laksdaladsdsalkjdsalkjdsalkj
This commit is contained in:
parent
feb9d41ce1
commit
824e57739e
2
.envrc
2
.envrc
@ -1,3 +1,5 @@
|
||||
#!/usr/bin/env bash
|
||||
git config --local core.hooksPath "$PWD"/.githooks
|
||||
if ! command -v nixos-rebuild >/dev/null; then
|
||||
use nix
|
||||
fi
|
||||
|
35
README.md
35
README.md
@ -15,6 +15,8 @@
|
||||
* [x] Make a flake
|
||||
* [x] merge hosted docs into a single subdomain
|
||||
* [ ] pre-commit hook with 'nix eval ...outPath'
|
||||
* [ ] use `nom` when deploying
|
||||
* [ ] figure out how to reuse system flake lock while deplying, leave the night job to upgrade
|
||||
* [ ] Setup some remote-development and deploy flow
|
||||
* [ ] users/pbsds: Support multiple profiles, like headless, nixpkgs-dev, various desktops, hpc, pvv, etc
|
||||
* [ ] nixos-generate-config instructions for new hosts
|
||||
@ -38,8 +40,35 @@
|
||||
|
||||
# Cheatsheet
|
||||
|
||||
### How to deploy
|
||||
|
||||
Via git, build on remote:
|
||||
|
||||
ssh -t HOST sudo nixos-rebuild test --flake git+ssh://git@github.com/pbsds/nix-dotfiles.git --recreate-lock-file --no-write-lock-file
|
||||
|
||||
From local checkout to remote where you're not a trusted user, build on remote:
|
||||
|
||||
tar cf - --directory="$(nix eval --raw .#inputs.self.outPath)" . | ssh bolle.pbsds.net -- bash -xc '"cd $(mktemp -d); pwd; tar xf - && nixos-rebuild test . \"\$@\""' -- --recreate-lock-file --no-write-lock-file
|
||||
|
||||
.. wait doesn't that litter `/tmp` or `/run/user/.../tmp`?
|
||||
|
||||
¯\_(ツ)_/¯
|
||||
|
||||
From local checkout to remote if local nix daemon has ssh keys, then build on remote:
|
||||
|
||||
nix copy --from "$(nix eval .#inputs.self.outPath)" --to TODO
|
||||
|
||||
Build locally, copy to remote
|
||||
|
||||
TODO
|
||||
|
||||
* https://nixos.wiki/wiki/Nixos-rebuild
|
||||
* https://www.haskellforall.com/2023/01/announcing-nixos-rebuild-new-deployment.html
|
||||
|
||||
|
||||
|
||||
### How to evaluate nixos flake/configuration.nix, checking if the drv hash is equal
|
||||
|
||||
nix eval .#nixosConfigurations.noximilien.config.system.build.toplevel.outPath
|
||||
# or
|
||||
nix-instantiate '<nixpkgs/nixos>' -A system -I nixos-config=./configuration.nix
|
||||
nix eval .#nixosConfigurations.noximilien.config.system.build.toplevel.outPath
|
||||
# old way:
|
||||
nix-instantiate '<nixpkgs/nixos>' -A system -I nixos-config=./configuration.nix
|
||||
|
2
base.nix
2
base.nix
@ -28,6 +28,8 @@
|
||||
# { assertion = builtins.pathExists "/etc/nixos/flake.nix"; message = "You have yet to test systems without a flake in /etc/nixos"; }
|
||||
#];
|
||||
/**/
|
||||
# TODO: make /etc/nixos a symlink to the in-store flake? - bad idea, horrible error recovery
|
||||
# TODO: make /etc/nixos a checkout of repo?
|
||||
system.autoUpgrade.flake = inputs.self.outPath; # a nix store path
|
||||
#system.autoUpgrade.flake = "github:pbsds/nix-config"; # TODO: use this instead?
|
||||
system.autoUpgrade.flags = [
|
||||
|
@ -67,6 +67,7 @@
|
||||
})];
|
||||
};
|
||||
in {
|
||||
inherit inputs;
|
||||
nixosConfigurations.noximilien = mkConfig "noximilien" "x86_64-linux" (with nixos-hardware.nixosModules; [ common-pc common-pc-ssd common-cpu-intel ]);
|
||||
nixosConfigurations.bolle = mkConfig "bolle" "x86_64-linux" (with nixos-hardware.nixosModules; [ common-pc common-pc-ssd common-cpu-intel ]);
|
||||
homeConfigurations = forAllSystems (system: {
|
||||
|
@ -6,10 +6,10 @@
|
||||
# https://github.com/NixOS/nixpkgs/blob/nixos-22.11/pkgs/development/libraries/jellyfin-ffmpeg/default.nix
|
||||
|
||||
nixpkgs.config.openglSupport = true; # why is this not set by hardware.opengl.enable ?
|
||||
nixpkgs.config.vaapiSupport = true;
|
||||
nixpkgs.config.libmfxSupport = true; # intel
|
||||
nixpkgs.config.vaapiSupport = true;
|
||||
nixpkgs.config.libaomSupport = true;
|
||||
nixpkgs.config.vdpauSupport = true; # intel
|
||||
nixpkgs.config.vdpauSupport = true; # intel
|
||||
nixpkgs.config.libmfxSupport = true; # intel
|
||||
|
||||
hardware.opengl.enable = true;
|
||||
#hardware.opengl.extraPackages = [ pkgs.mesa.drivers ];
|
||||
|
@ -14,6 +14,8 @@
|
||||
|
||||
../../hardware/opengl-intel.nix
|
||||
|
||||
../../profiles/tmate-server # opens port 442244
|
||||
|
||||
../../profiles/web
|
||||
../../profiles/web/index
|
||||
../../profiles/web/services/cinny
|
||||
|
@ -6,10 +6,22 @@ let
|
||||
# - "benchmark" - has "equal" performance
|
||||
# - "big-parallel" - is beefy, for stuff like llvm
|
||||
|
||||
# TODO: get a binfmt-misc host for cross stuff
|
||||
# add noximilien, filter (hostName != fqdn)
|
||||
|
||||
remotes = [
|
||||
/** /
|
||||
{
|
||||
systems = [ "x86_64-linux" ];
|
||||
hostName = "bolle.pbsds.net";
|
||||
sshUser = "pbsds";
|
||||
maxJobs = 16;
|
||||
#maxJobs = 1; # at least for big-parallel
|
||||
speedFactor = 2;
|
||||
supportedFeatures = [ "kvm" "big-parallel" "nixos-test" ];
|
||||
#mandatoryFeatures = [ ];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBHdkKmRB0WjD3L+k8GNTVJDLpOUqLBMW17ld/Jzapo6";
|
||||
proxy.user="pederbs";
|
||||
proxy.host="isvegg.pvv.ntnu.no";
|
||||
proxy.publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU=";
|
||||
}
|
||||
/**/
|
||||
{
|
||||
systems = ["x86_64-linux"];
|
||||
@ -18,9 +30,8 @@ let
|
||||
maxJobs = 8;
|
||||
#maxJobs = 4;
|
||||
#maxJobs = 1; # at least for big-parallel
|
||||
speedFactor = 2;
|
||||
speedFactor = 3;
|
||||
supportedFeatures = [ "kvm" "big-parallel" ];
|
||||
#supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
||||
#mandatoryFeatures = [ ];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDuWdqEQ5mmVjuKi6f/Q2PFxuqB3URpgTHid06Vw7we";
|
||||
proxy.user="pederbs";
|
||||
@ -32,7 +43,7 @@ let
|
||||
systems = ["x86_64-linux"];
|
||||
hostName = "isvegg.pvv.ntnu.no";
|
||||
sshUser = "pederbs";
|
||||
maxJobs = 1;
|
||||
maxJobs = 2;
|
||||
speedFactor = 0;
|
||||
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU=";
|
||||
}
|
||||
@ -65,6 +76,7 @@ let
|
||||
in {
|
||||
nix.buildMachines = [ buildMachine ];
|
||||
programs.ssh.knownHosts.${buildMachine.hostName}.publicKey = publicKey;
|
||||
# the timeout is great to have when a remote is unresponsive, as nix currently does not give a shit
|
||||
programs.ssh.extraConfig = ''
|
||||
Host ${buildMachine.hostName}
|
||||
ConnectTimeout 3
|
||||
|
Loading…
Reference in New Issue
Block a user