Document how to deploy NGIpkgs services (#369)

* Init deploy dir with README docs Co-authored-by: Valentin Gagarin <[email protected]>
ngi-nix · Oct 2, 2024 · 43150a5 · 43150a5
1 parent e40efee
commit 43150a5
Show file tree

Hide file tree

Showing 4 changed files with 495 additions and 0 deletions.
diff --git a/deploy/README.md b/deploy/README.md
@@ -0,0 +1,69 @@
+# How to install software from NGIpkgs
+
+Installation of software from NGIpkgs currently requires Nix [flakes to be enabled](https://wiki.nixos.org/wiki/Flakes).
+
+##  Run a **standalone program** locally with Nix
+
+```
+nix run github:ngi-nix/ngipkgs#atomic-cli
+```
+
+This example uses [`atomic-cli`](https://atomicserver.eu/cli/README.html), but the same can be done with any packages from NGIpkgs that is designed to be run as a standalone program.
+The list of these packages can be generated by running the following command inside a downloaded copy of the NGIpkgs repository:
+```
+grep -r mainProgram pkgs/by-name
+```
+
+## Deploy **services** to machines running NixOS
+
+1. Download a local copy of the NGIpkgs repository to use it to deploy services:
+```
+git clone https://github.com/ngi-nix/ngipkgs.git
+```
+
+2. There is a `deploy` directory within `ngipkgs` that is set up for easy deployment of services.
+   Enter this directory and edit the `flake.nix` there to enable a service by removing comments from its module and example configuration.
+   For example, this would enable the Kbin service:
+```
+modules = [
+  [...]
+  ### VULA
+  # ngipkgs.nixosModules."services.vula"
+  # ./Vula/example-simple.nix
+  ###
+  ### KBIN
+  ngipkgs.nixosModules."services.kbin"
+  ./Kbin/example.nix
+  ###
+  ### PEERTUBE
+  # ngipkgs.nixosModules."services.peertube.plugins"
+  # ./PeerTube/example.nix
+  ###
+  [...]
+  ];
+```
+
+3. Still inside of the `deploy` directory, run the following commands to build and deploy a local QEMU VM running the enabled service:
+   ```
+   nix build .#nixosConfigurations.myMachine.config.system.build.vm && export QEMU_NET_OPTS="hostfwd=tcp::2221-:22,hostfwd=tcp::8080-:80" && ./result/bin/run-nixos-vm
+   ```
+
+   QEMU will open its own terminal window that shows the boot log.
+   It is possible to login via this terminal (username `user`, password `pass`), but it is more convenient when logging in through SSH:
+
+   ```
+   ssh -oUserKnownHostsFile=/dev/null -oStrictHostKeyChecking=no user@localhost -p 2221
+   ```
+
+### Services available for deployment
+
+An up to date list of services with example configurations that are ready to be deployed can be found by running this command in the main directory of the NGIpkgs repository:
+```
+find ./projects -type f -name 'example*.nix'
+```
+
+There is also a longer list of services that have working tests (or more complex examples) which can be adapted to get a working deployment.
+To view a list of these services, run the following command in the main directory of the NGIpkgs repo:
+```
+find ./projects -name 'test*'
+```
diff --git a/deploy/configuration.nix b/deploy/configuration.nix
@@ -0,0 +1,23 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  # For more info: https://github.com/ngi-nix/ngipkgs/blob/main/maintainers/cachix.md
+  nix.settings.substituters = ["https://ngi.cachix.org/"];
+  nix.settings.trusted-public-keys = ["ngi.cachix.org-1:n+CAL72ROC3qQuLxIHpV+Tw5t42WhXmMhprAGkRSrOw="];
+
+  users.users.user = {
+    isNormalUser = true;
+    extraGroups = ["wheel"];
+    initialPassword = "pass";
+  };
+
+  services.openssh = {
+    enable = true;
+    settings.PasswordAuthentication = true;
+  };
+  networking.firewall.allowedTCPPorts = [22];
+
+  system.stateVersion = "24.11";
+}