# How to deploy

* https://nixos.wiki/wiki/Nixos-rebuild
* https://www.haskellforall.com/2023/01/announcing-nixos-rebuild-new-deployment.html

Build locally, deploy on local, with `nom`:

  sudo true && sudo nixos-rebuild test --flake . --recreate-lock-file --no-write-lock-file |& nom

Via git, build on remote:

  ssh -t HOST sudo nixos-rebuild test --flake git+ssh://gitea@gitea.noximilien.pbsds.net/pbsds/nix-config.git --recreate-lock-file --no-write-lock-file
  # or
  ssh -t HOST sudo nixos-rebuild test --flake git+ssh://git@github.com/pbsds/nix-dotfiles.git --recreate-lock-file --no-write-lock-file

Via `remote-exec`, build on remote:

  nix develop .#remote
  remote-set FOOBAR
  remote sudo nixos-rebuild test --flake . --recreate-lock-file --no-write-lock-file

From local checkout to remote where you're not a trusted user, via `tar` build on remote:

  tar cf - --directory="$(nix eval --raw .#inputs.self.outPath)" . | ssh -tt HOST -- bash -c '"set -x; cd $(mktemp -d); tar xf - && nixos-rebuild test --flake . \"\$@\""' -- --print-build-logs --recreate-lock-file --no-write-lock-file

> TODO: ^ doesn't work, as tar consumes the stdin leaving sudo without one...

.. wait doesn't that litter `/tmp` or `/run/user/.../tmp`?

  ¯\_(ツ)_/¯

From local checkout to remote if local nix daemon has ssh keys, then build on remote:

  nix copy --from "$(nix eval  .#inputs.self.outPath)" --to TODO

Build locally, copy to remote

  TODO

# How to evaluate the nixos flake/configuration.nix, checking if the drv hash is equal

Flakes:

  nix eval .#nixosConfigurations.HOSTNAME.config.system.build.toplevel.outPath

Non-flake:

  nix-instantiate '<nixpkgs/nixos>' -A system -I nixos-config=./configuration.nix