Darkmatter in Cyberspace

From SSH Lockout to a Perfect NixOS Image: A Debugging Odyssey Deploying a custom service on a fresh server should be straightforward. But sometimes, a simple task spirals into a multi-layered journey that tests your assumptions and tools at every level. This is the story of one such journey: a tale of deploying a secure Xray proxy on NixOS that started with a simple SSH failure and ended with a deep dive into kernel syscalls. Here are the key insights from that odyssey. The Initial Failure: Mismatched Blueprints The first attempt involved using nixos-anywhere to overwrite a fresh DigitalOcean droplet. The command finished, but the server was unreachable—no SSH, no console. The initial suspect, a cloud firewall, was a red herring. The real culprit was a fundamental mismatch in our NixOS configuration. The configuration.nix specified a legacy BIOS boot ( efiSupport = false; ), but the disko.nix partitioning script was creating a modern EFI-style disk layout with a separate /boot ...