|
| 1 | +# NixOS |
| 2 | + |
| 3 | +This guide provides instructions for installing Pterodactyl Panel on NixOS. |
| 4 | + |
| 5 | +[[toc]] |
| 6 | + |
| 7 | +## Generating secrets |
| 8 | + |
| 9 | +Before configuring the service, we need to generate a new application encryption key. |
| 10 | + |
| 11 | +```bash |
| 12 | +echo "base64:$(openssl rand -base64 32)" |
| 13 | +``` |
| 14 | + |
| 15 | +::: danger |
| 16 | +Back up the encryption key. It is used as an encryption key for all data that needs to be stored securely (e.g. API keys). |
| 17 | +Store it somewhere safe - not just on your server. If you lose it, all encrypted data is irrecoverable, even with database backups. |
| 18 | + |
| 19 | +Copy the key generated and save it somewhere secure: |
| 20 | +- A password manager |
| 21 | +- An encrypted file on your local machine |
| 22 | +- A secure USB drive |
| 23 | +- A trusted cloud vault |
| 24 | + |
| 25 | +Do not keep it only on the server. If you lose this key, your encrypted data is permanently unrecoverable. |
| 26 | +::: |
| 27 | + |
| 28 | +You would also need to generate a salt key, which is used for providing additional security to encrypted data as a way to make it fully random each time. It can be anything from a randomly generated string to an UUID. |
| 29 | + |
| 30 | +```bash |
| 31 | +openssl rand -hex 16 |
| 32 | +``` |
| 33 | + |
| 34 | +## Configuration |
| 35 | + |
| 36 | +Now we can enable the service, add the following code to your `configuration.nix`: |
| 37 | + |
| 38 | +```nix |
| 39 | +{ |
| 40 | + services.pterodactyl.panel = { |
| 41 | + enable = true; |
| 42 | + app = { |
| 43 | + url = "https://panel.example.com"; |
| 44 | + # Using agenix, sops-nix or something else |
| 45 | + keyFile = "/path/to/app_key"; |
| 46 | + # Direct (not recommended) |
| 47 | + # key = ""; |
| 48 | + }; |
| 49 | +
|
| 50 | + hashids = { |
| 51 | + saltFile = "/path/to/hashids_salt"; |
| 52 | + # salt = ""; |
| 53 | + }; |
| 54 | + }; |
| 55 | +} |
| 56 | +``` |
| 57 | + |
| 58 | +If you want the panel to be accessible to the public, make sure to open Nginx's port by adding this in your `configuration.nix`: |
| 59 | + |
| 60 | +```nix |
| 61 | +{ |
| 62 | + networking.firewall.allowedTCPPorts = [80 443]; |
| 63 | +} |
| 64 | +``` |
| 65 | + |
| 66 | +### Using Caddy with FrankenPHP |
| 67 | + |
| 68 | +Using Caddy with FrankenPHP is much performant and better than Nginx and PHP-FPM. Here is an example configuration to put in your `configuration.nix`: |
| 69 | + |
| 70 | +```nix |
| 71 | +{ |
| 72 | + services.caddy = { |
| 73 | + enable = true; |
| 74 | + package = pkgs.frankenphp.override { |
| 75 | + php = config.services.pterodactyl.panel.phpPackage; |
| 76 | + }; |
| 77 | +
|
| 78 | + virtualHosts = { |
| 79 | + "panel.example.com".extraConfig = '' |
| 80 | + root * ${config.services.pterodactyl.panel.package}/public |
| 81 | + php_server |
| 82 | + ''; |
| 83 | + }; |
| 84 | + }; |
| 85 | +
|
| 86 | + services.pterodactyl.panel = { |
| 87 | + enable = true; |
| 88 | + enableNginx = false; |
| 89 | + user = "caddy"; |
| 90 | + group = "caddy"; |
| 91 | + database.user = "caddy"; |
| 92 | + app.url = "https://panel.example.com"; |
| 93 | + }; |
| 94 | +
|
| 95 | + users.users.caddy.extraGroups = ["redis"]; |
| 96 | +} |
| 97 | +``` |
| 98 | + |
| 99 | +## Add The First User |
| 100 | + |
| 101 | +You'll then need to create an administrative user so that you can log into the panel. To do so, run the command below. |
| 102 | +At this time passwords **must** meet the following requirements: 8 characters, mixed case, at least one number. |
| 103 | + |
| 104 | +``` bash |
| 105 | +pterodactyl-cli p:user:make |
| 106 | +``` |
0 commit comments