Install NixOS on GCE: Difference between revisions

From NixOS Wiki
← Older editNewer edit →
VisualWikitext
imported>Jonas
No edit summary
imported>Korfuri
Update instructions for GCE NixOS setup, reflecting the lack of updates since 20.09. Focus on the only current option, build-your-own-image.
Line 1: Line 1:
== '''This guide appears to be outdated and didn't work when I tried it.''' ==
This is a recipe for creating a NixOS machine on Google Compute Engine (GCE) which is part of [https://cloud.google.com/ Google Cloud Platform].
This is a recipe for creating a NixOS machine on Google Compute Engine (GCE) which is part of [https://cloud.google.com/ Google Cloud Platform].


This tutorial assumes you have already set up and account and project under Google Cloud Platform.
This tutorial assumes you have already set up and account and project under Google Cloud Platform.


This tutorial is confirmed from NixOS 19.03 onward only (see [https://github.com/NixOS/nixpkgs/blob/b1178783876f51864f03f68eb89e9e93656bc57b/nixos/doc/manual/release-notes/rl-1903.xml#L98 release notes for 19.03]).
There are no publicly provided images of recent releases of NixOS. There are some old releases at [https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/gce-images.nix <nixpkgs/nixos/modules/virtualisation/gce-images.nix>] and in the <code>gs://nixos-images</code> and <code>gs://nixos-cloud-images</code> public buckets, but these have not been updated in years. Instead, it is recommended you build your own image.


Note also that [https://github.com/NixOS/nixops nixops] provides automated tooling to deploy NixOS on GCE instances. This tutorial covers manually deploying a NixOS GCE instance.
== Bootstrapping a NixOS image from the build of your choice ==


== Obtain the <code>gsutil</code> utility ==
This assumes you have created a Google Cloud project and a Google Cloud Storage bucket in that project. Set them as variables:


<code>gsutil</code> is part of <code>google-cloud-sdk</code>; you can obtain this several ways:
<syntaxhighlight lang="bash">
PROJECT_ID=my-project-id
BUCKET_NAME=my-bucket-name  # Set the bucket name without the gs:// prefix
</syntaxhighlight>


# Using nixpkgs: <code>nix-env --install google-cloud-sdk</code>
You'll need <code>gsutil</code> installed. See the [https://cloud.google.com/sdk/docs/install-sdk Google Cloud SDK documentation] for full instructions, or simply use:
# Using an existing non-Nix GCE instance (eg Debian)
# Following Google's instructions here: [https://cloud.google.com/sdk cloud.google.com]


== Select a NixOS image ==
<syntaxhighlight lang="bash">
$ nix-shell -p google-cloud-sdk
$ gcloud auth login
[ ... this opens a webpage to authenticate your gcloud SDK, follow the authentication prompt in your browser]
$ gcloud gcloud config set project $PROJECT_ID
</syntaxhighlight>


Get a list of currently available GCE images with <code>gsutil ls -l gs://nixos-images</code>:
Prepare a local copy of the nixpkgs repository in the state you want to build from. If you want to build a released version, this means checking out one of the release branches from the nixpkgs repository. Make sure you haven't left any unwanted local changes in it. These examples assume you've checked it out at <code>./nixpkgs</code>.


<syntaxhighlight lang="console">
<syntaxhighlight lang="bash">
$ gsutil ls -l gs://nixos-images
$ BUCKET_NAME=my_bucket_name nixpkgs/nixos/maintainers/scripts/gce/create-gce.sh
397747554  2020-05-03T02:36:23Z  gs://nixos-images/google-cloud-nixos-20.03.1639.73e73c7d6b5.raw.tar.gz
256556736  2014-12-17T10:51:00Z  gs://nixos-images/nixos-14.10pre-git-x86_64-linux.raw.tar.gz
291081495  2015-01-16T16:36:46Z  gs://nixos-images/nixos-14.12.323.91643074-x86_64-linux.raw.tar.gz
290985235  2014-12-19T12:45:58Z  gs://nixos-images/nixos-14.12.542.4c9ef9f7-x86_64-linux.raw.tar.gz
TOTAL: 4 objects, 1236371020 bytes (1.15 GiB)
</syntaxhighlight>
</syntaxhighlight>


'''NOTE:''' Newer images (from 20.09 on) won't be available at the bucket above, and will instead need to be found at [https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/gce-images.nix <nixpkgs/nixos/modules/virtualisation/gce-images.nix>].
This will create an image and upload it to the bucket. It will also create a GCE image that VMs can use.


== Import an image into your project ==
Note: If you build an image from a commit later then [https://github.com/NixOS/nixpkgs/commit/b894dd8b821d74b25911f63762c24024107d9372 this one], you will need to add <code>enable-oslogin = "TRUE"</code> to the instance metadata, to be able to login.
 
#In [https://console.cloud.google.com/compute/images console.cloud.google.com/compute/images], select <code>CREATE IMAGE</code>:
## <b>Name</b> : <i>nixos-20-03</i>
## <b>Source</b> : <i>Cloud Storage file</i>
## <b>Cloud Storage file</b> : <i>gs://nixos-images/google-cloud-nixos-20.03.1639.73e73c7d6b5.raw.tar.gz</i>
#Click <code>Create</code>


== Create a VM instance ==
== Create a VM instance ==


#In [https://console.cloud.google.com/compute/instances console.cloud.google.com/compute/instances], select <code>CREATE INSTANCE</code>
#In [https://console.cloud.google.com/compute/instances the GCE console], select <code>CREATE INSTANCE</code>
## <b>Boot disk</b> : <i>Custom images</i>
## <b>Boot disk</b> : <i>Change</i>, then <i>Custom images</i>
### <b>Image</b> : <i>nixos-20-03</i>
### <b>Image</b> : pick the image recently created
## Important: do not add SSH keys, NixOS is set up for [https://cloud.google.com/compute/docs/instances/managing-instance-access Google OS Login]
## You do not need to add SSH keys, NixOS is set up for [https://cloud.google.com/compute/docs/instances/managing-instance-access Google OS Login]
## <b>Metadata</b>
## <b>Metadata</b>
### <b>key</b> : <i>enable-oslogin</i>
### <b>key</b> : <i>enable-oslogin</i>
Line 84: Line 75:


At this point you may want to snapshot this image and use this snapshot to make future VMs.
At this point you may want to snapshot this image and use this snapshot to make future VMs.
== Bootstrapping a NixOS image from the build of your choice ==
You normally can use a preexisting NixOS image, such as the ones found in <code>gs://nixos-images</code> and <code>gs://nixos-cloud-images</code>. Sometimes the images there haven't been updated in a long time, or you need a newer one to work around a bug. If you need to make a new one, here's how.
Perform these steps from any Linux machine.
You'll need setup the credentials for Google Cloud (via <code>gsutil config</code> or similar- if you have a GCE service account and have created an associated access key, the following is nice and quick: <code>readlink -f ./relative/path/to/key | gsutil config -e</code>, though it will prompt you for permission to lock down the file permissions on the key if they currently allow others to read the key- Note: the service account must be configured with a Role that allows it to write to your storage bucket), with the Cloud Storage and Compute Engine APIs enabled. You'll also need a Storage bucket. These steps will assume you've already made a bucket and it's named <code>gs://example</code>.
Prepare a local copy of the nixpkgs repository in the state you want to build from. If you want to build a released version, this means checking out one of the release branches from the nixpkgs repository. Make sure you haven't left any unwanted local changes in it. These examples assume you've checked it out at <code>/home/example/nixpkgs-clean</code>.
<syntaxhighlight lang="bash">
$ BUCKET_NAME=example /home/example/nixpkgs-clean/nixos/maintainers/scripts/gce/create-gce.sh
</syntaxhighlight>
This will create an image and upload it to the bucket <code>example</code>
Note: If you build an image from a commit later then [https://github.com/NixOS/nixpkgs/commit/b894dd8b821d74b25911f63762c24024107d9372 this one], you will need to add <code>enable-oslogin = "TRUE"</code> to the instance metadata, to be able to login.


[[Category:Server]]
[[Category:Server]]

Revision as of 15:07, 11 July 2022

This is a recipe for creating a NixOS machine on Google Compute Engine (GCE) which is part of Google Cloud Platform.

This tutorial assumes you have already set up and account and project under Google Cloud Platform.

There are no publicly provided images of recent releases of NixOS. There are some old releases at <nixpkgs/nixos/modules/virtualisation/gce-images.nix> and in the gs://nixos-images and gs://nixos-cloud-images public buckets, but these have not been updated in years. Instead, it is recommended you build your own image.

Bootstrapping a NixOS image from the build of your choice

This assumes you have created a Google Cloud project and a Google Cloud Storage bucket in that project. Set them as variables: 

PROJECT_ID=my-project-id
BUCKET_NAME=my-bucket-name  # Set the bucket name without the gs:// prefix

You'll need gsutil installed. See the Google Cloud SDK documentation for full instructions, or simply use: 

$ nix-shell -p google-cloud-sdk
$ gcloud auth login
[ ... this opens a webpage to authenticate your gcloud SDK, follow the authentication prompt in your browser]
$ gcloud gcloud config set project $PROJECT_ID

Prepare a local copy of the nixpkgs repository in the state you want to build from. If you want to build a released version, this means checking out one of the release branches from the nixpkgs repository. Make sure you haven't left any unwanted local changes in it. These examples assume you've checked it out at ./nixpkgs. 

$ BUCKET_NAME=my_bucket_name nixpkgs/nixos/maintainers/scripts/gce/create-gce.sh

This will create an image and upload it to the bucket. It will also create a GCE image that VMs can use.

Note: If you build an image from a commit later then this one, you will need to add enable-oslogin = "TRUE" to the instance metadata, to be able to login.

Create a VM instance

  1. In the GCE console, select CREATE INSTANCE
    1. Boot disk : Change, then Custom images
      1. Image : pick the image recently created
    2. You do not need to add SSH keys, NixOS is set up for Google OS Login
    3. Metadata
      1. key : enable-oslogin
      2. value : TRUE
  2. Click Create
  3. Wait until your VM instance is ready
  4. Under Connect, click SSH

Optional: add user account

Once you are logged into your NixOS machine, you can create a user account for yourself with administrator privileges:

1. chmod u+w /etc/nixos/configuration.nix

2. nano -w /etc/nixos/configuration.nix

3. Add the following to the configuration: 

security.sudo.wheelNeedsPassword = false;
users.extraUsers.<your-username> = {
  createHome = true;
  home = "/home/<your-username>";
  description = "<your-name>";
  group = "users"; 
  extraGroups = [ "wheel" ];
  useDefaultShell = true;
  openssh.authorizedKeys.keys = [ "<contents of your ~/.ssh/id_rsa.pub>" ];
};

4. Save this file and run nixos-rebuild switch --upgrade

5. Reboot and log back in with your user account

Snapshots

At this point you may want to snapshot this image and use this snapshot to make future VMs.

Retrieved from "https://wiki.nixos.org/w/index.php?title=Install_NixOS_on_GCE&oldid=1036"