Nix Unattended

May 21, 2025 linux nix google cloud
Share on:

Tired of wrestling with complex dependencies and environment setups on your virtual machines? Or perhaps you're constantly updating those Packer scripts? If so, this guide is for you! By combining Nix with unattended installation methods, you can save significant time and effort, making your VM provisioning process smoother and more consistent.

This approach is especially powerful when used with cloud platforms like Google Compute Engine (GCE), which offers incredible flexibility and scalability for your virtual machine needs. Imagine a marriage made in heaven: GCE's raw power paired with Nix's robust, reproducible environment management.

This blog post will walk you through setting up an unattended Nix installation, first as a standalone script and then integrated directly into a Google Compute Engine instance using Terraform.

Script

First, let's create a standalone Bash script that can perform a completely unattended installation of Nix and some common development tools.

  1. Create a Bash script nix-unattended.sh
  2. Add the following into the Bash script
 1#!/bin/bash
 2# STARTUP-START
 3# Update package lists and install required packages
 4# Env Var
 5export USER="nix-dev"
 6export HOME="/home/$USER"
 7
 8# Create a user
 9useradd $USER -m -p 01Password -s /bin/bash -c "$USER Developer Account"
10
11# Install Nix package manager - Ensure $USER + $HOME env var are defined
12sh <(curl -L https://nixos.org/nix/install) --daemon --yes
13
14# Install required application packages
15/nix/var/nix/profiles/default/bin/nix-env -iA nixpkgs.nodejs_22 nixpkgs.firebase-tools nixpkgs.cacert
16# nix-env -iA nixpkgs.nodejs_22 nixpkgs.firebase-tools nixpkgs.cacert
  1. Run the script on a host to perform an unattended installation of nix
1bash nix-unattended.sh

This script will create a new user, install Nix, and then install Node.js, Firebase Tools, and cacert (for certificate handling) under that user's Nix profile.

Terraform

Let's take that same logic and embed it directly into a Google Compute Engine virtual machine's startup script using Terraform. This automates the entire VM provisioning and software setup process.

  1. Lets define a basic GCE script
 1# Define compute image to be used
 2data "google_compute_image" "debian" {
 3  project = "debian-cloud"
 4  family  = "debian-12"
 5}
 6
 7# Create the Free Tier compute instance
 8resource "google_compute_instance" "free_tier_vm" {
 9  name         = "nix-unattended-vm" # Example name
10  machine_type = "e2-micro"          # Free tier eligible in some regions, check GCE docs.
11  zone         = "europe-west2-a"    # Choose a zone relevant to your location (e.g., London)
12
13  boot_disk {
14    initialize_params {
15      # https://cloud.google.com/compute/docs/images/os-details
16      # image = var.gce_public_image
17      image = data.google_compute_image.debian.self_link
18    }
19  }
20
21  network_interface {
22    network = "default"
23    access_config {
24      # Allow external access to the VM
25      # nat_ip = "EXTERNAL"
26    }
27  }
28
29  # Run Script
30  metadata = {
31    startup-script = <<EOF
32      #!/bin/bash
33      # STARTUP-START
34      # Update package lists and install required packages
35      # Env Var
36      export USER="nix-dev"
37      export HOME="/home/$USER"
38
39      # Create a user
40      useradd $USER -m -p 01Password -s /bin/bash -c "$USER Developer Account"
41
42      # Install Nix package manager - Ensure $USER + $HOME env var are defined
43      sh <(curl -L https://nixos.org/nix/install) --daemon --yes
44
45      # Install required application packages
46      /nix/var/nix/profiles/default/bin/nix-env -iA nixpkgs.nodejs_22 nixpkgs.firebase-tools nixpkgs.cacert
47      # nix-env -iA nixpkgs.nodejs_22 nixpkgs.firebase-tools nixpkgs.cacert
48    EOF
49  }
50
51}

To use this Terraform code:

  1. Save the above script as a .tf file (e.g., main.tf).
  2. Initialize Terraform in your directory: terraform init
  3. Review the plan before applying: terraform plan.
  4. Apply the configuration to create the VM: terraform apply.

Upon successful application, Terraform will provision a new GCE instance, and the embedded startup-script will automatically execute on the VM's first boot, installing Nix and your specified packages.

This combination of Nix for reproducible environments and cloud automation tools like Terraform for infrastructure provisioning truly makes managing complex development setups a breeze. No more manual installations, no more "it works on my machine" headaches – just consistent, automated deployments every time.

Happy Nixin' and Terraforming!

NOTE:

The above scripts uses a hardcoded password (01Password) for the nix-dev user. This is highly insecure and should never be used in a production environment. For real-world deployments, leverage secure methods like SSH keys for access, or use cloud-specific metadata to set user credentials securely (e.g., using cloud-init or GCE's OS Login).