Tristan Daniël Maat
b6f39969cc
It seems that with the newest version of podman container names are no longer added as hostnames, meaning that any attempt to resolve hostnames with the current config will fail. `localhost` is probably more robust anyway, so we switch to that. The bug manifests as broken services because nextcloud/gitea cannot resolve their databases and nextcloud fails to resolve the php server. To fix this a running system, the gitea and nextcloud database configurations will need to be hand-edited, since those values are only set on initialization, and not updated when changed later. |
||
---|---|---|
configuration | ||
keys | ||
lib | ||
modules | ||
pkgs | ||
.gitignore | ||
flake.lock | ||
flake.nix | ||
LICENSE | ||
README.md |
tlater.net server configuration
This is the NixOS configuration for tlater.net.
Testing
Building
Build the VM with:
nixos-rebuild build-vm --flake '.#vm'
Running
Note: M-2 will bring up a console for poweroff and such
Running should mostly be as simple as running the command the build script echos.
One caveat: create a larger disk image first. This can be done by running the following in the repository root:
qemu-img create -f qcow2 ./tlaternet.qcow2 20G
Everything else should be handled by the devShell.
New services
Whenever a new service is added, append an appropriate
,hostfwd=::3<port>:<port>
to the QEMU_NET_OPTS
specified in
flake.nix
to bind the service to a host port.
There is no way to test this without binding to the host port, sadly.
Deploying
Currently the deployment process is fully manual because there is no CI system.
Nix makes this fairly painless, though, it's simply:
nixos-rebuild switch --use-remote-sudo --target-host tlater.net --build-host localhost --flake .#tlaternet
This has the added benefit of running the build on the dev machine, which is 99% of the time much faster at building than the target (though artifact upload may take some time on slow connections).
Note that this also requires the current local user to also be present
on the target host, as well as for this user to be in the target
host's wheel group. See nix.trustedUsers
.