75 lines
2.5 KiB
Markdown
75 lines
2.5 KiB
Markdown
# Initial setup (old)
|
|
|
|
nixos-generate-config
|
|
|
|
# Reading list
|
|
|
|
* https://nixos.wiki/wiki/Flakes
|
|
* https://teu5us.github.io/nix-lib.html
|
|
* https://ryantm.github.io/nixpkgs/builders/trivial-builders/
|
|
* https://nixos.wiki/wiki/Nix-writers
|
|
|
|
# TODOs:
|
|
|
|
* [x] Split stuff into multiple files
|
|
* [x] Make a flake
|
|
* [x] merge hosted docs into a single subdomain
|
|
* [ ] pre-commit hook with 'nix eval ...outPath'
|
|
* [ ] use `nom` when deploying
|
|
* [ ] figure out how to reuse system flake lock while deplying, leave the night job to upgrade
|
|
* [ ] Setup some remote-development and deploy flow
|
|
* [ ] users/pbsds: Support multiple profiles, like headless, nixpkgs-dev, various desktops, hpc, pvv, etc
|
|
* [ ] nixos-generate-config instructions for new hosts
|
|
* [ ] zfs, declarative pools?
|
|
* [ ] secrets - nix-sops ?
|
|
* flexget
|
|
* transmission
|
|
* domeneshop
|
|
* [ ] hydra
|
|
* [ ] self-hosted binary cache (single-machine) (nix-serve, carinae, harmonia, eris or attic)
|
|
* https://discourse.nixos.org/t/announcing-harmonia-a-nix-binary-cache-written-in-rust/19855
|
|
* https://discourse.nixos.org/t/introducing-attic-a-self-hostable-nix-binary-cache-server/24343/1
|
|
* [ ] profiles/web: make ACME/nginx helper a function
|
|
* [ ] Support multiple tlds
|
|
* [ ] Support multiple acme accounts
|
|
* [ ] Support a per-account provider?
|
|
* [ ] Support DNS auth
|
|
* [ ] Setup aliases instead of a per-vhost cert?
|
|
* [ ] Preferably setup a wildchar cert per host
|
|
|
|
|
|
# Cheatsheet
|
|
|
|
### How to deploy
|
|
|
|
Via git, build on remote:
|
|
|
|
ssh -t HOST sudo nixos-rebuild test --flake git+ssh://git@github.com/pbsds/nix-dotfiles.git --recreate-lock-file --no-write-lock-file
|
|
|
|
From local checkout to remote where you're not a trusted user, build on remote:
|
|
|
|
tar cf - --directory="$(nix eval --raw .#inputs.self.outPath)" . | ssh bolle.pbsds.net -- bash -xc '"cd $(mktemp -d); pwd; tar xf - && nixos-rebuild test . \"\$@\""' -- --recreate-lock-file --no-write-lock-file
|
|
|
|
.. wait doesn't that litter `/tmp` or `/run/user/.../tmp`?
|
|
|
|
¯\_(ツ)_/¯
|
|
|
|
From local checkout to remote if local nix daemon has ssh keys, then build on remote:
|
|
|
|
nix copy --from "$(nix eval .#inputs.self.outPath)" --to TODO
|
|
|
|
Build locally, copy to remote
|
|
|
|
TODO
|
|
|
|
* https://nixos.wiki/wiki/Nixos-rebuild
|
|
* https://www.haskellforall.com/2023/01/announcing-nixos-rebuild-new-deployment.html
|
|
|
|
|
|
|
|
### How to evaluate nixos flake/configuration.nix, checking if the drv hash is equal
|
|
|
|
nix eval .#nixosConfigurations.noximilien.config.system.build.toplevel.outPath
|
|
# old way:
|
|
nix-instantiate '<nixpkgs/nixos>' -A system -I nixos-config=./configuration.nix
|