Skip to content

Add installation guide for NixOS #711

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
PadowYT2 wants to merge 1 commit into
base: v2
Choose a base branch
from
+170 −2
Draft

Add installation guide for NixOS #711

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion content/docs/guides/panel-installation/meta.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
"pages": [
"debian",
"centos7",
"centos8"
"centos8",
"nixos"
]
}
108 changes: 108 additions & 0 deletions content/docs/guides/panel-installation/nixos.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,108 @@
---
title: NixOS
---



This guide provides instructions for installing Pterodactyl Panel on NixOS.

## Generating secrets

Before configuring the service, we need to generate a new application encryption key.

```bash
echo "base64:$(openssl rand -base64 32)"
```

<Callout type="error">
Back up the encryption key. It is used as an encryption key for all data that needs to be stored securely (e.g. API keys).
Store it somewhere safe - not just on your server. If you lose it, all encrypted data is irrecoverable, even with database backups.

Copy the key generated and save it somewhere secure:
- A password manager
- An encrypted file on your local machine
- A secure USB drive
- A trusted cloud vault

Do not keep it only on the server. If you lose this key, your encrypted data is permanently unrecoverable.
</Callout>
Comment on lines +11 to +28
Copy link
Contributor Author

@PadowYT2 PadowYT2 Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps instead of copying the text from the main Pterodactyl Installation page, suggest having the configuration with secrets be available on GitHub as it is the recommended setup for NixOS configs...?


You would also need to generate a salt key, which is used for providing additional security to encrypted data as a way to make it fully random each time. It can be anything from a randomly generated string to an UUID.

```bash
openssl rand -hex 16
```

## Configuration

Now we can enable the service, add the following code to your `configuration.nix`.

```nix
{
services.pterodactyl.panel = {
enable = true;
app = {
url = "https://panel.example.com";
# Using agenix, sops-nix or something else
keyFile = "/path/to/app_key";
# Direct (not recommended)
# key = "";
};

hashids = {
saltFile = "/path/to/hashids_salt";
# salt = "";
};
};
}
```

If you want the panel to be accessible to the public, make sure to open Nginx's port by adding this in your `configuration.nix`.

```nix
{
networking.firewall.allowedTCPPorts = [80 443];
}
```

### Using Caddy with FrankenPHP

Using Caddy with FrankenPHP is much performant and better than Nginx and PHP-FPM. Here is an example configuration to put in your `configuration.nix`.

```nix
{
services.caddy = {
enable = true;
package = pkgs.frankenphp.override {
php = config.services.pterodactyl.panel.phpPackage;
};

virtualHosts = {
"panel.example.com".extraConfig = ''
root * ${config.services.pterodactyl.panel.package}/public
php_server
'';
};
};

services.pterodactyl.panel = {
enable = true;
enableNginx = false;
user = "caddy";
group = "caddy";
database.user = "caddy";
app.url = "https://panel.example.com";
};

users.users.caddy.extraGroups = ["redis"];
}
```

## Add The First User

You'll then need to create an administrative user so that you can log into the panel. To do so, run the command below.
At this time passwords **must** meet the following requirements: 8 characters, mixed case, at least one number.

```bash
pterodactyl-cli p:user:make
```
3 changes: 2 additions & 1 deletion content/docs/guides/wings-installation/meta.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
"title": "Wings Installation",
"pages": [
"centos7",
"centos8"
"centos8",
"nixos"
]
}
58 changes: 58 additions & 0 deletions content/docs/guides/wings-installation/nixos.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
---
title: NixOS
---



This guide provides instructions for installing Pterodactyl Wings on NixOS.

## Configuration

Make sure to firstly create the node on the panel in order to configure wings. To enable the service, add the following code to your `configuration.nix`:

```nix
{
services.pterodactyl.wings = {
enable = true;
uuid = "your-node-uuid";
remote = "https://panel.example.com";
# Using agenix, sops-nix or something else
tokenIdFile = "/path/to/token_id";
# Direct (not recommended)
# tokenId = "";
tokenFile = "/path/to/token";
# tokenFile = "";
};
}
```

If you want wings to be accessible to the public, make sure to open the API and SFTP ports by adding this in your `configuration.nix`:

```nix
{
services.pterodactyl.wings = {
openFirewall = true;
};
}
```

### Opening container ports

Unfortunately this cannot be done automatically. If you have made a lot of ports as a range,
you can open them with `networking.firewall.allowedTCPPortRanges` and `networking.firewall.allowedUDPPortRanges` in your `configuration.nix`:

```nix
{
networking.firewall = {
enable = true;
allowedTCPPortRanges = [
{ from = 25565; to = 25600; }
{ from = 3000; to = 3100; }
];
allowedUDPPortRanges = [
{ from = 25565; to = 25600; }
{ from = 3000; to = 3100; }
];
};
}
```