wip docs for remote deploys

2025-12-17 22:31:49 -06:00 · 2025-12-17 22:31:49 -06:00 · 827ba897ba
commit 827ba897ba
parent ece48b65b7
7 changed files with 1422 additions and 146 deletions
--- a/flake.lock
+++ b/flake.lock
--- a/flake.nix
+++ b/flake.nix
@ -1,13 +1,17 @@
 {
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    deploy-rs.url = "github:serokell/deploy-rs";
    i001.url = "path:./hosts/i001";
  };
  outputs =
    {
      nixpkgs,
      deploy-rs,
      ...
-    }:
+    }@inputs:
    let
      # Utilities
      inherit (nixpkgs) lib;
@ -48,13 +52,31 @@
        in
        {
          default = pkgs.mkShell {
-            nativeBuildInputs = with pkgs; [
+            packages = [
              deploy_oracle
              deploy_linode
-              deploy-rs
+              pkgs.deploy-rs
            ];
          };
        }
      );
      deploy = {
        sshUser = "root";
        sshOpts = [
          "-i"
          "/run/agenix/nix2nix"
        ];
        nodes = {
          i001 = {
            hostname = "10.12.14.119"; # NOTE not stable ip check...
            profiles.system = {
              user = "root";
              path = deploy-rs.lib.x86_64-linux.activate.nixos inputs.i001.nixosConfigurations.i001;
            };
          };
        };
      };
    };
 }
--- a/hosts/i001/flake.lock
+++ b/hosts/i001/flake.lock
@ -3,11 +3,11 @@
    "common": {
      "locked": {
        "dir": "flakes/common",
-        "lastModified": 1765991726,
+        "lastModified": 1766010612,
-        "narHash": "sha256-oblFg2soKB7yi9DDXbzWKn8tnA1aoojKrA3+aVx+wb0=",
+        "narHash": "sha256-3aKy/FcWFSeA/1bJbslAvWDSXLF4yygykt5OpHK6cTQ=",
        "ref": "refs/heads/master",
-        "rev": "75b37cc9ec2014dd8dea941bb3faf9c0b665c6d0",
+        "rev": "ece48b65b79ac2caf6c6be771a9f1809de8bc65b",
-        "revCount": 941,
+        "revCount": 949,
        "type": "git",
        "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
      },
@ -23,11 +23,11 @@
      },
      "locked": {
        "dir": "flakes/de_plasma",
-        "lastModified": 1765991726,
+        "lastModified": 1766010612,
-        "narHash": "sha256-oblFg2soKB7yi9DDXbzWKn8tnA1aoojKrA3+aVx+wb0=",
+        "narHash": "sha256-3aKy/FcWFSeA/1bJbslAvWDSXLF4yygykt5OpHK6cTQ=",
        "ref": "refs/heads/master",
-        "rev": "75b37cc9ec2014dd8dea941bb3faf9c0b665c6d0",
+        "rev": "ece48b65b79ac2caf6c6be771a9f1809de8bc65b",
-        "revCount": 941,
+        "revCount": 949,
        "type": "git",
        "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
      },
@ -37,6 +37,42 @@
        "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
      }
    },
    "deploy-rs": {
      "inputs": {
        "flake-compat": "flake-compat",
        "nixpkgs": "nixpkgs_2",
        "utils": "utils"
      },
      "locked": {
        "lastModified": 1762286984,
        "narHash": "sha256-9I2H9x5We6Pl+DBYHjR1s3UT8wgwcpAH03kn9CqtdQc=",
        "owner": "serokell",
        "repo": "deploy-rs",
        "rev": "9c870f63e28ec1e83305f7f6cb73c941e699f74f",
        "type": "github"
      },
      "original": {
        "owner": "serokell",
        "repo": "deploy-rs",
        "type": "github"
      }
    },
    "flake-compat": {
      "flake": false,
      "locked": {
        "lastModified": 1733328505,
        "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
        "owner": "edolstra",
        "repo": "flake-compat",
        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
        "type": "github"
      },
      "original": {
        "owner": "edolstra",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@ -61,7 +97,7 @@
    },
    "home-manager_2": {
      "inputs": {
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": "nixpkgs_3"
      },
      "locked": {
        "lastModified": 1765979862,
@ -110,6 +146,22 @@
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1743014863,
        "narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "bd3bac8bfb542dbde7ffffb6987a1a1f9d41699f",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_3": {
      "locked": {
        "lastModified": 1765762245,
        "narHash": "sha256-3iXM/zTqEskWtmZs3gqNiVtRTsEjYAedIaLL0mSBsrk=",
@ -125,7 +177,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_3": {
+    "nixpkgs_4": {
      "locked": {
        "lastModified": 1765838191,
        "narHash": "sha256-m5KWt1nOm76ILk/JSCxBM4MfK3rYY7Wq9/TZIIeGnT8=",
@ -141,7 +193,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_4": {
+    "nixpkgs_5": {
      "locked": {
        "lastModified": 1764776358,
        "narHash": "sha256-MxXSCRiV7DI5U3Ra1UxVJTTUyKsONAE8+8QdSXsGIhA=",
@ -1043,15 +1095,16 @@
      "inputs": {
        "common": "common",
        "de_plasma": "de_plasma",
        "deploy-rs": "deploy-rs",
        "home-manager": "home-manager_2",
        "impermanence": "impermanence",
-        "nixpkgs": "nixpkgs_3",
+        "nixpkgs": "nixpkgs_4",
        "ros_neovim": "ros_neovim"
      }
    },
    "ros_neovim": {
      "inputs": {
-        "nixpkgs": "nixpkgs_4",
+        "nixpkgs": "nixpkgs_5",
        "nvim_plugin-Almo7aya/openingh.nvim": "nvim_plugin-Almo7aya/openingh.nvim",
        "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim",
        "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring": "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring",
@ -1142,6 +1195,39 @@
        "repo": "rust-overlay",
        "type": "github"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "utils": {
      "inputs": {
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1731533236,
        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    }
  },
  "root": "root",
--- a/hosts/i001/flake.nix
+++ b/hosts/i001/flake.nix
@ -11,7 +11,6 @@
    ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim";
    impermanence.url = "github:nix-community/impermanence";
    # preservation.url = "github:nix-community/preservation";
  };
  outputs =
@ -36,7 +35,6 @@
            };
            modules = [
              inputs.impermanence.nixosModules.impermanence
              # inputs.preservation.nixosModules.preservation
              inputs.home-manager.nixosModules.default
              inputs.ros_neovim.nixosModules.default
@ -44,14 +42,14 @@
                ringofstorms-nvim.includeAllRuntimeDependencies = true;
              })
-              # inputs.de_plasma.nixosModules.default
+              inputs.de_plasma.nixosModules.default
-              # ({
+              ({
-              #   ringofstorms.dePlasma = {
+                ringofstorms.dePlasma = {
-              #     enable = true;
+                  enable = true;
-              #     gpu.intel.enable = true;
+                  gpu.intel.enable = true;
-              #     sddm.autologinUser = "luser";
+                  sddm.autologinUser = "luser";
-              #   };
+                };
-              # })
+              })
              inputs.common.nixosModules.essentials
              inputs.common.nixosModules.git
@ -69,7 +67,6 @@
              ./hardware-mounts.nix
              ./impermanence.nix
              ./impermanence-tools.nix
              # ./preservation.nix
              (
                {
                  config,
--- a/hosts/i001/impermanence-tools.sh
+++ b/hosts/i001/impermanence-tools.sh
@ -464,7 +464,7 @@ cmd_diff() {
  # Build list of bind mounts backed by /persist so we can filter them out.
  local persist_mounts
-  persist_mounts=$(awk '$2 ~ /^\/persist($|\//) { print $2 }' /proc/self/mounts || true)
+  persist_mounts=$(awk '$2 ~ "^/persist(/|$)" { print $2 }' /proc/self/mounts || true)
  is_persist_backed() {
    local p
@ -590,3 +590,36 @@ cmd_diff() {
  browse_diff_tree "$snapshot_name" "$snapshot_dir" "$diff_list" "$initial_prefix"
  rm -f "$diff_list"
 }
 main() {
  if [ "$#" -lt 1 ]; then
    usage
    exit 1
  fi
  local cmd
  cmd="$1"
  shift || true
  case "$cmd" in
    gc)
      cmd_gc "$@"
      ;;
    ls)
      cmd_ls "$@"
      ;;
    diff)
      cmd_diff "$@"
      ;;
    --help|-h|help)
      usage
      ;;
    *)
      echo "Unknown subcommand: $cmd" >&2
      usage
      exit 1
      ;;
  esac
 }
 main "$@"
--- a/hosts/i001/preservation.nix
+++ b/hosts/i001/preservation.nix
@ -1,93 +0,0 @@
 { ... }:
 {
  preservation = {
    enable = true;
    # Preserve system-wide directories and files at /persist
    preserveAt = {
      "/persist" = {
        commonMountOptions = [
          "x-gvfs-hide"
          "x-gdu.hide"
        ];
        # Directories to persist (bind-mount by default)
        directories = [
          "/var/log"
          "/var/lib/nixos"
          "/var/lib/systemd/coredump"
          "/var/lib/systemd/timers"
          "/etc/nixos"
          "/etc/ssh"
          "/etc/NetworkManager/system-connections"
          "/var/lib/bluetooth"
          "/var/lib/NetworkManager"
          "/var/lib/iwd"
          "/var/lib/fail2ban"
        ];
        # Files to persist
        files = [
          # Persist machine-id early (initrd) via symlink for ConditionFirstBoot compatibility
          { file = "/etc/machine-id"; inInitrd = true; how = "symlink"; configureParent = true; }
          # SSH host keys: ensure correct handling with symlinks
          { file = "/etc/ssh/ssh_host_rsa_key"; how = "symlink"; configureParent = true; }
          { file = "/etc/ssh/ssh_host_ed25519_key"; how = "symlink"; configureParent = true; }
        ];
        # Per-user persistence
        users = {
          luser = {
            directories = [
              ".ssh"
              ".gnupg"
              "projects"
              ".config/nixos-config"
              ".config/atuin"
              ".local/share/atuin"
              ".local/share/zoxide"
              # KDE
              ".config/kdeconnect"
              # Chrome
              ".config/google-chrome"
              # neovim ros_neovim
              ".local/state/nvim_ringofstorms_helium"
            ];
            files = [ ];
          };
        };
      };
    };
  };
  # Configure intermediate system-wide directories that may need custom modes
  # (Example: none required beyond defaults here.)
  # Let systemd-machine-id-commit write the transient ID to the persistent volume.
  # This avoids activation failure when /etc/machine-id is a symlink.
  systemd.services.systemd-machine-id-commit = {
    unitConfig.ConditionPathIsMountPoint = [
      ""
      "/persist/etc/machine-id"
    ];
    serviceConfig.ExecStart = [
      ""
      "systemd-machine-id-setup --commit --root /persist"
    ];
  };
  # If you need custom ownership/modes for parent directories, use tmpfiles:
  # systemd.tmpfiles.settings.preservation = {
  #   "/foo".d = { user = "foo"; group = "bar"; mode = "0775"; };
  #   "/foo/bar".d = { user = "bar"; group = "bar"; mode = "0755"; };
  # };
 }
--- a/utilities/nixos-installers/install_bcachefs.md
+++ b/utilities/nixos-installers/install_bcachefs.md
@ -5,42 +5,30 @@
 - custom iso installer
  - `nix build .\#packages.x86_64-linux.iso-minimal-stable`
-## Format main drive with boot partition
+## Format main drive with boot, bcachefs, & swap
-### Partition with GPT
+### Partition with GPT table
 ```sh
 DEVICE=sda
 parted /dev/$DEVICE -- mklabel gpt
 parted /dev/$DEVICE -- mkpart ESP fat32 1MB 2GB
 parted /dev/$DEVICE -- set 1 esp on
-
+# with swap
 parted /dev/$DEVICE -- mkpart PRIMARY 2GB -8GB
 parted /dev/$DEVICE -- mkpart SWAP linux-swap -8GB 100%
-# OR
+# OR no swap
 parted /dev/$DEVICE -- mkpart PRIMARY 2GB 100%
 ```
 ### Format partitions
 - boot
 ```sh
 BOOT=sda1
 mkfs.fat -F 32 -n BOOT /dev/$BOOT
 ```
 - primary
 ```sh
 PRIMARY=sda2
 bcachefs format --label=nixos --encrypted /dev/$PRIMARY
 bcachefs unlock /dev/$PRIMARY
 ```
 - swap (optional)
 ```sh
 SWAP=sda3
 mkswap /dev/$SWAP
 swapon /dev/$SWAP
@ -90,15 +78,15 @@ nixos-generate-config --root /mnt
 - Run nixos-install
 ```sh
 # If setup remotely we can install remotely as well like this
 nixos-install --flake "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=hosts/i001#i001"
 ```
-After boot
+- After boot
 ```sh
 nh os switch "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=hosts/i001#nixosConfigurations.i001"
-```
+# OR
 or
 ```sh
 cd ~/.config
 git clone https://git.joshuabell.xyz/ringofstorms/dotfiles nixos-config
 cd ~/.config/nixos-config/hosts/i001
@ -107,7 +95,9 @@ cd ~/.config/nixos-config/hosts/i001
 or from host machine? TODO haven't tried this fully
 ```sh
-NIX_SSHOPTS="-i /run/agenix/nix2nix" sudo nixos-rebuild switch --flake "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=hosts/i001#i001" --target-host luser@10.12.14.157 --build-host localhost
+NIX_SSHOPTS="-i /run/agenix/nix2nix" sudo nixos-rebuild switch --flake "~/.config/nixos-config/hosts/i001#nixosConfigurations.i001" --target-host luser@10.12.14.119 --build-host localhost
 NIX_SSHOPTS="-i /run/agenix/nix2nix" sudo nixos-rebuild switch --flake "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=hosts/i001#i001" --target-host luser@10.12.14.119 --build-host localhost
 nh os switch -H i001 --target-host luser@10.12.14.119 --build-host localhost -n ".config/nixos-config/hosts/i001"
 ```
 ## USB Key