Peder Bergebakken Sundt f1785f12fa | ||
---|---|---|
cachix | ||
hardware | ||
hosts | ||
pkgs | ||
profiles | ||
users | ||
.editorconfig | ||
.envrc | ||
.gitignore | ||
.remoteignore.toml | ||
README.md | ||
base.nix | ||
cachix.nix | ||
flake.lock | ||
flake.nix | ||
shell.nix |
README.md
Initial setup (old)
nixos-generate-config
Reading list
- https://nixos.wiki/wiki/Flakes
- https://teu5us.github.io/nix-lib.html
- https://ryantm.github.io/nixpkgs/builders/trivial-builders/
- https://nixos.wiki/wiki/Nix-writers
TODOs:
- Split stuff into multiple files
- Make a flake
- merge hosted docs into a single subdomain
- autogenerate ssh keys
- pre-commit hook with 'nix eval ...outPath'
- use
nom
when deploying - figure out how to reuse system flake lock while deplying, leave the night job to upgrade
- Setup some remote-development and deploy flow
- users/pbsds: Support multiple profiles, like headless, nixpkgs-dev, various desktops, hpc, pvv, etc
- nixos-generate-config instructions for new hosts
- zfs, declarative pools?
- secrets - nix-sops ?
- flexget
- transmission
- domeneshop
- hydra
- self-hosted binary cache (single-machine) (nix-serve, carinae, harmonia, eris or attic)
- profiles/web: make ACME/nginx helper a function
- Support multiple tlds
- Support multiple acme accounts
- Support a per-account provider?
- Support DNS auth
- Setup aliases instead of a per-vhost cert?
- Preferably setup a wildchar cert per host
Cheatsheet
How to deploy
Build locally, deploy on local, with nom
:
sudo true && sudo nixos-rebuild test --flake . --recreate-lock-file --no-write-lock-file |& nom
Via git, build on remote:
ssh -t HOST sudo nixos-rebuild test --flake git+ssh://gitea@gitea.noximilien.pbsds.net/pbsds/nix-config.git --recreate-lock-file --no-write-lock-file
or
ssh -t HOST sudo nixos-rebuild test --flake git+ssh://git@github.com/pbsds/nix-dotfiles.git --recreate-lock-file --no-write-lock-file
From local checkout to remote where you're not a trusted user, build on remote:
tar cf - --directory="$(nix eval --raw .#inputs.self.outPath)" . | ssh -tt HOST -- bash -c '"set -x; cd $(mktemp -d); tar xf - && nixos-rebuild test --flake . "$@""' -- --print-build-logs --recreate-lock-file --no-write-lock-file
.. wait doesn't that litter /tmp
or /run/user/.../tmp
?
¯_(ツ)_/¯
From local checkout to remote if local nix daemon has ssh keys, then build on remote:
nix copy --from "$(nix eval .#inputs.self.outPath)" --to TODO
Build locally, copy to remote
TODO
- https://nixos.wiki/wiki/Nixos-rebuild
- https://www.haskellforall.com/2023/01/announcing-nixos-rebuild-new-deployment.html
How to evaluate nixos flake/configuration.nix, checking if the drv hash is equal
nix eval .#nixosConfigurations.noximilien.config.system.build.toplevel.outPath
old way:
nix-instantiate '<nixpkgs/nixos>' -A system -I nixos-config=./configuration.nix