first commit

.github/workflows/build.yml

@@ -0,0 +1,14 @@
+name: 'build'
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: DeterminateSystems/magic-nix-cache-action@main
+      - run: nix build -L .#deploy.nodes.robot.profiles.system.path 

.gitignore

@@ -0,0 +1 @@
+secrets.json

README.md

@@ -0,0 +1,127 @@
+# nixos-hetzner-robot-starter
+
+This repository is intended to be a sane, batteries-included starter template
+for running a LunarVim-powered remote NixOS development environment on a
+Hetzner Robot dedicated server. It exists as a sister-project of
+[nixos-wsl-starter](https://github.com/lgug2z/nixos-wsl-starter) and
+[nixos-hetzner-cloud-starter](https://github.com/lgug2z/nixos-hetzner-cloud-starter).
+
+If you don't want to dig into NixOS too much right now, the only file you need
+to concern yourself with is [home.nix](home.nix). This is where you can add and
+remove binaries to your global `$PATH`.
+
+Go to [https://search.nixos.org](https://search.nixos.org/packages) to find the
+correct package names, though usually they will be what you expect them to be
+in other package managers.
+
+`unstable-packages` is for packages that you want to always keep at the latest
+released versions, and `stable-packages` is for packages that you want to track
+with the current release of NixOS (currently 23.11).
+
+If you want to update the versions of the available `unstable-packages`, run
+`nix flake update` to pull the latest version of the Nixpkgs repository and
+then apply the changes.
+
+Make sure to look at all the `FIXME` notices in the various files which are
+intended to direct you to places where you may want to make configuration
+tweaks.
+
+If you found this starter template useful, please consider
+[sponsoring](https://github.com/sponsors/LGUG2Z) and [subscribing to my YouTube
+channel](https://www.youtube.com/channel/UCeai3-do-9O4MNy9_xjO6mg?sub_confirmation=1).
+
+## What Is Included
+
+This starter is a lightly-opinionated take on a productive terminal-driven
+development environment based on my own preferences. However, it is trivial to
+customize to your liking both by removing and adding tools that you prefer.
+
+* The default editor is `lvim`
+* The default shell is `zsh`
+* `docker` is enabled by default
+* The prompt is [Starship](https://starship.rs/)
+* [`fzf`](https://github.com/junegunn/fzf),
+  [`lsd`](https://github.com/lsd-rs/lsd),
+  [`zoxide`](https://github.com/ajeetdsouza/zoxide), and
+  [`broot`](https://github.com/Canop/broot) are integrated into `zsh` by
+  default
+    * These can all be disabled easily by setting `enable = false` in
+      [home.nix](home.nix), or just removing the lines all together
+* [`direnv`](https://github.com/direnv/direnv) is integrated into `zsh` by
+  default
+* `git` config is generated in [home.nix](home.nix) with options provided to
+  enable private HTTPS clones with secret tokens
+* `zsh` config is generated in [home.nix](home.nix) and includes git aliases,
+  useful WSL aliases, and
+  [sensible`$WORDCHARS`](https://lgug2z.com/articles/sensible-wordchars-for-most-developers/)
+
+## Quickstart
+
+[![Watch the walkthrough video](https://img.youtube.com/vi/nlX8g0NXW1M/hqdefault.jpg)](https://www.youtube.com/watch?v=nlX8g0NXW1M)
+
+* Order a server on Hetzner Robot
+    * For this tutorial, I am using an [AX41-NVMe](https://www.hetzner.com/dedicated-rootserver/ax41-nvme)
+    * The `disk-config.nix` file sets software RAID 1 on the 2x 512GB NVMe SSDs (just as the delivered server has)
+* Set your SSH public key in `robot.nix` and `linux.nix`
+* Go through all the `FIXME:` notices in this repo and make changes wherever
+  you want
+* Make sure you have activated the [Hetzner Rescue System](https://docs.hetzner.com/robot/dedicated-server/troubleshooting/hetzner-rescue-system/) by enabling it and then doing an automated hardware reset on the Robot web console
+* Run [`nixos-anywhere`](https://github.com/nix-community/nixos-anywhere)
+  against `root@<server-ip-address>`
+```bash
+nix run github:numtide/nixos-anywhere -- --flake .#robot root@<server-ip-address>
+```
+* Wait for the installation to complete
+* Try to SSH into the server with `ssh <your-username-selected-in-flake.nix>@<server-ip-address>`
+* You'll probably receive an error like the one below; follow the steps to remove the ip address from `known_hosts`
+```
+  @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
+@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
+Someone could be eavesdropping on you right now (man-in-the-middle attack)!
+It is also possible that a host key has just been changed.
+The fingerprint for the ED25519 key sent by the remote host is
+XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
+Please contact your system administrator.
+Add correct host key in ~/.ssh/known_hosts to get rid of this message.
+Offending ECDSA key in ~/.ssh/known_hosts:6
+  remove with:
+  ssh-keygen -f ~/.ssh/known_hosts" -R "<ip addrress>"
+Host key for <ip_address> has changed and you have requested strict checking.
+Host key verification failed.
+```
+* Now you can SSH into the server
+* In a local terminal window, you can apply updated configurations to the remote server
+```bash
+nix run github:serokell/deploy-rs -- --remote-build -s .#robot
+```
+
+Note: If developing in Rust, you'll still be managing your toolchains and components like `rust-analyzer` with `rustup`!
+
+## Project Layout
+
+In order to keep the template as approachable as possible for new NixOS users,
+this project uses a flat layout without any nesting or modularization.
+
+* `flake.nix` is where dependencies are specified
+    * `nixpkgs` is the current release of NixOS
+    * `nixpkgs-unstable` is the current trunk branch of NixOS (ie. all the
+      latest packages)
+    * `home-manager` is used to manage everything related to your home
+      directory (dotfiles etc.)
+    * `nur` is the community-maintained [Nix User
+      Repositories](https://nur.nix-community.org/) for packages that may not
+      be available in the NixOS repository
+    * `nix-index-database` tells you how to install a package when you run a
+      command which requires a binary not in the `$PATH`
+    * `disko` is used to prepare VM storage for NixOS
+* `robot.nix` is where OpenSSH is configured and where the `root` SSH public
+  key is set
+* `linux.nix` is where the server is configured
+    * The hostname is set here
+    * The default shell is set here
+    * User groups are set here
+    * NixOS options are set here
+* `home.nix` is where packages, dotfiles, terminal tools, environment variables
+  and aliases are configured

amd.nix

@@ -0,0 +1,5 @@
+{...}: {
+  imports = [./hardware-configuration.nix];
+
+  boot.kernelModules = ["kvm-amd"];
+}

disk-config.nix

@@ -0,0 +1,111 @@
+{
+  disko.devices = {
+    disk = {
+      one = {
+        type = "disk";
+        device = "/dev/nvme0n1";
+        content = {
+          type = "gpt";
+          partitions = {
+            BOOT = {
+              size = "1M";
+              type = "EF02"; # for grub MBR
+            };
+            ESP = {
+              size = "500M";
+              type = "EF00";
+              content = {
+                type = "mdraid";
+                name = "boot";
+              };
+            };
+            SWAP = {
+              size = "64G";
+              content = {
+                type = "mdraid";
+                name = "plainSwap";
+              };
+            };
+            mdadm = {
+              size = "100%";
+              content = {
+                type = "mdraid";
+                name = "raid1";
+              };
+            };
+          };
+        };
+      };
+      two = {
+        type = "disk";
+        device = "/dev/nvme1n1";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "1M";
+              type = "EF02"; # for grub MBR
+            };
+            ESP = {
+              size = "500M";
+              type = "EF00";
+              content = {
+                type = "mdraid";
+                name = "boot";
+              };
+            };
+            SWAP = {
+              size = "64G";
+              content = {
+                type = "mdraid";
+                name = "plainSwap";
+              };
+            };
+            mdadm = {
+              size = "100%";
+              content = {
+                type = "mdraid";
+                name = "raid1";
+              };
+            };
+          };
+        };
+      };
+    };
+    mdadm = {
+      boot = {
+        type = "mdadm";
+        level = 1;
+        metadata = "1.0";
+        content = {
+          type = "filesystem";
+          format = "vfat";
+          mountpoint = "/boot";
+        };
+      };
+      plainSwap = {
+        type = "mdadm";
+        level = 1;
+        metadata = "1.2";
+        content = {
+          type = "swap";
+        };
+      };
+      raid1 = {
+        type = "mdadm";
+        level = 1;
+        content = {
+          type = "gpt";
+          partitions.primary = {
+            size = "100%";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+            };
+          };
+        };
+      };
+    };
+  };
+}