After logging into your account, create a new droplet with the latest Debian distribution (8.7 x64 as of 17.04.2017). Make sure to add your desired SSH key and enable IPv6 (needed for nixos-infect to work seamlessly).
Wait until it’s created, then login with
ssh root@<ip>You’ll have to type “yes”.
Download nixos-infect and make it executable:
wget https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect
chmod +x nixos-infectSet your preferred NixOS channel (See the available ones here, current stable is 17.03) and call the script:
NIX_CHANNEL=nixos-17.03
./nixos-infectThis fails at this time of writing (Update 15 May 2017: Not anymore) with the error that /etc/nixos/networking.nex doesn’t exist which is weird because the script is supposed to generate that. I executed the relevant lines of the script manually (copy/paste into terminal) as a dirty fix, then rerun ./nixos-infect.
If it finishes successfully, which will take a few minutes, the machine will be restarted automatically, therefore closing the SSH connection. You can press Ctrl-C when you see something like
Installation finished. No error reported.
swapoff /tmp/nixos-infect.hUuad.swp
removed ‘/tmp/nixos-infect.hUuad.swp’
Which will output Broken pipe as the SSH connection dropped. Reconnect with SSH
ssh root@<ip>Since the SSH host has changed, you’ll get a fat warning, which contains the line:
Offending ECDSA key in $HOME/.ssh/known_hosts:<some number>
Remove the offending key from this file with
sed -i -e <some number>d ~/.ssh/known_hostsThen connect with SSH again, entering “yes” once more to confirm the connection this time.
ssh root@<ip>If successful, welcome to NixOS! You’ll notice that the prompt has changed and running uname -a correctly shows NixOS. All the stuff from Debian has been moved to /old-root. Because I won’t need it, I’ll delete it using
rm -rf /old-rootOur web root directory will be /webroot, we’ll the following our /etc/nixos/configuration.nix file:
networking.firewall.allowedTCPPorts = [ 80 ];
services.nginx = {
enable = true;
virtualHosts."<your ip>" = {
root = "/webroot";
};
};Now create the directory and set the group to nginx which is used by nginx by default. We’re also going to set the sticky bit on our directory, to have new folders created within it automatically have its group set correctly.
mkdir /webroot
groupadd nginx
chown root:nginx /webroot
chmod g+s /webrootAdd a file /webroot/index.html with something like this:
<!DOCTYPE html>
<html>
<body>
<p>Hello Internet!</p>
</body>
</html>Finally, rebuild NixOS, which will take a minute
nixos-rebuild switchNow your website should be live! Go have a look at http://<ip>/ (note the http, some browsers default to https which won’t work) in your favorite browser and you should see “Hello Internet!”.
To have an SSL certificate, you need to have a domain name. Set up an A record for your IPv4 address and an AAAA record for your IPv6 record via your domain registrar. Make sure your website shows up via your domain, which is needed for the next step.
Edit your configuration.nix, the comments note the changes:
networking.firewall.allowedTCPPorts = [ 80 ];
services.nginx = {
enable = true;
virtualHosts."<your domain>" = { # Now you need to use your domain here
root = "/webroot";
enableACME = true; # Automates certificate creation and updates via Let's Encrypt
forceSSL = true; # Automatically redirect http to https
};
};Now rebuild your NixOS once more:
nixos-rebuild switchAnd then your website should be accessible using HTTPS!