In the previous post, we went over the networking setup. To summarize, it contains 3 VLANs: one to manage the network, one for our homelab, and one for guest/IoT devices. The hosts are connected to a switch, which in turn is connected to a router speaks to the WAN. I mentioned in passing last time that I would be using Proxmox. The time has come and gone for that, and we’re now fully on Nix. It’s not a hypervisor, but seeing as I will be mostly hosting Kubernetes, I don’t need VMs and can go full bare-metal.

NixOS

I’ve been on the Nix hype train for the better part of a few years now, and honestly, I can’t go back. Being able to declaratively manage all of my infrastructure makes things much simpler. Yes, I understand that the initial learning curve for Nix is steep, but it’s so worth it friend.

To provision the hosts with NixOS, I used nixos-anywhere along with a NixOS disk image. Boot the host with the disk image, then run nixos-anywhere from your machine targetting that host. This should do most of the hard work. With NixOS you need to provide a configuration for that host to use, and nixos-anywhere takes it one step further and gives you the option to configure the disk(s) as well via disko.

(I want to pause here and caution if this is your first foray into Nix, I don’t recommend this approach. Much better to manually install NixOS from the disk image to get a better understanding of the moving parts.)

Configuration

My host configuration can be found in my nix-config repo here.

The configuration is structured in a way that allows me to import certain generalized “roles” that hosts assume, which can then be tuned with some knobs. In Nix parlance, these roles are typically called modules. An example would be NFS, where in I create an NFS “role” with options for mountpoint, folder, and endpoint. Then, in the host configuration, I import it and set these options. To partially spoil the next part, this is also how we’ll configure our k3s cluster!

To deploy updates to the hosts, I use clan. I probably don’t use 99% of the features of clan, but it’s served the purpose so far. I’ve considered moving to something like colmena, which is focused purely on deployment.

Next step

With our hosts provisioned, we can now move on to bringing up Kubernetes using k3s. Fortunately for us, the Nix community has done a lot of the hard work of creating a k3s module, and we can use that to help us get up and running quicker. Tune in next time.