pederbs/config
pederbs
/
config
2
1
Fork 0
Code Issues Pull Requests Releases Activity

cheats

This commit is contained in:
Peder Bergebakken Sundt 2023-03-04 17:00:52 +01:00
parent f1785f12fa
commit 8f0c82e8db
2 changed files with 48 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
README.md
View File

@ -37,45 +37,3 @@
* [ ] Support DNS auth * [ ] Support DNS auth
* [ ] Setup aliases instead of a per-vhost cert? * [ ] Setup aliases instead of a per-vhost cert?
* [ ] Preferably setup a wildchar cert per host * [ ] Preferably setup a wildchar cert per host
# Cheatsheet
### How to deploy
Build locally, deploy on local, with `nom`:
sudo true && sudo nixos-rebuild test --flake . --recreate-lock-file --no-write-lock-file |& nom
Via git, build on remote:
ssh -t HOST sudo nixos-rebuild test --flake git+ssh://gitea@gitea.noximilien.pbsds.net/pbsds/nix-config.git --recreate-lock-file --no-write-lock-file
# or
ssh -t HOST sudo nixos-rebuild test --flake git+ssh://git@github.com/pbsds/nix-dotfiles.git --recreate-lock-file --no-write-lock-file
From local checkout to remote where you're not a trusted user, build on remote:
tar cf - --directory="$(nix eval --raw .#inputs.self.outPath)" . | ssh -tt HOST -- bash -c '"set -x; cd $(mktemp -d); tar xf - && nixos-rebuild test --flake . \"\$@\""' -- --print-build-logs --recreate-lock-file --no-write-lock-file
.. wait doesn't that litter `/tmp` or `/run/user/.../tmp`?
¯\_(ツ)_/¯
From local checkout to remote if local nix daemon has ssh keys, then build on remote:
nix copy --from "$(nix eval .#inputs.self.outPath)" --to TODO
Build locally, copy to remote
TODO
* https://nixos.wiki/wiki/Nixos-rebuild
* https://www.haskellforall.com/2023/01/announcing-nixos-rebuild-new-deployment.html
### How to evaluate nixos flake/configuration.nix, checking if the drv hash is equal
nix eval .#nixosConfigurations.noximilien.config.system.build.toplevel.outPath
# old way:
nix-instantiate '<nixpkgs/nixos>' -A system -I nixos-config=./configuration.nix

48
cheatsheet.md Normal file
View File

@ -0,0 +1,48 @@
# How to deploy
* https://nixos.wiki/wiki/Nixos-rebuild
* https://www.haskellforall.com/2023/01/announcing-nixos-rebuild-new-deployment.html
Build locally, deploy on local, with `nom`:
sudo true && sudo nixos-rebuild test --flake . --recreate-lock-file --no-write-lock-file |& nom
Via git, build on remote:
ssh -t HOST sudo nixos-rebuild test --flake git+ssh://gitea@gitea.noximilien.pbsds.net/pbsds/nix-config.git --recreate-lock-file --no-write-lock-file
# or
ssh -t HOST sudo nixos-rebuild test --flake git+ssh://git@github.com/pbsds/nix-dotfiles.git --recreate-lock-file --no-write-lock-file
Via `remote-exec`, build on remote:
nix shell .#remote-exec
remote-set FOOBAR
remote sudo nixos-rebuild test --flake . --recreate-lock-file --no-write-lock-file
From local checkout to remote where you're not a trusted user, via `tar` build on remote:
tar cf - --directory="$(nix eval --raw .#inputs.self.outPath)" . | ssh -tt HOST -- bash -c '"set -x; cd $(mktemp -d); tar xf - && nixos-rebuild test --flake . \"\$@\""' -- --print-build-logs --recreate-lock-file --no-write-lock-file
> TODO: ^ doesn't work, as tar consumes the stdin leaving sudo without one...
.. wait doesn't that litter `/tmp` or `/run/user/.../tmp`?
¯\_(ツ)_/¯
From local checkout to remote if local nix daemon has ssh keys, then build on remote:
nix copy --from "$(nix eval .#inputs.self.outPath)" --to TODO
Build locally, copy to remote
TODO
# How to evaluate the nixos flake/configuration.nix, checking if the drv hash is equal
Flakes:
nix eval .#nixosConfigurations.HOSTNAME.config.system.build.toplevel.outPath
Non-flake:
nix-instantiate '<nixpkgs/nixos>' -A system -I nixos-config=./configuration.nix