richrose.dev

System_Status: Online
BACK TO THE HOMEPAGE

May 21, 2025 4 min read

Nix Unattended

Tired of wrestling with complex dependencies and environment setups on your virtual machines? Or perhaps you’re constantly updating those Packer scripts? If so, this guide is for you! By combining Nix with unattended installation methods, you can save significant time and effort, making your VM provisioning process smoother and more consistent.

This approach is especially powerful when used with cloud platforms like Google Compute Engine (GCE), which offers incredible flexibility and scalability for your virtual machine needs. Imagine a marriage made in heaven: GCE’s raw power paired with Nix’s robust, reproducible environment management.

This blog post will walk you through setting up an unattended Nix installation, first as a standalone script and then integrated directly into a Google Compute Engine instance using Terraform.

Script

First, let’s create a standalone Bash script that can perform a completely unattended installation of Nix and some common development tools.

  1. Create a Bash script nix-unattended.sh
  2. Add the following into the Bash script
#!/bin/bash
# STARTUP-START
# Update package lists and install required packages
# Env Var
export USER="nix-dev"
export HOME="/home/$USER"

# Create a user
useradd $USER -m -p 01Password -s /bin/bash -c "$USER Developer Account"

# Install Nix package manager - Ensure $USER + $HOME env var are defined
sh <(curl -L https://nixos.org/nix/install) --daemon --yes

# Install required application packages
/nix/var/nix/profiles/default/bin/nix-env -iA nixpkgs.nodejs_22 nixpkgs.firebase-tools nixpkgs.cacert
# nix-env -iA nixpkgs.nodejs_22 nixpkgs.firebase-tools nixpkgs.cacert
  1. Run the script on a host to perform an unattended installation of nix
bash nix-unattended.sh

This script will create a new user, install Nix, and then install Node.js, Firebase Tools, and cacert (for certificate handling) under that user’s Nix profile.

Terraform

Let’s take that same logic and embed it directly into a Google Compute Engine virtual machine’s startup script using Terraform. This automates the entire VM provisioning and software setup process.

  1. Lets define a basic GCE script
# Define compute image to be used
data "google_compute_image" "debian" {
  project = "debian-cloud"
  family  = "debian-12"
}

# Create the Free Tier compute instance
resource "google_compute_instance" "free_tier_vm" {
  name         = "nix-unattended-vm" # Example name
  machine_type = "e2-micro"          # Free tier eligible in some regions, check GCE docs.
  zone         = "europe-west2-a"    # Choose a zone relevant to your location (e.g., London)

  boot_disk {
    initialize_params {
      # https://cloud.google.com/compute/docs/images/os-details
      # image = var.gce_public_image
      image = data.google_compute_image.debian.self_link
    }
  }

  network_interface {
    network = "default"
    access_config {
      # Allow external access to the VM
      # nat_ip = "EXTERNAL"
    }
  }

  # Run Script
  metadata = {
    startup-script = <<EOF
      #!/bin/bash
      # STARTUP-START
      # Update package lists and install required packages
      # Env Var
      export USER="nix-dev"
      export HOME="/home/$USER"

      # Create a user
      useradd $USER -m -p 01Password -s /bin/bash -c "$USER Developer Account"

      # Install Nix package manager - Ensure $USER + $HOME env var are defined
      sh <(curl -L https://nixos.org/nix/install) --daemon --yes

      # Install required application packages
      /nix/var/nix/profiles/default/bin/nix-env -iA nixpkgs.nodejs_22 nixpkgs.firebase-tools nixpkgs.cacert
      # nix-env -iA nixpkgs.nodejs_22 nixpkgs.firebase-tools nixpkgs.cacert
    EOF
  }

}

To use this Terraform code:

  1. Save the above script as a .tf file (e.g., main.tf).
  2. Initialize Terraform in your directory: terraform init
  3. Review the plan before applying: terraform plan.
  4. Apply the configuration to create the VM: terraform apply.

Upon successful application, Terraform will provision a new GCE instance, and the embedded startup-script will automatically execute on the VM’s first boot, installing Nix and your specified packages.

This combination of Nix for reproducible environments and cloud automation tools like Terraform for infrastructure provisioning truly makes managing complex development setups a breeze. No more manual installations, no more “it works on my machine” headaches – just consistent, automated deployments every time.

Happy Nixin’ and Terraforming!

NOTE:

The above scripts uses a hardcoded password (01Password) for the nix-dev user. This is highly insecure and should never be used in a production environment. For real-world deployments, leverage secure methods like SSH keys for access, or use cloud-specific metadata to set user credentials securely (e.g., using cloud-init or GCE’s OS Login).