From 824e57739ee40cd69eea61cc92136ae7ca6d7cf0 Mon Sep 17 00:00:00 2001
From: Peder Bergebakken Sundt <pbsds@hotmail.com>
Date: Fri, 3 Mar 2023 21:42:29 +0100
Subject: [PATCH] laksdaladsdsalkjdsalkjdsalkj

---
 .envrc                               |  2 ++
 README.md                            | 35 +++++++++++++++++++++++++---
 base.nix                             |  2 ++
 flake.nix                            |  1 +
 hardware/opengl-intel.nix            |  6 ++---
 hosts/noximilien/default.nix         |  2 ++
 profiles/remote-builders/default.nix | 24 ++++++++++++++-----
 shell.nix                            |  1 +
 8 files changed, 61 insertions(+), 12 deletions(-)

diff --git a/.envrc b/.envrc
index 5099346..39dc992 100644
--- a/.envrc
+++ b/.envrc
@@ -1,3 +1,5 @@
+#!/usr/bin/env bash
+git config --local core.hooksPath "$PWD"/.githooks
 if ! command -v nixos-rebuild >/dev/null; then
     use nix
 fi
diff --git a/README.md b/README.md
index c5b62bc..20ae167 100644
--- a/README.md
+++ b/README.md
@@ -15,6 +15,8 @@
 * [x] Make a flake
 * [x] merge hosted docs into a single subdomain
 * [ ] pre-commit hook with 'nix eval ...outPath'
+* [ ] use `nom` when deploying
+* [ ] figure out how to reuse system flake lock while deplying, leave the night job to upgrade
 * [ ] Setup some remote-development and deploy flow
 * [ ] users/pbsds: Support multiple profiles, like headless, nixpkgs-dev, various desktops, hpc, pvv, etc
 * [ ] nixos-generate-config instructions for new hosts
@@ -38,8 +40,35 @@
 
 # Cheatsheet
 
+### How to deploy
+
+Via git, build on remote:
+
+  ssh -t HOST sudo nixos-rebuild test --flake git+ssh://git@github.com/pbsds/nix-dotfiles.git --recreate-lock-file --no-write-lock-file
+
+From local checkout to remote where you're not a trusted user, build on remote:
+
+  tar cf - --directory="$(nix eval --raw .#inputs.self.outPath)" . | ssh bolle.pbsds.net -- bash -xc '"cd $(mktemp -d); pwd; tar xf - && nixos-rebuild test . \"\$@\""' -- --recreate-lock-file --no-write-lock-file
+
+.. wait doesn't that litter `/tmp` or `/run/user/.../tmp`?
+
+  ¯\_(ツ)_/¯
+
+From local checkout to remote if local nix daemon has ssh keys, then build on remote:
+
+  nix copy --from "$(nix eval  .#inputs.self.outPath)" --to TODO
+
+Build locally, copy to remote
+
+  TODO
+
+* https://nixos.wiki/wiki/Nixos-rebuild
+* https://www.haskellforall.com/2023/01/announcing-nixos-rebuild-new-deployment.html
+
+
+
 ### How to evaluate nixos flake/configuration.nix, checking if the drv hash is equal
 
-    nix eval .#nixosConfigurations.noximilien.config.system.build.toplevel.outPath
-    # or
-    nix-instantiate '<nixpkgs/nixos>' -A system -I nixos-config=./configuration.nix
+  nix eval .#nixosConfigurations.noximilien.config.system.build.toplevel.outPath
+  # old way:
+  nix-instantiate '<nixpkgs/nixos>' -A system -I nixos-config=./configuration.nix
diff --git a/base.nix b/base.nix
index c727028..5e28462 100644
--- a/base.nix
+++ b/base.nix
@@ -28,6 +28,8 @@
   #  { assertion = builtins.pathExists "/etc/nixos/flake.nix"; message = "You have yet to test systems without a flake in /etc/nixos"; }
   #];
   /**/
+  # TODO: make /etc/nixos a symlink to the in-store flake? - bad idea, horrible error recovery
+  # TODO: make /etc/nixos a checkout of repo?  
   system.autoUpgrade.flake = inputs.self.outPath; # a nix store path
   #system.autoUpgrade.flake = "github:pbsds/nix-config"; # TODO: use this instead?
   system.autoUpgrade.flags = [
diff --git a/flake.nix b/flake.nix
index e3acc6a..995508c 100644
--- a/flake.nix
+++ b/flake.nix
@@ -67,6 +67,7 @@
       })];
     };
   in {
+    inherit inputs;
     nixosConfigurations.noximilien = mkConfig "noximilien" "x86_64-linux" (with nixos-hardware.nixosModules; [ common-pc common-pc-ssd common-cpu-intel ]);
     nixosConfigurations.bolle      = mkConfig "bolle"      "x86_64-linux" (with nixos-hardware.nixosModules; [ common-pc common-pc-ssd common-cpu-intel ]);
     homeConfigurations = forAllSystems (system: {
diff --git a/hardware/opengl-intel.nix b/hardware/opengl-intel.nix
index 297f1fb..4d9e6ac 100644
--- a/hardware/opengl-intel.nix
+++ b/hardware/opengl-intel.nix
@@ -6,10 +6,10 @@
   # https://github.com/NixOS/nixpkgs/blob/nixos-22.11/pkgs/development/libraries/jellyfin-ffmpeg/default.nix
 
   nixpkgs.config.openglSupport = true; # why is this not set by hardware.opengl.enable ?
-  nixpkgs.config.vaapiSupport = true;
-  nixpkgs.config.libmfxSupport = true; # intel
+  nixpkgs.config.vaapiSupport  = true;
   nixpkgs.config.libaomSupport = true;
-  nixpkgs.config.vdpauSupport = true; # intel
+  nixpkgs.config.vdpauSupport  = true; # intel
+  nixpkgs.config.libmfxSupport = true; # intel
 
   hardware.opengl.enable = true;
   #hardware.opengl.extraPackages = [ pkgs.mesa.drivers ];
diff --git a/hosts/noximilien/default.nix b/hosts/noximilien/default.nix
index 377a59f..bf709b9 100644
--- a/hosts/noximilien/default.nix
+++ b/hosts/noximilien/default.nix
@@ -14,6 +14,8 @@
 
     ../../hardware/opengl-intel.nix
 
+    ../../profiles/tmate-server # opens port 442244
+
     ../../profiles/web
     ../../profiles/web/index
     ../../profiles/web/services/cinny
diff --git a/profiles/remote-builders/default.nix b/profiles/remote-builders/default.nix
index 5948205..6f37ac6 100644
--- a/profiles/remote-builders/default.nix
+++ b/profiles/remote-builders/default.nix
@@ -6,10 +6,22 @@ let
   # - "benchmark"    - has "equal" performance
   # - "big-parallel" - is beefy, for stuff like llvm
 
-  # TODO: get a binfmt-misc host for cross stuff
-  # add noximilien, filter (hostName != fqdn)
-
   remotes = [
+    /** /
+    {
+      systems = [ "x86_64-linux" ];
+      hostName = "bolle.pbsds.net";
+      sshUser = "pbsds";
+      maxJobs = 16;
+      #maxJobs = 1; # at least for big-parallel
+      speedFactor = 2;
+      supportedFeatures = [ "kvm" "big-parallel" "nixos-test" ];
+      #mandatoryFeatures = [ ];
+      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBHdkKmRB0WjD3L+k8GNTVJDLpOUqLBMW17ld/Jzapo6";
+      proxy.user="pederbs";
+      proxy.host="isvegg.pvv.ntnu.no";
+      proxy.publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU=";
+    }
     /**/
     {
       systems = ["x86_64-linux"];
@@ -18,9 +30,8 @@ let
       maxJobs = 8;
       #maxJobs = 4;
       #maxJobs = 1; # at least for big-parallel
-      speedFactor = 2;
+      speedFactor = 3;
       supportedFeatures = [ "kvm" "big-parallel" ];
-      #supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
       #mandatoryFeatures = [ ];
       publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDuWdqEQ5mmVjuKi6f/Q2PFxuqB3URpgTHid06Vw7we";
       proxy.user="pederbs";
@@ -32,7 +43,7 @@ let
       systems = ["x86_64-linux"];
       hostName = "isvegg.pvv.ntnu.no";
       sshUser = "pederbs";
-      maxJobs = 1;
+      maxJobs = 2;
       speedFactor = 0;
       publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU=";
     }
@@ -65,6 +76,7 @@ let
   in  {
     nix.buildMachines = [ buildMachine ];
     programs.ssh.knownHosts.${buildMachine.hostName}.publicKey = publicKey;
+    # the timeout is great to have when a remote is unresponsive, as nix currently does not give a shit
     programs.ssh.extraConfig = ''
       Host ${buildMachine.hostName}
         ConnectTimeout 3
diff --git a/shell.nix b/shell.nix
index c2b3a6b..79711d6 100644
--- a/shell.nix
+++ b/shell.nix
@@ -3,5 +3,6 @@ pkgs.mkShell {
   packages = with pkgs; [
   #buildInputs = with pkgs; [
     nixos-rebuild
+    home-manager
   ];
 }