From c3d33a2d398950781e520d0e9eaf856d8551e43a Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Tue, 25 Mar 2025 21:47:08 -0500 Subject: [PATCH] chore(doc): get rid of stupid blurb, add deployment script to docs --- lib/doc/readme.md | 53 +++-------------------------------------------- readme.md | 17 --------------- 2 files changed, 3 insertions(+), 67 deletions(-) diff --git a/lib/doc/readme.md b/lib/doc/readme.md index 2bb68b7..27205ef 100644 --- a/lib/doc/readme.md +++ b/lib/doc/readme.md @@ -9,57 +9,10 @@ $ mkdir -p ${XDG_CONFIG_HOME:-~/.config}/sops/age $ pass age-key >> ${XDG_CONFIG_HOME:-~/.config}/sops/age/keys.txt ``` -# Updates +# Update Remote Hosts -**NOTE**: I want to establish a solid way to do this without `root@`. - -**TODO**: This could easily be wrapped up in a `nix run github:lytedev/nix#install` or something with fuzzy-finders for the variable options. - -**TODO**: could also probably get some helpers baked into an ISO? - -```fish -g a; set host beefcake; nix run nixpkgs#nixos-rebuild -- --flake ".#$host" \ - --target-host "root@$host" --build-host "root@$host" \ - switch --show-trace -``` - -## Safer Method - -```bash -# make sure all files are at least staged so nix flakes will see them -git add -A - -# initialize a delayed reboot by a process you can kill later if things look good -# note that the amount of time you give it probably needs to be enough time to both complete the upgrade -# _and_ perform whatever testing you need -host=your_host -ssh -t "root@$host" "bash -c ' - set -m - # sleep 30 mins - (sleep 1800; reboot;) & - jobs -p - bg - disown -'" - -# build the system and start running it, but do NOT set the machine up to boot to that system yet -# we will test things and make sure it works first -# if it fails, the reboot we started previously will automatically kick in once the timeout is reached -# and the machine will boot to the now-previous iteration -nix run nixpkgs#nixos-rebuild -- --flake ".#$host" \ - --target-host "root@$host" --build-host "root@$host" \ - test --show-trace - -# however you like, verify the system is running as expected -# if it is, run the same command with "switch" instead of "test" -# otherwise, we will wait until the machine reboots back into the -# this is crude, but should be pretty foolproof -# the main gotcha is that the system is already unbootable or non-workable, but -# if you always use this method, that should be an impossible state to get into - -# if we still have ssh access and the machine fails testing, just rollback -# instead of waiting for the reboot -ssh "root@$host" nixos-rebuild --rollback switch +```shell +$ , deploy . ``` # Provisioning New NixOS Hosts diff --git a/readme.md b/readme.md index f4f6baf..280c28d 100644 --- a/readme.md +++ b/readme.md @@ -10,20 +10,3 @@ Nix for lytedev [NixOS Modules](./lib/modules/nixos/default.nix) - [Home Manager Modules](./lib/modules/home/default.nix) - [Desktop](./packages/hosts/dragon.nix) - [Laptop](./packages/hosts/foxtrot.nix) - [Server](./packages/hosts/beefcake.nix) - [Router](./packages/hosts/router.nix) - [Packages](./packages/default.nix) - [Templates](./lib/templates/default.nix) - [Docs](./lib/doc) - -# Details - -I aim for declaring everything where possible, but I definitely break the rules -if it's convenient enough and try to write it down when I do so. I also don't -like repeating myself in configuration. I am mostly focused on being pragmatic -and getting things done and doing so in a way that makes it easy to keep doing -so (maintainability), but I also occasionally fall into experimenting with big -refactors of the code for no real gain. - -## Layers - -- Common defaults (machines that I might not interact with at all or only - rarely, such as backup targets) -- Machines that I interact with only remotely (`shell` class) -- Machines that I interact with directly, such as a laptop or my desktop - workstation (`desktop` class)