Cloud Deployment
Guide to deploying this configuration on AWS EC2 and GCP GCE.
Status
Section titled “Status”📋 Planned - Cloud deployment is designed but not yet fully implemented.
This document describes the planned cloud deployment strategy.
Overview
Section titled “Overview”This configuration will support cloud deployment with:
- AWS EC2 instances
- GCP GCE instances
- Cloud-init integration
- Automated provisioning
- Remote management
Architecture
Section titled “Architecture”Cloud Base Modules
Section titled “Cloud Base Modules”AWS EC2 (nix/modules/cloud/ec2-base.nix - placeholder):
{ config, pkgs, lib, ... }:{ # EC2-specific configuration boot.loader.grub.device = "/dev/xvda";
services.cloud-init.enable = true;
networking.firewall.allowedTCPPorts = [ 22 ];
# EC2 metadata service services.amazon-ssm-agent.enable = true;}GCP GCE (nix/modules/cloud/gce-base.nix - placeholder):
{ config, pkgs, lib, ... }:{ # GCE-specific configuration boot.loader.grub.device = "/dev/sda";
services.cloud-init.enable = true;
# GCP guest agent services.google-guest-agent.enable = true;}AWS EC2 Deployment (Planned)
Section titled “AWS EC2 Deployment (Planned)”Build AMI
Section titled “Build AMI”# Build custom AMI with nixos-generatorsnix build .#nixosConfigurations.ec2-instance.config.system.build.amazonImage
# Upload to AWSaws ec2 import-image --disk-containers file://image.jsonLaunch Instance
Section titled “Launch Instance”# Create instance with Terraformterraform initterraform apply
# Or with AWS CLIaws ec2 run-instances \ --image-id ami-xxxxx \ --instance-type t3.medium \ --key-name your-key \ --user-data file://cloud-init.yamlRemote Deployment
Section titled “Remote Deployment”# Deploy configuration to EC2nixos-rebuild switch --flake .#ec2-instance \ --target-host ec2-user@instance-ip \ --build-host localhostGCP GCE Deployment (Planned)
Section titled “GCP GCE Deployment (Planned)”Build GCE Image
Section titled “Build GCE Image”# Build GCE imagenix build .#nixosConfigurations.gce-instance.config.system.build.googleComputeImage
# Upload to GCPgcloud compute images create nixos-image \ --source-uri gs://bucket/image.tar.gzLaunch Instance
Section titled “Launch Instance”# Create instancegcloud compute instances create nixos-vm \ --image nixos-image \ --machine-type n1-standard-2 \ --zone us-central1-aRemote Deployment
Section titled “Remote Deployment”# Deploy to GCEnixos-rebuild switch --flake .#gce-instance \ --target-host user@instance-ip \ --build-host localhostCloud Configuration
Section titled “Cloud Configuration”Example EC2 Config
Section titled “Example EC2 Config”{ config, pkgs, ... }:{ imports = [ ../nix/modules/common.nix ../nix/modules/linux-base.nix ../nix/modules/cloud/ec2-base.nix ];
# Web server services.nginx.enable = true;
# Auto-updates system.autoUpgrade.enable = true;
# Monitoring services.prometheus.exporters.node.enable = true;}Cloud-Init Integration
Section titled “Cloud-Init Integration”#cloud-configusers: - name: admin groups: wheel sudo: ALL=(ALL) NOPASSWD:ALL ssh_authorized_keys: - ssh-ed25519 AAAA...
write_files: - path: /etc/nixos/flake.nix content: | # Nix configuration
runcmd: - git clone https://github.com/user/Config.git /etc/nixos - nixos-rebuild switch --flake /etc/nixos#cloud-instanceTerraform Integration (Planned)
Section titled “Terraform Integration (Planned)”Using Terranix
Section titled “Using Terranix”{ config, lib, ... }:{ resource.aws_instance.nixos = { ami = "ami-xxxxx"; # NixOS AMI instance_type = "t3.medium";
user_data = '' #!/bin/bash git clone https://github.com/user/Config.git /etc/nixos nixos-rebuild switch --flake /etc/nixos#ec2-instance ''; };}Deploy with Terraform
Section titled “Deploy with Terraform”# Generate Terraform JSONterranix terranix/ > config.tf.json
# Deployterraform initterraform applyImage Building (Planned)
Section titled “Image Building (Planned)”nixos-generators
Section titled “nixos-generators”# Install nixos-generatorsnix-shell -p nixos-generators
# Build AWS AMInixos-generate -f amazon -c ./configuration.nix
# Build GCP imagenixos-generate -f gce -c ./configuration.nix
# Build Azure imagenixos-generate -f azure -c ./configuration.nix
# Build ISOnixos-generate -f iso -c ./configuration.nixCustom Image Builder
Section titled “Custom Image Builder”# In flake.nixoutputs = { self, nixpkgs, nixos-generators, ... }: { images = { aws = nixos-generators.nixosGenerate { system = "x86_64-linux"; format = "amazon"; modules = [ ./nix/modules/common.nix ./nix/modules/cloud/ec2-base.nix ]; };
gcp = nixos-generators.nixosGenerate { system = "x86_64-linux"; format = "gce"; modules = [ ./nix/modules/common.nix ./nix/modules/cloud/gce-base.nix ]; }; };};Auto-Scaling (Planned)
Section titled “Auto-Scaling (Planned)”AWS Auto Scaling Group
Section titled “AWS Auto Scaling Group”resource.aws_launch_template.nixos = { image_id = "ami-xxxxx"; instance_type = "t3.medium";
user_data = base64encode('' #!/bin/bash nixos-rebuild switch --flake github:user/Config#ec2-web '');};
resource.aws_autoscaling_group.nixos = { launch_template = { id = "\${aws_launch_template.nixos.id}"; }; min_size = 2; max_size = 10;};Monitoring & Logging (Planned)
Section titled “Monitoring & Logging (Planned)”CloudWatch Integration
Section titled “CloudWatch Integration”# EC2 with CloudWatchservices.amazon-cloudwatch-agent = { enable = true; config = { logs = { logs_collected = { files = { collect_list = [ { file_path = "/var/log/syslog"; log_group_name = "/aws/ec2/nixos"; } ]; }; }; }; };};Prometheus Monitoring
Section titled “Prometheus Monitoring”# Prometheus exportersservices.prometheus.exporters = { node.enable = true; systemd.enable = true;};
# Open firewall for Prometheusnetworking.firewall.allowedTCPPorts = [ 9100 9558 ];Roadmap
Section titled “Roadmap”Phase 1: Image Building
Section titled “Phase 1: Image Building”- nixos-generators integration
- AWS AMI builds
- GCP image builds
- Automated image uploads
Phase 2: Basic Deployment
Section titled “Phase 2: Basic Deployment”- EC2 deployment tested
- GCE deployment tested
- Cloud-init integration
- Remote rebuild
Phase 3: Advanced Features
Section titled “Phase 3: Advanced Features”- Terranix integration
- Auto-scaling groups
- Load balancer support
- Monitoring/logging
Phase 4: Production Ready
Section titled “Phase 4: Production Ready”- High availability
- Disaster recovery
- Cost optimization
- Security hardening
Best Practices (When Implemented)
Section titled “Best Practices (When Implemented)”Security
Section titled “Security”# Hardened configurationsecurity.sudo.wheelNeedsPassword = true;services.openssh.settings.PasswordAuthentication = false;services.openssh.settings.PermitRootLogin = "no";
# Automatic updatessystem.autoUpgrade = { enable = true; allowReboot = true; dates = "04:00";};Cost Optimization
Section titled “Cost Optimization”# Use spot instances where appropriate# Implement auto-scaling based on metrics# Schedule non-prod instancesNext Steps
Section titled “Next Steps”- Darwin Deployment - macOS deployment (current)
- NixOS Deployment - Linux deployment (planned)
- Design Doc - Architecture details
Related Documentation
Section titled “Related Documentation”- Structure Guide - Module system
- Design Philosophy - Cloud strategy
External References
Section titled “External References”- nixos-generators - Image builder
- Terranix - Terraform in Nix
- NixOS on AWS - Wiki guide
- NixOS on GCP - Wiki guide
Status: 📋 Planned - Contribute on GitHub