(͡ ͡° ͜ つ ͡͡°) っ✂╰⋃╯
Go to file
Peder Bergebakken Sundt f1785f12fa remote 2023-03-09 07:58:54 +01:00
cachix lots of small fixes 2023-02-25 01:37:09 +01:00
hardware laksdaladsdsalkjdsalkjdsalkj 2023-03-03 21:42:29 +01:00
hosts Add nord ssh key 2023-03-09 07:58:37 +01:00
pkgs remote 2023-03-09 07:58:54 +01:00
profiles fix 2023-03-07 01:02:57 +01:00
users Add nord ssh key 2023-03-09 07:58:37 +01:00
.editorconfig lots of small fixes 2023-02-25 01:37:09 +01:00
.envrc autoupdate 2023-03-07 23:56:50 +01:00
.gitignore remote 2023-03-09 07:58:54 +01:00
.remoteignore.toml remote 2023-03-09 07:58:54 +01:00
README.md Add nord ssh key 2023-03-09 07:58:37 +01:00
base.nix move locale to pofile 2023-03-04 00:11:54 +01:00
cachix.nix Initial commit 2023-02-24 21:36:30 +01:00
flake.lock flake.lock: Update 2023-03-03 21:12:55 +01:00
flake.nix nord 2023-03-09 07:27:50 +01:00
shell.nix laksdaladsdsalkjdsalkjdsalkj 2023-03-03 21:42:29 +01:00

README.md

Initial setup (old)

nixos-generate-config

Reading list

TODOs:

  • Split stuff into multiple files
  • Make a flake
  • merge hosted docs into a single subdomain
  • autogenerate ssh keys
  • pre-commit hook with 'nix eval ...outPath'
  • use nom when deploying
  • figure out how to reuse system flake lock while deplying, leave the night job to upgrade
  • Setup some remote-development and deploy flow
  • users/pbsds: Support multiple profiles, like headless, nixpkgs-dev, various desktops, hpc, pvv, etc
  • nixos-generate-config instructions for new hosts
  • zfs, declarative pools?
  • secrets - nix-sops ?
    • flexget
    • transmission
    • domeneshop
  • hydra
  • self-hosted binary cache (single-machine) (nix-serve, carinae, harmonia, eris or attic)
  • profiles/web: make ACME/nginx helper a function
    • Support multiple tlds
    • Support multiple acme accounts
    • Support a per-account provider?
    • Support DNS auth
    • Setup aliases instead of a per-vhost cert?
      • Preferably setup a wildchar cert per host

Cheatsheet

How to deploy

Build locally, deploy on local, with nom:

sudo true && sudo nixos-rebuild test --flake . --recreate-lock-file --no-write-lock-file |& nom

Via git, build on remote:

ssh -t HOST sudo nixos-rebuild test --flake git+ssh://gitea@gitea.noximilien.pbsds.net/pbsds/nix-config.git --recreate-lock-file --no-write-lock-file

or

ssh -t HOST sudo nixos-rebuild test --flake git+ssh://git@github.com/pbsds/nix-dotfiles.git --recreate-lock-file --no-write-lock-file

From local checkout to remote where you're not a trusted user, build on remote:

tar cf - --directory="$(nix eval --raw .#inputs.self.outPath)" . | ssh -tt HOST -- bash -c '"set -x; cd $(mktemp -d); tar xf - && nixos-rebuild test --flake . "$@""' -- --print-build-logs --recreate-lock-file --no-write-lock-file

.. wait doesn't that litter /tmp or /run/user/.../tmp?

¯_(ツ)_/¯

From local checkout to remote if local nix daemon has ssh keys, then build on remote:

nix copy --from "$(nix eval .#inputs.self.outPath)" --to TODO

Build locally, copy to remote

TODO

How to evaluate nixos flake/configuration.nix, checking if the drv hash is equal

nix eval .#nixosConfigurations.noximilien.config.system.build.toplevel.outPath

old way:

nix-instantiate '<nixpkgs/nixos>' -A system -I nixos-config=./configuration.nix