Numtide
Nix

Donating SrvOS to nix-community

SrvOS is a collection of opinionated defaults for NixOS, optimized for server environments. Today we are giving this project to nix-community.
Jonas Chevalier
- 2 min read
Donating SrvOS to nix-community

Yes, another project for the nix-community.

What is SrvOS?

SrvOS is a collection of opinionated defaults for NixOS, optimized for server environments.

When deploying NixOS onto servers, we often found that we would write the same settings, often copy-pasting the same things over to new environments, with slight variations. Fixes would have to be propagated manually or re-learned. At some point, we asked ourselves: what if those profiles could be shared? Then, every improvement could be written once and automatically distributed at the following reference update. That’s when SrvOS was born.

Using it is pretty straightforward: import the target profiles onto your NixOS configuration, and voila, it has different defaults.

{
  description = "My machines flakes";
  inputs = {
    srvos.url = "github:numtide/srvos";
    # Use the version of nixpkgs that has been tested to work with SrvOS
    # Alternativly we also support the latest nixos release and unstable
    nixpkgs.follows = "srvos/nixpkgs";
  };
  outputs = { self, nixpkgs, srvos }: {
    nixosConfigurations.myHost = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      modules = [
        # This machine is a server
        srvos.nixosModules.server
        # Deployed on the AMD Hetzner hardware
        srvos.nixosModules.hardware-hetzner-amd
        # Configured with extra terminfos
        srvos.nixosModules.mixins-terminfo
        # Finally add your configuration here
        ./myHost-configuration.nix
      ];
    };
  };
}

As you can see, the project comes with different profiles that can be mixed in depending on the environment.

For example, a server profile has some of these properties:

  • Enable OpenSSH with hardened config.
  • NixOS Firewall enabled.
  • No default hostname; inherit it from DHCP or cloud-init.
  • No mutable users.
  • Better support for serial consoles.
  • nixos-rebuild switch gives you a diff between the added and removed packages.

There are also some tested hardware profiles for hosting providers that we are currently using, such as AWS, Hetzner and Vultr, which makes this project nicely complementary to nixos-anywhere.

To find out more about the project, go to https://github.com/numtide/srvos

Donating the project to nix-community

Now that the project is stable enough, it’s time to give it to the community. This is part of our general approach with Nix-related projects, as with previous projects such as nixos-anywhere, nixpkgs-terraform-providers-bin, and nix-unstable-installer.

Special thanks to @zowoq, who helped on this project and keeps the nix-community infra up and running.

And as usual, we will keep our maintenance commitment to our existing and future customers. If your company is using any of our projects or would like to collaborate with us, Get in touch!

share

Related posts

Introducing NixOS Anywhere

Introducing NixOS Anywhere

At Numtide, we deploy NixOS to various infrastructure providers and target platforms daily. This blog post introduces NixOS Anywhere, a tool we built to make our lives easier.