Skip to content

Commit bd2fe36

Browse files
committed
add installation guide for nixos
1 parent 3348b66 commit bd2fe36

File tree

3 files changed

+162
-0
lines changed

3 files changed

+162
-0
lines changed

.vuepress/config.js

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -75,6 +75,7 @@ module.exports = {
7575
'/community/installation-guides/panel/centos7.md',
7676
'/community/installation-guides/panel/centos8.md',
7777
'/community/installation-guides/panel/debian.md',
78+
'/community/installation-guides/panel/nixos.md',
7879
]
7980
},
8081
{
@@ -83,6 +84,7 @@ module.exports = {
8384
children: [
8485
'/community/installation-guides/wings/centos7.md',
8586
'/community/installation-guides/wings/centos8.md',
87+
'/community/installation-guides/wings/nixos.md',
8688
]
8789
},
8890
{
Lines changed: 106 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,106 @@
1+
# NixOS
2+
3+
This guide provides instructions for installing Pterodactyl Panel on NixOS.
4+
5+
[[toc]]
6+
7+
## Generating secrets
8+
9+
Before configuring the service, we need to generate a new application encryption key.
10+
11+
```bash
12+
echo "base64:$(openssl rand -base64 32)"
13+
```
14+
15+
::: danger
16+
Back up the encryption key. It is used as an encryption key for all data that needs to be stored securely (e.g. API keys).
17+
Store it somewhere safe - not just on your server. If you lose it, all encrypted data is irrecoverable, even with database backups.
18+
19+
Copy the key generated and save it somewhere secure:
20+
- A password manager
21+
- An encrypted file on your local machine
22+
- A secure USB drive
23+
- A trusted cloud vault
24+
25+
Do not keep it only on the server. If you lose this key, your encrypted data is permanently unrecoverable.
26+
:::
27+
28+
You would also need to generate a salt key, which is used for providing additional security to encrypted data as a way to make it fully random each time. It can be anything from a randomly generated string to an UUID.
29+
30+
```bash
31+
openssl rand -hex 16
32+
```
33+
34+
## Configuration
35+
36+
Now we can enable the service, add the following code to your `configuration.nix`:
37+
38+
```nix
39+
{
40+
services.pterodactyl.panel = {
41+
enable = true;
42+
app = {
43+
url = "https://panel.example.com";
44+
# Using agenix, sops-nix or something else
45+
keyFile = "/path/to/app_key";
46+
# Direct (not recommended)
47+
# key = "";
48+
};
49+
50+
hashids = {
51+
saltFile = "/path/to/hashids_salt";
52+
# salt = "";
53+
};
54+
};
55+
}
56+
```
57+
58+
If you want the panel to be accessible to the public, make sure to open Nginx's port by adding this in your `configuration.nix`:
59+
60+
```nix
61+
{
62+
networking.firewall.allowedTCPPorts = [80 443];
63+
}
64+
```
65+
66+
### Using Caddy with FrankenPHP
67+
68+
Using Caddy with FrankenPHP is much performant and better than Nginx and PHP-FPM. Here is an example configuration to put in your `configuration.nix`:
69+
70+
```nix
71+
{
72+
services.caddy = {
73+
enable = true;
74+
package = pkgs.frankenphp.override {
75+
php = config.services.pterodactyl.panel.phpPackage;
76+
};
77+
78+
virtualHosts = {
79+
"panel.example.com".extraConfig = ''
80+
root * ${config.services.pterodactyl.panel.package}/public
81+
php_server
82+
'';
83+
};
84+
};
85+
86+
services.pterodactyl.panel = {
87+
enable = true;
88+
enableNginx = false;
89+
user = "caddy";
90+
group = "caddy";
91+
database.user = "caddy";
92+
app.url = "https://panel.example.com";
93+
};
94+
95+
users.users.caddy.extraGroups = ["redis"];
96+
}
97+
```
98+
99+
## Add The First User
100+
101+
You'll then need to create an administrative user so that you can log into the panel. To do so, run the command below.
102+
At this time passwords **must** meet the following requirements: 8 characters, mixed case, at least one number.
103+
104+
``` bash
105+
pterodactyl-cli p:user:make
106+
```
Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,54 @@
1+
# NixOS
2+
3+
This guide provides instructions for installing Pterodactyl Wings on NixOS.
4+
5+
## Configuration
6+
7+
Make sure to firstly create the node on the panel in order to configure wings. To enable the service, add the following code to your `configuration.nix`:
8+
9+
```nix
10+
{
11+
services.pterodactyl.wings = {
12+
enable = true;
13+
uuid = "your-node-uuid";
14+
remote = "https://panel.example.com";
15+
# Using agenix, sops-nix or something else
16+
tokenIdFile = "/path/to/token_id";
17+
# Direct (not recommended)
18+
# tokenId = "";
19+
tokenFile = "/path/to/token";
20+
# tokenFile = "";
21+
};
22+
}
23+
```
24+
25+
If you want wings to be accessible to the public, make sure to open the API and SFTP ports by adding this in your `configuration.nix`:
26+
27+
```nix
28+
{
29+
services.pterodactyl.wings = {
30+
openFirewall = true;
31+
};
32+
}
33+
```
34+
35+
### Opening container ports
36+
37+
Unfortunately this cannot be done automatically. If you have made a lot of ports as a range,
38+
you can open them with `networking.firewall.allowedTCPPortRanges` and `networking.firewall.allowedUDPPortRanges` in your `configuration.nix`:
39+
40+
```nix
41+
{
42+
networking.firewall = {
43+
enable = true;
44+
allowedTCPPortRanges = [
45+
{ from = 25565; to = 25600; }
46+
{ from = 3000; to = 3100; }
47+
];
48+
allowedUDPPortRanges = [
49+
{ from = 25565; to = 25600; }
50+
{ from = 3000; to = 3100; }
51+
];
52+
};
53+
}
54+
```

0 commit comments

Comments
 (0)