After logging into your account, create a new droplet with the latest Debian distribution (8.7 x64 as of 17.04.2017). Make sure to add your desired SSH key and enable IPv6 (needed for nixos-infect to work seamlessly).
Wait until it’s created, then login with
ssh root@<ip>
You’ll have to type “yes”.
Download nixos-infect and make it executable:
wget https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect
chmod +x nixos-infect
Set your preferred NixOS channel (See the available ones here, current stable is 17.03) and call the script:
NIX_CHANNEL=nixos-17.03
./nixos-infect
This fails at this time of writing (Update 15 May 2017: Not anymore) with the error that /etc/nixos/networking.nex doesn’t exist which is weird because the script is supposed to generate that. I executed the relevant lines of the script manually (copy/paste into terminal) as a dirty fix, then rerun ./nixos-infect
.
If it finishes successfully, which will take a few minutes, the machine will be restarted automatically, therefore closing the SSH connection. You can press Ctrl-C when you see something like
Installation finished. No error reported.
swapoff /tmp/nixos-infect.hUuad.swp
removed ‘/tmp/nixos-infect.hUuad.swp’
Which will output Broken pipe
as the SSH connection dropped. Reconnect with SSH
ssh root@<ip>
Since the SSH host has changed, you’ll get a fat warning, which contains the line:
Offending ECDSA key in $HOME/.ssh/known_hosts:<some number>
Remove the offending key from this file with
sed -i -e <some number>d ~/.ssh/known_hosts
Then connect with SSH again, entering “yes” once more to confirm the connection this time.
ssh root@<ip>
If successful, welcome to NixOS! You’ll notice that the prompt has changed and running uname -a
correctly shows NixOS. All the stuff from Debian has been moved to /old-root. Because I won’t need it, I’ll delete it using
rm -rf /old-root
Our web root directory will be /webroot
, we’ll the following our /etc/nixos/configuration.nix
file:
networking.firewall.allowedTCPPorts = [ 80 ];
services.nginx = {
enable = true;
virtualHosts."<your ip>" = {
root = "/webroot";
};
};
Now create the directory and set the group to nginx
which is used by nginx by default. We’re also going to set the sticky bit on our directory, to have new folders created within it automatically have its group set correctly.
mkdir /webroot
groupadd nginx
chown root:nginx /webroot
chmod g+s /webroot
Add a file /webroot/index.html
with something like this:
<!DOCTYPE html>
<html>
<body>
<p>Hello Internet!</p>
</body>
</html>
Finally, rebuild NixOS, which will take a minute
nixos-rebuild switch
Now your website should be live! Go have a look at http://<ip>/
(note the http
, some browsers default to https
which won’t work) in your favorite browser and you should see “Hello Internet!”.
To have an SSL certificate, you need to have a domain name. Set up an A record for your IPv4 address and an AAAA record for your IPv6 record via your domain registrar. Make sure your website shows up via your domain, which is needed for the next step.
Edit your configuration.nix
, the comments note the changes:
networking.firewall.allowedTCPPorts = [ 80 ];
services.nginx = {
enable = true;
virtualHosts."<your domain>" = { # Now you need to use your domain here
root = "/webroot";
enableACME = true; # Automates certificate creation and updates via Let's Encrypt
forceSSL = true; # Automatically redirect http to https
};
};
Now rebuild your NixOS once more:
nixos-rebuild switch
And then your website should be accessible using HTTPS!