What is the easiest way to setup a NixOS server on a local machine from scratch?


What is the quickest and easiest way to load NixOS onto a local machine so that it is ready for server deployment?

I have only tried morph for deployment so far - it seems to only require that you have SSH access to a root user on the target machine. I imagine nixops is probably the same. As a result, I think the question could be rephrased as:

What is the quickest way to setup a machine with SSH enabled and my public key?


I work on a lot of art installations and more recently I’ve been driving them with NixOS. I have some projects on the horizon that may involve a large number of NixOS machines on a LAN, and I’m currently thinking about how I can best streamline the process of setting up servers.

The only NixOS deployment I’ve done so far is for my digital ocean server. This seemed to just involve creating a specific ISO image using a particular tool (whose name I’ve now forgotten) and then adding my public key to my digital ocean account. For local deployment, I’m wondering if I can just include my public key in the ISO somehow.

Current Plan

Right now I’m imagining something like this:

  1. Create an ISO based on the minimal installer that automatically enables SSH and includes my public key. The ISO should contain a small script package that automates the NixOS Installation Steps from the manual, namely:

    1. Sets up partitions, formatting, etc of drive.
    2. Generates hardware configuration.
    3. Runs nixos-install.
  2. Plug-in a USB key with the ISO. Boot into it and run the script. Reboot after installation completes. Machine should now be ready and available via SSH over the network (am I missing any steps here?).

  3. Deploy to machine as necessary using morph or nixops.

Does this sound like a reasonable approach?
How do you achieve this?

1 Like

I’ve done exactly this. I’m unable to share the code as it was at a previous employer, but I basically followed this: Creating a NixOS live CD - NixOS Wiki

Rather than having an installer script, I just had a script that printed the commands needed and I typed/ran those manually (fair bit of variation in hardware/disk setup)

Could have turned it into a script, but wasn’t doing enough often to make it that worth while (handful rather than tens…).

Another variant I used occasionally was to prepackage the installer with enough on it to enroll itself onto our vpn. I’d send the image to a remote customer, get them to put it onto a usb, then boot it on their hardware - from there, it would self enroll onto one of our vpns and I would complete the installation via ssh remotely. They’d then reboot and remove the usb, do a couple of power on/off tests and ready to go.

1 Like

Your plan looks pretty good.

For a kiosk project I have been prototyping I have also gone the custom NixOS ISO route. Because the initial install was going to be performed by someone other than me and because I needed to support a couple of hardware platforms I went with custom partition and installation scripts that the person doing the install invokes manually. Because this project is for an appliance I also don’t generate a hardware configuration on each machine but instead limit myself to a small set of identical hardware and generate configurations just for those and have copies of all of them on the ISO so that I can have offline installation.

For my more normal IT I do it much like @joehealy but with a prepackaged NixOS OVA template (since we use VMWare everywhere) that gets rebuilt automatically every week and that the people who have local access start and configure basic networking for (if not DHCP) and then I connect using SSH to get hardware-configuration.nix and push the initial configuration with the VPN config (haven’t gotten around to that sweet self-enrolling VPN setup yet) using morph.

I’ve been testing bare metal provisioning , scripts, and trying to get funky with flakes too!

take a look at for some idea’s and inspiration. There’s always a problem of knowing what disks you have in a machine, and how you want them partitioned and the overlying filesystem. When you add the complexity of zfs mirrors , UEFI vs GRUB boots…things get a bit complex quicky!

This allows for 2 disk to be configured as mirror with zfs… rather nice.

There is some more insipration here.

long ago, in a dark distant world, i used kickstart to provision machines, however it was garbage… but essentially was a good idea.

Baking these scripts either a USB bootable ISO… or a IPXE image…which starts with a remote git pull from a repo of your choice might a be a great idea. However I’m always totally loathed to make it too automated , deleting your bare metal machine automagically might be a step too far and cause a bit a drama!

Maybe there are other things out there, that do bare metal provisioning… :-). I’d like to find out more.

There are quite a few solutions that can configure your machine after nixos is installed fully and is up and running… maybe the dream of a installer of somekind for nix will bring some automation possibilities for bare metal provisioning??? !!!

How you boot NixOS the first time heavily depends on the circumstances, if there’s already a linux running, kexec could be the fastest way, but as you mentioned, booting from ISO works as well.
Once you run NixOS the first time, you’ve basically won, it can install itself automatically on the system. While this module from clever is part of kexec, it should be easy to include on an ISO.

Although having a usb drive that nukes the installed system is somewhat risky, so be sure to mark that drive very well.

The exact configuration that is installed by the justdoit module could e.g. be downloaded from a server if you modify the script, so it’s very versatile.