config/README.md

# Initial setup (old)

  nixos-generate-config

# Reading list

* https://nixos.wiki/wiki/Flakes
* https://teu5us.github.io/nix-lib.html
* https://ryantm.github.io/nixpkgs/builders/trivial-builders/
* https://nixos.wiki/wiki/Nix-writers

# TODOs:

* [x] Split stuff into multiple files
* [x] Make a flake
* [x] merge hosted docs into a single subdomain
* [ ] autogenerate ssh keys
* [ ] pre-commit hook with 'nix eval ...outPath'
* [ ] use `nom` when deploying
* [ ] figure out how to reuse system flake lock while deplying, leave the night job to upgrade
* [ ] Setup some remote-development and deploy flow
* [ ] users/pbsds: Support multiple profiles, like headless, nixpkgs-dev, various desktops, hpc, pvv, etc
* [ ] nixos-generate-config instructions for new hosts
* [ ] zfs, declarative pools?
* [ ] secrets - nix-sops ?
  * flexget
  * transmission
  * domeneshop
* [ ] hydra
* [ ] self-hosted binary cache (single-machine) (nix-serve, carinae, harmonia, eris or attic)
  * https://discourse.nixos.org/t/announcing-harmonia-a-nix-binary-cache-written-in-rust/19855
  * https://discourse.nixos.org/t/introducing-attic-a-self-hostable-nix-binary-cache-server/24343/1
* [ ] profiles/web: make ACME/nginx helper a function
  * [ ] Support multiple tlds
  * [ ] Support multiple acme accounts
  * [ ] Support a per-account provider?
  * [ ] Support DNS auth
  * [ ] Setup aliases instead of a per-vhost cert?
    * [ ] Preferably setup a wildchar cert per host


# Cheatsheet

### How to deploy

Build locally, deploy on local, with `nom`:

  sudo true && sudo nixos-rebuild test --flake . --recreate-lock-file --no-write-lock-file |& nom

Via git, build on remote:

  ssh -t HOST sudo nixos-rebuild test --flake git+ssh://gitea@gitea.noximilien.pbsds.net/pbsds/nix-config.git --recreate-lock-file --no-write-lock-file
  # or
  ssh -t HOST sudo nixos-rebuild test --flake git+ssh://git@github.com/pbsds/nix-dotfiles.git --recreate-lock-file --no-write-lock-file

From local checkout to remote where you're not a trusted user, build on remote:

  tar cf - --directory="$(nix eval --raw .#inputs.self.outPath)" . | ssh -tt HOST -- bash -c '"set -x; cd $(mktemp -d); tar xf - && nixos-rebuild test --flake . \"\$@\""' -- --print-build-logs --recreate-lock-file --no-write-lock-file

.. wait doesn't that litter `/tmp` or `/run/user/.../tmp`?

  ¯\_(ツ)_/¯

From local checkout to remote if local nix daemon has ssh keys, then build on remote:

  nix copy --from "$(nix eval  .#inputs.self.outPath)" --to TODO

Build locally, copy to remote

  TODO

* https://nixos.wiki/wiki/Nixos-rebuild
* https://www.haskellforall.com/2023/01/announcing-nixos-rebuild-new-deployment.html


### How to evaluate nixos flake/configuration.nix, checking if the drv hash is equal

  nix eval .#nixosConfigurations.noximilien.config.system.build.toplevel.outPath
  # old way:
  nix-instantiate '<nixpkgs/nixos>' -A system -I nixos-config=./configuration.nix
further catogorize profile/web, add python-docs 2023-02-26 02:46:35 +01:00			`# Initial setup (old)`
Initial commit 2022-10-17 22:40:48 +02:00
further catogorize profile/web, add python-docs 2023-02-26 02:46:35 +01:00			`nixos-generate-config`
Initial commit 2022-10-17 22:40:48 +02:00
further catogorize profile/web, add python-docs 2023-02-26 02:46:35 +01:00			`# Reading list`
Initial commit 2022-10-17 22:40:48 +02:00
further catogorize profile/web, add python-docs 2023-02-26 02:46:35 +01:00			`* https://nixos.wiki/wiki/Flakes`
			`* https://teu5us.github.io/nix-lib.html`
			`* https://ryantm.github.io/nixpkgs/builders/trivial-builders/`
more doc-work 2023-02-26 06:11:55 +01:00			`* https://nixos.wiki/wiki/Nix-writers`
split nas and websites into modules 2023-02-25 00:03:29 +01:00
further catogorize profile/web, add python-docs 2023-02-26 02:46:35 +01:00			`# TODOs:`
split nas and websites into modules 2023-02-25 00:03:29 +01:00
further catogorize profile/web, add python-docs 2023-02-26 02:46:35 +01:00			`* [x] Split stuff into multiple files`
			`* [x] Make a flake`
merge docs, add yagcd 2023-02-26 03:53:55 +01:00			`* [x] merge hosted docs into a single subdomain`
Add nord ssh key 2023-03-09 07:56:07 +01:00			`* [ ] autogenerate ssh keys`
stuff 2023-03-02 22:26:07 +01:00			`* [ ] pre-commit hook with 'nix eval ...outPath'`
laksdaladsdsalkjdsalkjdsalkj 2023-03-03 21:42:29 +01:00			* [ ] use `nom` when deploying
			`* [ ] figure out how to reuse system flake lock while deplying, leave the night job to upgrade`
stuff 2023-03-02 22:26:07 +01:00			`* [ ] Setup some remote-development and deploy flow`
further catogorize profile/web, add python-docs 2023-02-26 02:46:35 +01:00			`* [ ] users/pbsds: Support multiple profiles, like headless, nixpkgs-dev, various desktops, hpc, pvv, etc`
stuff 2023-03-02 22:26:07 +01:00			`* [ ] nixos-generate-config instructions for new hosts`
			`* [ ] zfs, declarative pools?`
			`* [ ] secrets - nix-sops ?`
			`* flexget`
			`* transmission`
			`* domeneshop`
			`* [ ] hydra`
			`* [ ] self-hosted binary cache (single-machine) (nix-serve, carinae, harmonia, eris or attic)`
			`* https://discourse.nixos.org/t/announcing-harmonia-a-nix-binary-cache-written-in-rust/19855`
			`* https://discourse.nixos.org/t/introducing-attic-a-self-hostable-nix-binary-cache-server/24343/1`
further catogorize profile/web, add python-docs 2023-02-26 02:46:35 +01:00			`* [ ] profiles/web: make ACME/nginx helper a function`
			`* [ ] Support multiple tlds`
			`* [ ] Support multiple acme accounts`
			`* [ ] Support a per-account provider?`
			`* [ ] Support DNS auth`
stuff 2023-03-02 22:26:07 +01:00			`* [ ] Setup aliases instead of a per-vhost cert?`
			`* [ ] Preferably setup a wildchar cert per host`
split nas and websites into modules 2023-02-25 00:03:29 +01:00
further catogorize profile/web, add python-docs 2023-02-26 02:46:35 +01:00
			`# Cheatsheet`

laksdaladsdsalkjdsalkjdsalkj 2023-03-03 21:42:29 +01:00			`### How to deploy`

tmate 2023-03-03 21:57:37 +01:00			Build locally, deploy on local, with `nom`:

			`sudo true && sudo nixos-rebuild test --flake . --recreate-lock-file --no-write-lock-file \|& nom`

laksdaladsdsalkjdsalkjdsalkj 2023-03-03 21:42:29 +01:00			`Via git, build on remote:`

tmate 2023-03-03 21:57:37 +01:00			`ssh -t HOST sudo nixos-rebuild test --flake git+ssh://gitea@gitea.noximilien.pbsds.net/pbsds/nix-config.git --recreate-lock-file --no-write-lock-file`
			`# or`
laksdaladsdsalkjdsalkjdsalkj 2023-03-03 21:42:29 +01:00			`ssh -t HOST sudo nixos-rebuild test --flake git+ssh://git@github.com/pbsds/nix-dotfiles.git --recreate-lock-file --no-write-lock-file`

			`From local checkout to remote where you're not a trusted user, build on remote:`

tmate 2023-03-03 21:57:37 +01:00			`tar cf - --directory="$(nix eval --raw .#inputs.self.outPath)" . \| ssh -tt HOST -- bash -c '"set -x; cd $(mktemp -d); tar xf - && nixos-rebuild test --flake . \"\$@\""' -- --print-build-logs --recreate-lock-file --no-write-lock-file`
laksdaladsdsalkjdsalkjdsalkj 2023-03-03 21:42:29 +01:00
			.. wait doesn't that litter `/tmp` or `/run/user/.../tmp`?

			`¯\_(ツ)_/¯`

			`From local checkout to remote if local nix daemon has ssh keys, then build on remote:`

			`nix copy --from "$(nix eval .#inputs.self.outPath)" --to TODO`

			`Build locally, copy to remote`

			`TODO`

			`* https://nixos.wiki/wiki/Nixos-rebuild`
			`* https://www.haskellforall.com/2023/01/announcing-nixos-rebuild-new-deployment.html`



further catogorize profile/web, add python-docs 2023-02-26 02:46:35 +01:00			`### How to evaluate nixos flake/configuration.nix, checking if the drv hash is equal`

laksdaladsdsalkjdsalkjdsalkj 2023-03-03 21:42:29 +01:00			`nix eval .#nixosConfigurations.noximilien.config.system.build.toplevel.outPath`
			`# old way:`
			`nix-instantiate '<nixpkgs/nixos>' -A system -I nixos-config=./configuration.nix`