From 8f0c82e8db80a8d710c9232f8f01dad5e3feaa71 Mon Sep 17 00:00:00 2001 From: Peder Bergebakken Sundt Date: Sat, 4 Mar 2023 17:00:52 +0100 Subject: [PATCH] cheats --- README.md | 42 ------------------------------------------ cheatsheet.md | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+), 42 deletions(-) create mode 100644 cheatsheet.md diff --git a/README.md b/README.md index b5dec9e..85120f0 100644 --- a/README.md +++ b/README.md @@ -37,45 +37,3 @@ * [ ] Support DNS auth * [ ] Setup aliases instead of a per-vhost cert? * [ ] Preferably setup a wildchar cert per host - - -# Cheatsheet - -### How to deploy - -Build locally, deploy on local, with `nom`: - - sudo true && sudo nixos-rebuild test --flake . --recreate-lock-file --no-write-lock-file |& nom - -Via git, build on remote: - - ssh -t HOST sudo nixos-rebuild test --flake git+ssh://gitea@gitea.noximilien.pbsds.net/pbsds/nix-config.git --recreate-lock-file --no-write-lock-file - # or - ssh -t HOST sudo nixos-rebuild test --flake git+ssh://git@github.com/pbsds/nix-dotfiles.git --recreate-lock-file --no-write-lock-file - -From local checkout to remote where you're not a trusted user, build on remote: - - tar cf - --directory="$(nix eval --raw .#inputs.self.outPath)" . | ssh -tt HOST -- bash -c '"set -x; cd $(mktemp -d); tar xf - && nixos-rebuild test --flake . \"\$@\""' -- --print-build-logs --recreate-lock-file --no-write-lock-file - -.. wait doesn't that litter `/tmp` or `/run/user/.../tmp`? - - ¯\_(ツ)_/¯ - -From local checkout to remote if local nix daemon has ssh keys, then build on remote: - - nix copy --from "$(nix eval .#inputs.self.outPath)" --to TODO - -Build locally, copy to remote - - TODO - -* https://nixos.wiki/wiki/Nixos-rebuild -* https://www.haskellforall.com/2023/01/announcing-nixos-rebuild-new-deployment.html - - - -### How to evaluate nixos flake/configuration.nix, checking if the drv hash is equal - - nix eval .#nixosConfigurations.noximilien.config.system.build.toplevel.outPath - # old way: - nix-instantiate '' -A system -I nixos-config=./configuration.nix diff --git a/cheatsheet.md b/cheatsheet.md new file mode 100644 index 0000000..f16687b --- /dev/null +++ b/cheatsheet.md @@ -0,0 +1,48 @@ +# How to deploy + +* https://nixos.wiki/wiki/Nixos-rebuild +* https://www.haskellforall.com/2023/01/announcing-nixos-rebuild-new-deployment.html + +Build locally, deploy on local, with `nom`: + + sudo true && sudo nixos-rebuild test --flake . --recreate-lock-file --no-write-lock-file |& nom + +Via git, build on remote: + + ssh -t HOST sudo nixos-rebuild test --flake git+ssh://gitea@gitea.noximilien.pbsds.net/pbsds/nix-config.git --recreate-lock-file --no-write-lock-file + # or + ssh -t HOST sudo nixos-rebuild test --flake git+ssh://git@github.com/pbsds/nix-dotfiles.git --recreate-lock-file --no-write-lock-file + +Via `remote-exec`, build on remote: + + nix shell .#remote-exec + remote-set FOOBAR + remote sudo nixos-rebuild test --flake . --recreate-lock-file --no-write-lock-file + +From local checkout to remote where you're not a trusted user, via `tar` build on remote: + + tar cf - --directory="$(nix eval --raw .#inputs.self.outPath)" . | ssh -tt HOST -- bash -c '"set -x; cd $(mktemp -d); tar xf - && nixos-rebuild test --flake . \"\$@\""' -- --print-build-logs --recreate-lock-file --no-write-lock-file + +> TODO: ^ doesn't work, as tar consumes the stdin leaving sudo without one... + +.. wait doesn't that litter `/tmp` or `/run/user/.../tmp`? + + ¯\_(ツ)_/¯ + +From local checkout to remote if local nix daemon has ssh keys, then build on remote: + + nix copy --from "$(nix eval .#inputs.self.outPath)" --to TODO + +Build locally, copy to remote + + TODO + +# How to evaluate the nixos flake/configuration.nix, checking if the drv hash is equal + +Flakes: + + nix eval .#nixosConfigurations.HOSTNAME.config.system.build.toplevel.outPath + +Non-flake: + + nix-instantiate '' -A system -I nixos-config=./configuration.nix