add digitalocean - Githubissues

nix-community / srvos

NixOS profiles for servers [maintainer=@numtide]

https://nix-community.github.io/srvos

MIT License

417 stars 16 forks source link

add digitalocean #412

Closed Mic92 closed 2 months ago

Mic92 commented 2 months ago

untested but maybe @bbigras has already some thoughts on it.

bbigras commented 2 months ago

I was able to deploy a working droplet using this. The normal digitalocean console doesn't work, but the recovery one does and I can ssh in.

If I don't use this module and I only import (modulesPath + "/virtualisation/digital-ocean-config.nix") I can't ssh in. The recovery console still works, though.

If someone wants to test, here's a terraform module to create a droplet and install nixos on it with nixos-anywhere: https://gitlab.com/bbigras/test-srvos-digitalocean

dfrankland commented 2 months ago

I'm a simple bystander, but I happened to be trying to deploy from darwin-arm64 to a digitalocean droplet today. test-srvos-digitalocean was the only example I could find that actually worked and allowed SSH after finishing a deploy with nixos-anywhere

bbigras commented 2 months ago

@dfrankland I'm glad that it was useful to you :). Note that you can use ipv6 = true with digitalocean_droplet too.

I think I was using modules/virtualisation/digital-ocean-image.nix before and IIRC, digital ocean doesn't support ipv6 with custom images.

bbigras commented 2 months ago

Should we set systemd.enableEmergencyMode = true?

https://github.com/nix-community/srvos/blob/e4252aa777482dc9d4cacd779ae29115de69b7ba/nixos/server/default.nix#L62C1-L66C33

Mic92 commented 2 months ago

Does the normal digitalocean console uses some daemon? As of know we don't deploy any ssh keys that digitalocean may try to add for the console to work.

Mic92 commented 2 months ago

@mergify queue

mergify[bot] commented 2 months ago

queue

✅ The pull request has been merged automatically

The pull request has been merged automatically at *bed9cfce2adc4c72de9bc90656d5cfe66e4371f3*

bbigras commented 2 months ago

Does the normal digitalocean console uses some daemon? As of know we don't deploy any ssh keys that digitalocean may try to add for the console to work.

when you connect, you don't see a login prompt:

Mic92 commented 2 months ago

Ok. So we would allow dynamic ssh keys for this one.

bbigras commented 2 months ago

I just tested with virtualisation.digitalOcean.setSshKeys = true; and it doesn't seem to be enough.

I don't see anything in journalctl -f -u sshd.

Mic92 commented 2 months ago

It's because we don't allow keys outside of /etc/ssh/authorized_keys.d/. See this: https://github.com/nix-community/srvos/blob/937ddb11d81d9706b26dc583cf41e65de771c346/nixos/common/openssh.nix#L32