lytedev/nix
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Increase foxtrot scale for a little more breathing room

Browse source
This commit is contained in:
Daniel Flanagan 2023-11-21 14:59:08 -06:00
parent 6760c5ba9e
commit c12d5e74b3
Signed by: lytedev
GPG key ID: 5B2020A0F9921EF4
3 changed files with 96 additions and 88 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

79
lib/internal.md
View file

@ -2,8 +2,85 @@
## Update Server
```shell
**NOTE**: I want to establish a solid way to do this without `root@`.
```fish
g a; set host beefcake; nix run nixpkgs#nixos-rebuild -- --flake ".#$host" \
--target-host "root@$host" --build-host "root@$host" \
switch --show-trace
```
## Safer Method
```bash
# make sure all files are at least staged so nix flakes will see them
git add -A
# initialize a delayed reboot by a process you can kill later if things look good
# note that the amount of time you give it probably needs to be enough time to both complete the upgrade
# _and_ perform whatever testing you need
host=your_host
ssh -t "root@$host" "bash -c '
set -m
(sleep 300; reboot;) &
jobs -p
bg
disown
'"
# build the system and start running it, but do NOT set the machine up to boot to that system yet
# we will test things and make sure it works first
# if it fails, the reboot we started previously will automatically kick in once the timeout is reached
# and the machine will boot to the now-previous iteration
nix run nixpkgs#nixos-rebuild -- --flake ".#$host" \
--target-host "root@$host" --build-host "root@$host" \
test --show-trace
# however you like, verify the system is running as expected
# if it is, run the same command with "switch" instead of "test"
# otherwise, we will wait until the machine reboots back into the
# this is crude, but should be pretty foolproof
# the main gotcha is that the system is already unbootable or non-workable, but
# if you always use this method, that should be an impossible state to get into
# if we still have ssh access and the machine fails testing, just rollback
# instead of waiting for the reboot
ssh "root@$host" nixos-rebuild --rollback switch
```
## Provisioning New NixOS Hosts
Note that for best results the target flake attribute should first be built and
cached to the binary cache at `nix.h.lyte.dev`.
```bash
# establish network access
# plug in ethernet or do the wpa_cli song and dance for wifi
wpa_cli scan
wpa_cli scan_results
wpa_cli add_network 0
wpa_cli set_network 0 ssid "MY_SSID"
wpa_cli set_network 0 psk "MY_WIFI_PASSWORD"
wpa_cli enable_network 0
wpa_cli save_config
# disk encryption key (if needed)
echo -n "password" > /tmp/secret.key
# partition disks
nix-shell --packages git --run "sudo nix run \
--extra-experimental-features nix-command \
--extra-experimental-features flakes \
github:nix-community/disko -- \
--flake 'git+https://git.lyte.dev/lytedev/nix#${PARTITION_SCHEME}' \
--mode disko \
--arg disks '[ \"/dev/${DISK}\" ]'"
# install
nix-shell --packages git \
--run "sudo nixos-install \
--flake 'git+https://git.lyte.dev/lytedev/nix#${FLAKE_ATTR}' \
--option trusted-substituters 'https://cache.nixos.org https://nix.h.lyte.dev' \
--option trusted-public-keys 'cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= h.lyte.dev:HeVWtne31ZG8iMf+c15VY3/Mky/4ufXlfTpT8+4Xbs0='"
```

2
modules/home-manager/foxtrot.nix
View file

@ -1,5 +1,5 @@
{outputs, ...}: let
scale = 1.5;
scale = 1.25;
in {
imports = with outputs.homeManagerModules; [
sway

103
readme.md
View file

@ -13,14 +13,22 @@ here is useful inspiration.
$ nixos-rebuild switch --flake git+https://git.lyte.dev/lytedev/nix#${FLAKE_ATTR}
```
You don't have even have to clone this crap yourself. How cool is that!
You don't have even have to clone this crap yourself. How cool is that! But if you do, it looks like this:
But if you're gonna change stuff you had better setup the pre-commit hook:
```shell_session
$ nixos-rebuild switch --flake ./repo/dir/for/nix#${FLAKE_ATTR}
```
## Setup
If you're gonna change stuff you had better setup the pre-commit hook:
```shell_session
$ ln -s $PWD/pre-commit.bash .git/hooks/pre-commit
```
## Secrets
If you're deploying anything secrets-related, you will need the proper keys:
```shell_session
@ -31,99 +39,23 @@ $ pass age-key >> ${XDG_CONFIG_HOME:-~/.config}/sops/age/keys.txt
## NixOS
```shell_session
$ nixos-rebuild switch --flake .
$ nixos-rebuild switch --flake
```
## Not NixOS
**NOTE**: I pretty much solely use Home Manager as a NixOS module presently, so this is not fully supported.
```shell_session
$ curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
$ nix profile install github:nix-community/home-manager
$ home-manager switch --flake git+https://git.lyte.dev/lytedev/nix
$ FLAKE_ATTR=base-x86_64-linux
$ home-manager switch --flake git+https://git.lyte.dev/lytedev/nix#$FLAKE_ATTR
```
# Advanced Usage
# Internal/Advanced Usage
## Push NixOS Config
```bash
host=your_host
nix run nixpkgs#nixos-rebuild -- --flake ".#$host" \
--target-host "root@$host" --build-host "root@$host" \
switch --show-trace
```
### Safer Method
```bash
# initialize a delayed reboot by a process you can kill later if things look good
# note that the amount of time you give it probably needs to be enough time to both complete the upgrade
# _and_ perform whatever testing you need
host=your_host
ssh -t "root@$host" "bash -c '
set -m
(sleep 300; reboot;) &
jobs -p
bg
disown
'"
# build the system and start running it, but do NOT set the machine up to boot to that system yet
# we will test things and make sure it works first
# if it fails, the reboot we started previously will automatically kick in once the timeout is reached
# and the machine will boot to the now-previous iteration
nix run nixpkgs#nixos-rebuild -- --flake ".#$host" \
--target-host "root@$host" --build-host "root@$host" \
test --show-trace
# however you like, verify the system is running as expected
# if it is, run the same command with "switch" instead of "test"
# otherwise, we will wait until the machine reboots back into the
# this is crude, but should be pretty foolproof
# the main gotcha is that the system is already unbootable or non-workable, but
# if you always use this method, that should be an impossible state to get into
# if we still have ssh access and the machine fails testing, just rollback
# instead of waiting for the reboot
ssh "root@$host" nixos-rebuild --rollback switch
```
## Provisioning New NixOS Hosts
```bash
# establish network access
# plug in ethernet or do the wpa_cli song and dance for wifi
wpa_cli scan
wpa_cli scan_results
wpa_cli add_network 0
wpa_cli set_network 0 ssid "MY_SSID"
wpa_cli set_network 0 psk "MY_WIFI_PASSWORD"
wpa_cli enable_network 0
wpa_cli save_config
# disk encryption key (if needed)
echo -n "password" > /tmp/secret.key
# partition disks
nix-shell --packages git --run "sudo nix run \
--extra-experimental-features nix-command \
--extra-experimental-features flakes \
github:nix-community/disko -- \
--flake 'git+https://git.lyte.dev/lytedev/nix#${PARTITION_SCHEME}' \
--mode disko \
--arg disks '[ \"/dev/${DISK}\" ]'"
# install
nix-shell --packages git \
--run "sudo nixos-install \
--flake 'git+https://git.lyte.dev/lytedev/nix#${FLAKE_ATTR}' \
--option trusted-substituters 'https://cache.nixos.org https://nix.h.lyte.dev' \
--option trusted-public-keys 'cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= h.lyte.dev:HeVWtne31ZG8iMf+c15VY3/Mky/4ufXlfTpT8+4Xbs0='"
```
# Internal Usage
Just for me, see [[lib/internal.md]]
See [lib/internal.md](./lib/internal.md).
# To Do
@ -135,7 +67,6 @@ Just for me, see [[lib/internal.md]]
- grafana and stuff for monitoring
- alerts?
- Fonts installed by home manager instead of nixos module
- Zellij config?
- Broot config?
## Long Term