Formatting, readme ideas for safe deploys

home/user.nix

@@ -175,7 +175,7 @@ in
         language = [
           {
             name = "elixir";
-            language-servers = [ "elixir-ls" "lexical" "next-ls" ];
+            language-servers = [ "elixir-ls" ]; # "lexical" "next-ls" 
             auto-format = true;
           }
           {

home/work.nix

@@ -1,6 +1,8 @@
-{ lib, ... }: let 
+{ lib, ... }:
+let
   username = "daniel.flanagan@divvypay.com";
-in {
+in
+{
   home.username = username;
   home.homeDirectory = "/Users/${username}";
 }

modules/user-installed-applications.nix

@@ -1,3 +1,3 @@
 { ... }: {
-	services.flatpak.enable = true;
+  services.flatpak.enable = true;
 }

old/third.nix

@@ -1,45 +1,45 @@
 { config, pkgs, ... }: {
-	imports = [
+  imports = [
-		../profiles/laptop.nix
+    ../profiles/laptop.nix
-		../modules/systemd-boot-efi.nix
+    ../modules/systemd-boot-efi.nix
-		../modules/intel.nix
+    ../modules/intel.nix
-		../modules/docker.nix
+    ../modules/docker.nix
-		../modules/network-manager.nix
+    ../modules/network-manager.nix
-		../modules/bluetooth.nix
+    ../modules/bluetooth.nix
-		../modules/pulseaudio.nix
+    ../modules/pulseaudio.nix
-		../modules/de/sway.nix
+    ../modules/de/sway.nix
-		../modules/de/gnome.nix
+    ../modules/de/gnome.nix
-		../modules/users/daniel.nix
+    ../modules/users/daniel.nix
-		../modules/users/valerie.nix
+    ../modules/users/valerie.nix
-	];
+  ];
 
-	networking = {
+  networking = {
-		hostName = "third.lyte.dev";
+    hostName = "third.lyte.dev";
-		firewall.enable = false;
+    firewall.enable = false;
-		networkmanager.wifi.powersave = true;
+    networkmanager.wifi.powersave = true;
-	};
+  };
 
-	services.fwupd = {
+  services.fwupd = {
-		enable = true;
+    enable = true;
-	};
+  };
 
-	console.useXkbConfig = true;
+  console.useXkbConfig = true;
-	services.xserver.xkbOptions = "ctrl:nocaps";
+  services.xserver.xkbOptions = "ctrl:nocaps";
-		# TODO: setup caps-lock as Control/Escape?
+  # TODO: setup caps-lock as Control/Escape?
-	# console.font = "TER16x32";
+  # console.font = "TER16x32";
 
-	swapDevices = [ { device = "/swapfile"; size = (1024*16); } ];
+  swapDevices = [{ device = "/swapfile"; size = (1024 * 16); }];
 
-	boot = {
+  boot = {
-		# fallocate -l 16G /swapfile
+    # fallocate -l 16G /swapfile
-		resumeDevice = "/dev/disk/by-uuid/d1d92974-c0c0-4566-8131-c3dda9b21122";
+    resumeDevice = "/dev/disk/by-uuid/d1d92974-c0c0-4566-8131-c3dda9b21122";
-		# sudo filefrag -v /swapfile | head -n 4 | tail -n 1 | \
+    # sudo filefrag -v /swapfile | head -n 4 | tail -n 1 | \
-		#	 tr -s "[:blank:]" | field 5 | tr -d ":"
+    #	 tr -s "[:blank:]" | field 5 | tr -d ":"
-		kernelParams = [ "resume_offset=874496" ];
+    kernelParams = [ "resume_offset=874496" ];
-	};
+  };
 
-	# services.upower = {
+  # services.upower = {
-	#		enable = true;
+  #		enable = true;
-	#		criticalPowerAction = "Hibernate";
+  #		criticalPowerAction = "Hibernate";
-	# };
+  # };
 }

pre-commit.bash

@@ -3,3 +3,4 @@
 set -eux
 
 nix flake check
+nixpkgs-fmt --check .

readme.md

@@ -41,10 +41,42 @@ nix run nixpkgs#nixos-rebuild -- --flake 'git+https://git.lyte.dev/lytedev/nix#h
   switch --show-trace
 ```
 
-<!-- TODO: how to do this with rollbacks if I don't confirm things? -->
+### Safer Method
+
+```bash
+# initialize a delayed reboot by a process you can kill later if things look good
+# note that the amount of time you give it probably needs to be enough time to both complete the upgrade
+# _and_ perform whatever testing you need
+ssh root@host bash -c '
+  (sleep 300; reboot;) &
+  jobs -p
+'
+
+# build the system and start running it, but do NOT set the machine up to boot to that system yet
+# we will test things and make sure it works first
+# if it fails, the reboot we started previously will automatically kick in once the timeout is reached
+# and the machine will boot to the now-previous iteration
+nix run nixpkgs#nixos-rebuild -- --flake 'git+https://git.lyte.dev/lytedev/nix#host' \
+  --target-host root@host --build-host root@host \
+  test --show-trace
+
+# however you like, verify the system is running as expected
+# if it is, run the same command with "switch" instead of "test"
+# otherwise, we will wait until the machine reboots back into the 
+# this is crude, but should be pretty foolproof
+# the main gotcha is that the system is already unbootable or non-workable, but
+# if you always use this method, that should be an impossible state to get into
+
+# if we still have ssh access and the machine fails testing, just rollback
+# instead of waiting for the reboot
+# TODO: this is not tested yet
+ssh root@beefcake nixos-rebuild --rollback switch
+```
 
 ## Provisioning New NixOS Hosts
 
+<!-- TODO: Installation from a live ISO does not fully work yet -->
+
 ```bash
 # establish network access
 # plug in ethernet or do the wpa_cli song and dance for wifi
@@ -76,11 +108,10 @@ nix-shell --packages git \
 # To Do
 
 - Port configuration (lytedev/dotfiles) to home manager where applicable?
-  - Sway, Kitty, and Helix, come to mind
+  - Sway and Kitty come to mind
-- Installation from a live ISO does not fully work yet
+  - macOS options?
 - I don't understand Nix well enough to know why stuff is being compiled even when I have a binary cache
   - Maybe it detects different CPUs and will recompile certain packages for per-CPU optimizations?
     - How does this factor in with "pureness"?
 - Custom pre-configured live ISO
-- Unify standalone home manager module with NixOS home manager module
+- Unify standalone home manager module with NixOS home manager module?
-- Pre-commit checks with stuff like `nix flake check` and formatting checkers