixos-images

256556736 2014-12-17T10:51:00Z gs://nixos-images/nixos-14.10pre-git-x86_64-linux.raw.tar.gz

290985235 2014-12-19T12:45:58Z gs://nixos-images/nixos-14.12.542.4c9ef9f7-x86_64-linux.raw.tar.gz

</syntaxhighlight>

In this tutorial we will use gs://nixos-images/nixos-14.12.542.4c9ef9f7-x86_64-linux.raw.tar.gz and follow the [https://cloud.google.com/compute/docs/images?_ga=1.122328651.1179090775.1417532639#creating_an_image_from_a_tar_file documentation on how to create an image from a .tar.gz file].

$ gcloud compute images create nixos-14125424c9ef9f7-x86-64-linux --source-uri gs://nixos-images/nixos-14.12.542.4c9ef9f7-x86_64-linux.raw.tar.gz

$ gcloud compute images describe nixos-14125424c9ef9f7-x86-64-linux

$ gcloud compute images create nixos-14125424c9ef9f7-x86-64-linux --source-uri gs://nixos-images/nixos-14.12.542.4c9ef9f7-x86_64-linux.raw.tar.gz

...

$ gcloud compute images describe nixos-14125424c9ef9f7-x86-64-linux

status: READY

...

status: READY

</syntaxhighlight>

You can now log out of your VM and delete the instance

Line 36:

Line 39:

Before beginning we should generate unique SSH host keys for our new VM so that when will be able to authenticate our SSH connection. The example below generates keys <code>/dev/shm/ssh_host_ecdsa_key</code> and <code>/dev/shm/ssh_host_ecdsa_key.pub</code> files.

$ ssh-keygen -N '' -C '' -t ecdsa -f /dev/shm/ssh_host_ecdsa_key

Generating public/private ecdsa key pair.

$ ssh-keygen -N '' -C '' -t ecdsa -f /dev/shm/ssh_host_ecdsa_key

Your identification has been saved in /dev/shm/ssh_host_ecdsa_key.

Generating public/private ecdsa key pair.

Your public key has been saved in /dev/shm/ssh_host_ecdsa_key.pub.

Your identification has been saved in /dev/shm/ssh_host_ecdsa_key.

The key fingerprint is:

Your public key has been saved in /dev/shm/ssh_host_ecdsa_key.pub.

92:2a:e9:28:1a:cd:43:71:31:36:f2:8e:6e:fa:13:c4

The key fingerprint is:

The key's randomart image is:

92:2a:e9:28:1a:cd:43:71:31:36:f2:8e:6e:fa:13:c4

+--[ECDSA 256]---+

The key's randomart image is:

| . = |

+--[ECDSA 256]---+

| + + |

| . = |

| .. o |

| + + |

| E= . |

| .. o |

| .o . o S |

| E= . |

| =.. . . |

| .o . o S |

|. O.. |

| =.. . . |

|.*.o |

|. O.. |

|*.o. |

|.*.o |

+-----------------+

|*.o. |

+-----------------+

</syntaxhighlight>

'''Take note of your unique key fingerprint.'''

Line 73:

Line 78:

Notwithstanding the username associated with your SSH, you must log in as root to the NixOS machine. Also, you will need to ssh in from your computer's terminal. Below replace <code>XXX.XXX.XXX.XXX</code> with the EXTERNAL IP address listed for your VM instance. (Strongly Recommended) Verify the ECDSA key fingerprint is the same as the one you generated.

$ ssh -o UserKnownHostsFile=/dev/null -o CheckHostIP=no -o StrictHostKeyChecking=ask root@XXX.XXX.XXX.XXX

The authenticity of host '130.211.149.218 (130.211.149.218)' can't be established.

$ ssh -o UserKnownHostsFile=/dev/null -o CheckHostIP=no -o StrictHostKeyChecking=ask root@XXX.XXX.XXX.XXX

ECDSA key fingerprint is 92:2a:e9:28:1a:cd:43:71:31:36:f2:8e:6e:fa:13:c4.

The authenticity of host '130.211.149.218 (130.211.149.218)' can't be established.

Are you sure you want to continue connecting (yes/no)? yes

ECDSA key fingerprint is 92:2a:e9:28:1a:cd:43:71:31:36:f2:8e:6e:fa:13:c4.

Enter passphrase for key '.../.ssh/id_rsa':

Are you sure you want to continue connecting (yes/no)? yes

Enter passphrase for key '.../.ssh/id_rsa':

[root@instance-1:~]#

</syntaxhighlight>

Once you are logged into your NixOS machine, I recommend that you create an user account for yourself with administrator privileges.

Line 87:

Line 94:

#Add the follow to the configuration:

security.sudo.wheelNeedsPassword = false;

users.extraUsers.<your-username> = {

security.sudo.wheelNeedsPassword = false;

createHome = true;

users.extraUsers.<your-username> = {

home = "/home/<your-username>";

createHome = true;

description = "<your-name>";

home = "/home/<your-username>";

group = "users";

description = "<your-name>";

extraGroups = [ "wheel" ];

group = "users";

useDefaultShell = true;

extraGroups = [ "wheel" ];

openssh.authorizedKeys.keys = [ "<contents of your ~/.ssh/id_rsa.pub>" ];

useDefaultShell = true;

};

openssh.authorizedKeys.keys = [ "<contents of your ~/.ssh/id_rsa.pub>" ];

};

</syntaxhighlight>

After you save this file run <code>nixos-rebuild switch --upgrade</code>. Once that is complete reboot and log back in with your user account. (Strongly Recommended) Again verify the ECDSA key fingerprint is the same as the one you generated. If you plan to keep this instance running for a long time you may removed the <code>-o UserKnownHostsFile=/dev/null</code> option to SSH to add the host to your <code>~/.ssh/known_hosts</code> file, however be advised that IP addresses for GCE instances are often reused, so when you create and destroy instances you may end up with stale keys in your known_hosts file.

$ ssh -o UserKnownHostsFile=/dev/null -o CheckHostIP=no -o StrictHostKeyChecking=ask <your-username>@XXX.XXX.XXX.XXX

The authenticity of host '130.211.149.218 (130.211.149.218)' can't be established.

$ ssh -o UserKnownHostsFile=/dev/null -o CheckHostIP=no -o StrictHostKeyChecking=ask <your-username>@XXX.XXX.XXX.XXX

ECDSA key fingerprint is 92:2a:e9:28:1a:cd:43:71:31:36:f2:8e:6e:fa:13:c4.

The authenticity of host '130.211.149.218 (130.211.149.218)' can't be established.

Are you sure you want to continue connecting (yes/no)? yes

ECDSA key fingerprint is 92:2a:e9:28:1a:cd:43:71:31:36:f2:8e:6e:fa:13:c4.

Enter passphrase for key '.../.ssh/id_rsa':

Are you sure you want to continue connecting (yes/no)? yes

Enter passphrase for key '.../.ssh/id_rsa':

[<your-username>@instance-1:~]$

</syntaxhighlight>

At this point you may want to snapshot this image and use this snapshot to make future VMs. You should also delete the <code>/dev/shm/ssh_host_ecdsa_key</code> and <code>/dev/shm/ssh_host_ecdsa_key.pub</code> files from your home machine if you generated them.

Line 116:

Line 127:

Prepare a local copy of the nixpkgs repository in the state you want to build from. If you want to build a released version, this means checking out one of the release branches from the nixpkgs-channels repository. Make sure you haven't left any unwanted local changes in it. These examples assume you've checked it out at <code>/home/example/nixpkgs-clean</code>.

$ BUCKET_NAME=example /home/example/nixpkgs-clean/maintainers/create-gce.sh

$ BUCKET_NAME=example /home/example/nixpkgs-clean/maintainers/create-gce.sh

</syntaxhighlight>

This will create an image and upload it to the bucket <code>example</code>

@@ Line 14: / Line 14: @@
 Next we will create a NixOS image. A source for NixOS images can be found the google storage bucket named [https://storage.cloud.google.com/nixos-images gs://nixos-images].
+<syntaxhighlight lang="bash">
- $ gsutil ls -l gs://nixos-images
+$ gsutil ls -l gs://nixos-images
-  256556736  2014-12-17T10:51:00Z  gs://nixos-images/nixos-14.10pre-git-x86_64-linux.raw.tar.gz
+ 256556736  2014-12-17T10:51:00Z  gs://nixos-images/nixos-14.10pre-git-x86_64-linux.raw.tar.gz
-  290985235  2014-12-19T12:45:58Z  gs://nixos-images/nixos-14.12.542.4c9ef9f7-x86_64-linux.raw.tar.gz
+ 290985235  2014-12-19T12:45:58Z  gs://nixos-images/nixos-14.12.542.4c9ef9f7-x86_64-linux.raw.tar.gz
+</syntaxhighlight>
 In this tutorial we will use gs://nixos-images/nixos-14.12.542.4c9ef9f7-x86_64-linux.raw.tar.gz and follow the [https://cloud.google.com/compute/docs/images?_ga=1.122328651.1179090775.1417532639#creating_an_image_from_a_tar_file documentation on how to create an image from a .tar.gz file].
- $ gcloud compute images create nixos-14125424c9ef9f7-x86-64-linux --source-uri gs://nixos-images/nixos-14.12.542.4c9ef9f7-x86_64-linux.raw.tar.gz
+<syntaxhighlight lang="bash">
- $ gcloud compute images describe nixos-14125424c9ef9f7-x86-64-linux
+$ gcloud compute images create nixos-14125424c9ef9f7-x86-64-linux --source-uri gs://nixos-images/nixos-14.12.542.4c9ef9f7-x86_64-linux.raw.tar.gz
- ...
+$ gcloud compute images describe nixos-14125424c9ef9f7-x86-64-linux
- status: READY
+...
+status: READY
+</syntaxhighlight>
 You can now log out of your VM and delete the instance
@@ Line 36: / Line 39: @@
 Before beginning we should generate unique SSH host keys for our new VM so that when will be able to authenticate our SSH connection. The example below generates keys <code>/dev/shm/ssh_host_ecdsa_key</code> and <code>/dev/shm/ssh_host_ecdsa_key.pub</code> files.
- $ ssh-keygen -N '' -C '' -t ecdsa -f /dev/shm/ssh_host_ecdsa_key
+<syntaxhighlight lang="bash">
- Generating public/private ecdsa key pair.
+$ ssh-keygen -N '' -C '' -t ecdsa -f /dev/shm/ssh_host_ecdsa_key
- Your identification has been saved in /dev/shm/ssh_host_ecdsa_key.
+Generating public/private ecdsa key pair.
- Your public key has been saved in /dev/shm/ssh_host_ecdsa_key.pub.
+Your identification has been saved in /dev/shm/ssh_host_ecdsa_key.
- The key fingerprint is:
+Your public key has been saved in /dev/shm/ssh_host_ecdsa_key.pub.
-:2a:e9:28:1a:cd:43:71:31:36:f2:8e:6e:fa:13:c4
+The key fingerprint is:
- The key's randomart image is:
+:2a:e9:28:1a:cd:43:71:31:36:f2:8e:6e:fa:13:c4
- +--[ECDSA  256]---+
+The key's randomart image is:
- |  . =            |
++--[ECDSA  256]---+
- |   + +           |
+|  . =            |
- | .. o            |
+|   + +           |
- |  E=   .         |
+| .. o            |
- | .o . o S        |
+|  E=   .         |
- | =.. . .         |
+| .o . o S        |
- |. O..            |
+| =.. . .         |
- |.*.o             |
+|. O..            |
- |*.o.             |
+|.*.o             |
- +-----------------+
+|*.o.             |
++-----------------+
+</syntaxhighlight>
 '''Take note of your unique key fingerprint.'''
@@ Line 73: / Line 78: @@
 Notwithstanding the username associated with your SSH, you must log in as root to the NixOS machine. Also, you will need to ssh in from your computer's terminal. Below replace <code>XXX.XXX.XXX.XXX</code> with the EXTERNAL IP address listed for your VM instance. (Strongly Recommended) Verify the ECDSA key fingerprint is the same as the one you generated.
- $ ssh -o UserKnownHostsFile=/dev/null -o CheckHostIP=no -o StrictHostKeyChecking=ask root@XXX.XXX.XXX.XXX
+<syntaxhighlight lang="bash">
- The authenticity of host '130.211.149.218 (130.211.149.218)' can't be established.
+$ ssh -o UserKnownHostsFile=/dev/null -o CheckHostIP=no -o StrictHostKeyChecking=ask root@XXX.XXX.XXX.XXX
- ECDSA key fingerprint is 92:2a:e9:28:1a:cd:43:71:31:36:f2:8e:6e:fa:13:c4.
+The authenticity of host '130.211.149.218 (130.211.149.218)' can't be established.
- Are you sure you want to continue connecting (yes/no)? yes
+ECDSA key fingerprint is 92:2a:e9:28:1a:cd:43:71:31:36:f2:8e:6e:fa:13:c4.
- Enter passphrase for key '.../.ssh/id_rsa':
+Are you sure you want to continue connecting (yes/no)? yes
+Enter passphrase for key '.../.ssh/id_rsa':
- [root@instance-1:~]#
+[root@instance-1:~]#
+</syntaxhighlight>
 Once you are logged into your NixOS machine, I recommend that you create an user account for yourself with administrator privileges.
@@ Line 87: / Line 94: @@
 #Add the follow to the configuration:
-  security.sudo.wheelNeedsPassword = false;
+<syntaxhighlight lang="nix">
-  users.extraUsers.<your-username> = {
+security.sudo.wheelNeedsPassword = false;
-    createHome = true;
+users.extraUsers.<your-username> = {
-    home = "/home/<your-username>";
+  createHome = true;
-    description = "<your-name>";
+  home = "/home/<your-username>";
-    group = "users";
+  description = "<your-name>";
-    extraGroups = [ "wheel" ];
+  group = "users";
-    useDefaultShell = true;
+  extraGroups = [ "wheel" ];
-    openssh.authorizedKeys.keys = [ "<contents of your ~/.ssh/id_rsa.pub>" ];
+  useDefaultShell = true;
-  };
+  openssh.authorizedKeys.keys = [ "<contents of your ~/.ssh/id_rsa.pub>" ];
+};
+</syntaxhighlight>
 After you save this file run <code>nixos-rebuild switch --upgrade</code>. Once that is complete reboot and log back in with your user account. (Strongly Recommended) Again verify the ECDSA key fingerprint is the same as the one you generated. If you plan to keep this instance running for a long time you may removed the <code>-o UserKnownHostsFile=/dev/null</code> option to SSH to add the host to your <code>~/.ssh/known_hosts</code> file, however be advised that IP addresses for GCE instances are often reused, so when you create and destroy instances you may end up with stale keys in your known_hosts file.
- $ ssh -o UserKnownHostsFile=/dev/null -o CheckHostIP=no -o StrictHostKeyChecking=ask <your-username>@XXX.XXX.XXX.XXX
+<syntaxhighlight lang="bash">
- The authenticity of host '130.211.149.218 (130.211.149.218)' can't be established.
+$ ssh -o UserKnownHostsFile=/dev/null -o CheckHostIP=no -o StrictHostKeyChecking=ask <your-username>@XXX.XXX.XXX.XXX
- ECDSA key fingerprint is 92:2a:e9:28:1a:cd:43:71:31:36:f2:8e:6e:fa:13:c4.
+The authenticity of host '130.211.149.218 (130.211.149.218)' can't be established.
- Are you sure you want to continue connecting (yes/no)? yes
+ECDSA key fingerprint is 92:2a:e9:28:1a:cd:43:71:31:36:f2:8e:6e:fa:13:c4.
- Enter passphrase for key '.../.ssh/id_rsa':
+Are you sure you want to continue connecting (yes/no)? yes
+Enter passphrase for key '.../.ssh/id_rsa':
- [<your-username>@instance-1:~]$
+[<your-username>@instance-1:~]$
+</syntaxhighlight>
 At this point you may want to snapshot this image and use this snapshot to make future VMs. You should also delete the <code>/dev/shm/ssh_host_ecdsa_key</code> and <code>/dev/shm/ssh_host_ecdsa_key.pub</code> files from your home machine if you generated them.
@@ Line 116: / Line 127: @@
 Prepare a local copy of the nixpkgs repository in the state you want to build from. If you want to build a released version, this means checking out one of the release branches from the nixpkgs-channels repository. Make sure you haven't left any unwanted local changes in it. These examples assume you've checked it out at <code>/home/example/nixpkgs-clean</code>.
- $ BUCKET_NAME=example /home/example/nixpkgs-clean/maintainers/create-gce.sh
+<syntaxhighlight lang="bash">
+$ BUCKET_NAME=example /home/example/nixpkgs-clean/maintainers/create-gce.sh
+</syntaxhighlight>
 This will create an image and upload it to the bucket <code>example</code>