Formatting, readme ideas for safe deploys
This commit is contained in:
parent
a1cd2ed2d7
commit
726615972c
6 changed files with 80 additions and 46 deletions
|
@ -175,7 +175,7 @@ in
|
||||||
language = [
|
language = [
|
||||||
{
|
{
|
||||||
name = "elixir";
|
name = "elixir";
|
||||||
language-servers = [ "elixir-ls" "lexical" "next-ls" ];
|
language-servers = [ "elixir-ls" ]; # "lexical" "next-ls"
|
||||||
auto-format = true;
|
auto-format = true;
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
{ lib, ... }: let
|
{ lib, ... }:
|
||||||
|
let
|
||||||
username = "daniel.flanagan@divvypay.com";
|
username = "daniel.flanagan@divvypay.com";
|
||||||
in {
|
in
|
||||||
|
{
|
||||||
home.username = username;
|
home.username = username;
|
||||||
home.homeDirectory = "/Users/${username}";
|
home.homeDirectory = "/Users/${username}";
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
{ ... }: {
|
{ ... }: {
|
||||||
services.flatpak.enable = true;
|
services.flatpak.enable = true;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,45 +1,45 @@
|
||||||
{ config, pkgs, ... }: {
|
{ config, pkgs, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
../profiles/laptop.nix
|
../profiles/laptop.nix
|
||||||
../modules/systemd-boot-efi.nix
|
../modules/systemd-boot-efi.nix
|
||||||
../modules/intel.nix
|
../modules/intel.nix
|
||||||
../modules/docker.nix
|
../modules/docker.nix
|
||||||
../modules/network-manager.nix
|
../modules/network-manager.nix
|
||||||
../modules/bluetooth.nix
|
../modules/bluetooth.nix
|
||||||
../modules/pulseaudio.nix
|
../modules/pulseaudio.nix
|
||||||
../modules/de/sway.nix
|
../modules/de/sway.nix
|
||||||
../modules/de/gnome.nix
|
../modules/de/gnome.nix
|
||||||
../modules/users/daniel.nix
|
../modules/users/daniel.nix
|
||||||
../modules/users/valerie.nix
|
../modules/users/valerie.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "third.lyte.dev";
|
hostName = "third.lyte.dev";
|
||||||
firewall.enable = false;
|
firewall.enable = false;
|
||||||
networkmanager.wifi.powersave = true;
|
networkmanager.wifi.powersave = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
services.fwupd = {
|
services.fwupd = {
|
||||||
enable = true;
|
enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
console.useXkbConfig = true;
|
console.useXkbConfig = true;
|
||||||
services.xserver.xkbOptions = "ctrl:nocaps";
|
services.xserver.xkbOptions = "ctrl:nocaps";
|
||||||
# TODO: setup caps-lock as Control/Escape?
|
# TODO: setup caps-lock as Control/Escape?
|
||||||
# console.font = "TER16x32";
|
# console.font = "TER16x32";
|
||||||
|
|
||||||
swapDevices = [ { device = "/swapfile"; size = (1024*16); } ];
|
swapDevices = [{ device = "/swapfile"; size = (1024 * 16); }];
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
# fallocate -l 16G /swapfile
|
# fallocate -l 16G /swapfile
|
||||||
resumeDevice = "/dev/disk/by-uuid/d1d92974-c0c0-4566-8131-c3dda9b21122";
|
resumeDevice = "/dev/disk/by-uuid/d1d92974-c0c0-4566-8131-c3dda9b21122";
|
||||||
# sudo filefrag -v /swapfile | head -n 4 | tail -n 1 | \
|
# sudo filefrag -v /swapfile | head -n 4 | tail -n 1 | \
|
||||||
# tr -s "[:blank:]" | field 5 | tr -d ":"
|
# tr -s "[:blank:]" | field 5 | tr -d ":"
|
||||||
kernelParams = [ "resume_offset=874496" ];
|
kernelParams = [ "resume_offset=874496" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
# services.upower = {
|
# services.upower = {
|
||||||
# enable = true;
|
# enable = true;
|
||||||
# criticalPowerAction = "Hibernate";
|
# criticalPowerAction = "Hibernate";
|
||||||
# };
|
# };
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,3 +3,4 @@
|
||||||
set -eux
|
set -eux
|
||||||
|
|
||||||
nix flake check
|
nix flake check
|
||||||
|
nixpkgs-fmt --check .
|
||||||
|
|
41
readme.md
41
readme.md
|
@ -41,10 +41,42 @@ nix run nixpkgs#nixos-rebuild -- --flake 'git+https://git.lyte.dev/lytedev/nix#h
|
||||||
switch --show-trace
|
switch --show-trace
|
||||||
```
|
```
|
||||||
|
|
||||||
<!-- TODO: how to do this with rollbacks if I don't confirm things? -->
|
### Safer Method
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# initialize a delayed reboot by a process you can kill later if things look good
|
||||||
|
# note that the amount of time you give it probably needs to be enough time to both complete the upgrade
|
||||||
|
# _and_ perform whatever testing you need
|
||||||
|
ssh root@host bash -c '
|
||||||
|
(sleep 300; reboot;) &
|
||||||
|
jobs -p
|
||||||
|
'
|
||||||
|
|
||||||
|
# build the system and start running it, but do NOT set the machine up to boot to that system yet
|
||||||
|
# we will test things and make sure it works first
|
||||||
|
# if it fails, the reboot we started previously will automatically kick in once the timeout is reached
|
||||||
|
# and the machine will boot to the now-previous iteration
|
||||||
|
nix run nixpkgs#nixos-rebuild -- --flake 'git+https://git.lyte.dev/lytedev/nix#host' \
|
||||||
|
--target-host root@host --build-host root@host \
|
||||||
|
test --show-trace
|
||||||
|
|
||||||
|
# however you like, verify the system is running as expected
|
||||||
|
# if it is, run the same command with "switch" instead of "test"
|
||||||
|
# otherwise, we will wait until the machine reboots back into the
|
||||||
|
# this is crude, but should be pretty foolproof
|
||||||
|
# the main gotcha is that the system is already unbootable or non-workable, but
|
||||||
|
# if you always use this method, that should be an impossible state to get into
|
||||||
|
|
||||||
|
# if we still have ssh access and the machine fails testing, just rollback
|
||||||
|
# instead of waiting for the reboot
|
||||||
|
# TODO: this is not tested yet
|
||||||
|
ssh root@beefcake nixos-rebuild --rollback switch
|
||||||
|
```
|
||||||
|
|
||||||
## Provisioning New NixOS Hosts
|
## Provisioning New NixOS Hosts
|
||||||
|
|
||||||
|
<!-- TODO: Installation from a live ISO does not fully work yet -->
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# establish network access
|
# establish network access
|
||||||
# plug in ethernet or do the wpa_cli song and dance for wifi
|
# plug in ethernet or do the wpa_cli song and dance for wifi
|
||||||
|
@ -76,11 +108,10 @@ nix-shell --packages git \
|
||||||
# To Do
|
# To Do
|
||||||
|
|
||||||
- Port configuration (lytedev/dotfiles) to home manager where applicable?
|
- Port configuration (lytedev/dotfiles) to home manager where applicable?
|
||||||
- Sway, Kitty, and Helix, come to mind
|
- Sway and Kitty come to mind
|
||||||
- Installation from a live ISO does not fully work yet
|
- macOS options?
|
||||||
- I don't understand Nix well enough to know why stuff is being compiled even when I have a binary cache
|
- I don't understand Nix well enough to know why stuff is being compiled even when I have a binary cache
|
||||||
- Maybe it detects different CPUs and will recompile certain packages for per-CPU optimizations?
|
- Maybe it detects different CPUs and will recompile certain packages for per-CPU optimizations?
|
||||||
- How does this factor in with "pureness"?
|
- How does this factor in with "pureness"?
|
||||||
- Custom pre-configured live ISO
|
- Custom pre-configured live ISO
|
||||||
- Unify standalone home manager module with NixOS home manager module
|
- Unify standalone home manager module with NixOS home manager module?
|
||||||
- Pre-commit checks with stuff like `nix flake check` and formatting checkers
|
|
||||||
|
|
Loading…
Reference in a new issue