ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

wip docs for remote deploys

Browse source
This commit is contained in:
RingOfStorms (Joshua Bell) 2025-12-17 22:31:49 -06:00
parent ece48b65b7
commit 827ba897ba
7 changed files with 1422 additions and 146 deletions
Download patch file Download diff file Expand all files Collapse all files

1249
flake.lock generated
View file

File diff suppressed because it is too large Load diff

28
flake.nix
View file

@ -1,13 +1,17 @@
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
deploy-rs.url = "github:serokell/deploy-rs";
i001.url = "path:./hosts/i001";
};
outputs =
{
nixpkgs,
deploy-rs,
...
}:
}@inputs:
let
# Utilities
inherit (nixpkgs) lib;
@ -48,13 +52,31 @@
in
{
default = pkgs.mkShell {
nativeBuildInputs = with pkgs; [
packages = [
deploy_oracle
deploy_linode
deploy-rs
pkgs.deploy-rs
];
};
}
);
deploy = {
sshUser = "root";
sshOpts = [
"-i"
"/run/agenix/nix2nix"
];
nodes = {
i001 = {
hostname = "10.12.14.119"; # NOTE not stable ip check...
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos inputs.i001.nixosConfigurations.i001;
};
};
};
};
};
}

112
hosts/i001/flake.lock generated
View file

@ -3,11 +3,11 @@
"common": {
"locked": {
"dir": "flakes/common",
"lastModified": 1765991726,
"narHash": "sha256-oblFg2soKB7yi9DDXbzWKn8tnA1aoojKrA3+aVx+wb0=",
"lastModified": 1766010612,
"narHash": "sha256-3aKy/FcWFSeA/1bJbslAvWDSXLF4yygykt5OpHK6cTQ=",
"ref": "refs/heads/master",
"rev": "75b37cc9ec2014dd8dea941bb3faf9c0b665c6d0",
"revCount": 941,
"rev": "ece48b65b79ac2caf6c6be771a9f1809de8bc65b",
"revCount": 949,
"type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
},
@ -23,11 +23,11 @@
},
"locked": {
"dir": "flakes/de_plasma",
"lastModified": 1765991726,
"narHash": "sha256-oblFg2soKB7yi9DDXbzWKn8tnA1aoojKrA3+aVx+wb0=",
"lastModified": 1766010612,
"narHash": "sha256-3aKy/FcWFSeA/1bJbslAvWDSXLF4yygykt5OpHK6cTQ=",
"ref": "refs/heads/master",
"rev": "75b37cc9ec2014dd8dea941bb3faf9c0b665c6d0",
"revCount": 941,
"rev": "ece48b65b79ac2caf6c6be771a9f1809de8bc65b",
"revCount": 949,
"type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
},
@ -37,6 +37,42 @@
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
}
},
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs_2",
"utils": "utils"
},
"locked": {
"lastModified": 1762286984,
"narHash": "sha256-9I2H9x5We6Pl+DBYHjR1s3UT8wgwcpAH03kn9CqtdQc=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "9c870f63e28ec1e83305f7f6cb73c941e699f74f",
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -61,7 +97,7 @@
},
"home-manager_2": {
"inputs": {
"nixpkgs": "nixpkgs_2"
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1765979862,
@ -110,6 +146,22 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1743014863,
"narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bd3bac8bfb542dbde7ffffb6987a1a1f9d41699f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1765762245,
"narHash": "sha256-3iXM/zTqEskWtmZs3gqNiVtRTsEjYAedIaLL0mSBsrk=",
@ -125,7 +177,7 @@
"type": "github"
}
},
"nixpkgs_3": {
"nixpkgs_4": {
"locked": {
"lastModified": 1765838191,
"narHash": "sha256-m5KWt1nOm76ILk/JSCxBM4MfK3rYY7Wq9/TZIIeGnT8=",
@ -141,7 +193,7 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_5": {
"locked": {
"lastModified": 1764776358,
"narHash": "sha256-MxXSCRiV7DI5U3Ra1UxVJTTUyKsONAE8+8QdSXsGIhA=",
@ -1043,15 +1095,16 @@
"inputs": {
"common": "common",
"de_plasma": "de_plasma",
"deploy-rs": "deploy-rs",
"home-manager": "home-manager_2",
"impermanence": "impermanence",
"nixpkgs": "nixpkgs_3",
"nixpkgs": "nixpkgs_4",
"ros_neovim": "ros_neovim"
}
},
"ros_neovim": {
"inputs": {
"nixpkgs": "nixpkgs_4",
"nixpkgs": "nixpkgs_5",
"nvim_plugin-Almo7aya/openingh.nvim": "nvim_plugin-Almo7aya/openingh.nvim",
"nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim",
"nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring": "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring",
@ -1142,6 +1195,39 @@
"repo": "rust-overlay",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",

19
hosts/i001/flake.nix
View file

@ -11,7 +11,6 @@
ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim";
impermanence.url = "github:nix-community/impermanence";
# preservation.url = "github:nix-community/preservation";
};
outputs =
@ -36,7 +35,6 @@
};
modules = [
inputs.impermanence.nixosModules.impermanence
# inputs.preservation.nixosModules.preservation
inputs.home-manager.nixosModules.default
inputs.ros_neovim.nixosModules.default
@ -44,14 +42,14 @@
ringofstorms-nvim.includeAllRuntimeDependencies = true;
})
# inputs.de_plasma.nixosModules.default
# ({
# ringofstorms.dePlasma = {
# enable = true;
# gpu.intel.enable = true;
# sddm.autologinUser = "luser";
# };
# })
inputs.de_plasma.nixosModules.default
({
ringofstorms.dePlasma = {
enable = true;
gpu.intel.enable = true;
sddm.autologinUser = "luser";
};
})
inputs.common.nixosModules.essentials
inputs.common.nixosModules.git
@ -69,7 +67,6 @@
./hardware-mounts.nix
./impermanence.nix
./impermanence-tools.nix
# ./preservation.nix
(
{
config,

35
hosts/i001/impermanence-tools.sh
View file

@ -464,7 +464,7 @@ cmd_diff() {
# Build list of bind mounts backed by /persist so we can filter them out.
local persist_mounts
persist_mounts=$(awk '$2 ~ /^\/persist($|\//) { print $2 }' /proc/self/mounts || true)
persist_mounts=$(awk '$2 ~ "^/persist(/|$)" { print $2 }' /proc/self/mounts || true)
is_persist_backed() {
local p
@ -590,3 +590,36 @@ cmd_diff() {
browse_diff_tree "$snapshot_name" "$snapshot_dir" "$diff_list" "$initial_prefix"
rm -f "$diff_list"
}
main() {
if [ "$#" -lt 1 ]; then
usage
exit 1
fi
local cmd
cmd="$1"
shift || true
case "$cmd" in
gc)
cmd_gc "$@"
;;
ls)
cmd_ls "$@"
;;
diff)
cmd_diff "$@"
;;
--help|-h|help)
usage
;;
*)
echo "Unknown subcommand: $cmd" >&2
usage
exit 1
;;
esac
}
main "$@"

93
hosts/i001/preservation.nix
View file

@ -1,93 +0,0 @@
{ ... }:
{
preservation = {
enable = true;
# Preserve system-wide directories and files at /persist
preserveAt = {
"/persist" = {
commonMountOptions = [
"x-gvfs-hide"
"x-gdu.hide"
];
# Directories to persist (bind-mount by default)
directories = [
"/var/log"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
"/var/lib/systemd/timers"
"/etc/nixos"
"/etc/ssh"
"/etc/NetworkManager/system-connections"
"/var/lib/bluetooth"
"/var/lib/NetworkManager"
"/var/lib/iwd"
"/var/lib/fail2ban"
];
# Files to persist
files = [
# Persist machine-id early (initrd) via symlink for ConditionFirstBoot compatibility
{ file = "/etc/machine-id"; inInitrd = true; how = "symlink"; configureParent = true; }
# SSH host keys: ensure correct handling with symlinks
{ file = "/etc/ssh/ssh_host_rsa_key"; how = "symlink"; configureParent = true; }
{ file = "/etc/ssh/ssh_host_ed25519_key"; how = "symlink"; configureParent = true; }
];
# Per-user persistence
users = {
luser = {
directories = [
".ssh"
".gnupg"
"projects"
".config/nixos-config"
".config/atuin"
".local/share/atuin"
".local/share/zoxide"
# KDE
".config/kdeconnect"
# Chrome
".config/google-chrome"
# neovim ros_neovim
".local/state/nvim_ringofstorms_helium"
];
files = [ ];
};
};
};
};
};
# Configure intermediate system-wide directories that may need custom modes
# (Example: none required beyond defaults here.)
# Let systemd-machine-id-commit write the transient ID to the persistent volume.
# This avoids activation failure when /etc/machine-id is a symlink.
systemd.services.systemd-machine-id-commit = {
unitConfig.ConditionPathIsMountPoint = [
""
"/persist/etc/machine-id"
];
serviceConfig.ExecStart = [
""
"systemd-machine-id-setup --commit --root /persist"
];
};
# If you need custom ownership/modes for parent directories, use tmpfiles:
# systemd.tmpfiles.settings.preservation = {
# "/foo".d = { user = "foo"; group = "bar"; mode = "0775"; };
# "/foo/bar".d = { user = "bar"; group = "bar"; mode = "0755"; };
# };
}

32
utilities/nixos-installers/install_bcachefs.md
View file

@ -5,42 +5,30 @@
- custom iso installer
- `nix build .\#packages.x86_64-linux.iso-minimal-stable`
## Format main drive with boot partition
## Format main drive with boot, bcachefs, & swap
### Partition with GPT
### Partition with GPT table
```sh
DEVICE=sda
parted /dev/$DEVICE -- mklabel gpt
parted /dev/$DEVICE -- mkpart ESP fat32 1MB 2GB
parted /dev/$DEVICE -- set 1 esp on
# with swap
parted /dev/$DEVICE -- mkpart PRIMARY 2GB -8GB
parted /dev/$DEVICE -- mkpart SWAP linux-swap -8GB 100%
# OR
# OR no swap
parted /dev/$DEVICE -- mkpart PRIMARY 2GB 100%
```
### Format partitions
- boot
```sh
BOOT=sda1
mkfs.fat -F 32 -n BOOT /dev/$BOOT
```
- primary
```sh
PRIMARY=sda2
bcachefs format --label=nixos --encrypted /dev/$PRIMARY
bcachefs unlock /dev/$PRIMARY
```
- swap (optional)
```sh
SWAP=sda3
mkswap /dev/$SWAP
swapon /dev/$SWAP
@ -90,15 +78,15 @@ nixos-generate-config --root /mnt
- Run nixos-install
```sh
# If setup remotely we can install remotely as well like this
nixos-install --flake "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=hosts/i001#i001"
```
After boot
- After boot
```sh
nh os switch "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=hosts/i001#nixosConfigurations.i001"
```
or
```sh
# OR
cd ~/.config
git clone https://git.joshuabell.xyz/ringofstorms/dotfiles nixos-config
cd ~/.config/nixos-config/hosts/i001
@ -107,7 +95,9 @@ cd ~/.config/nixos-config/hosts/i001
or from host machine? TODO haven't tried this fully
```sh
NIX_SSHOPTS="-i /run/agenix/nix2nix" sudo nixos-rebuild switch --flake "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=hosts/i001#i001" --target-host luser@10.12.14.157 --build-host localhost
NIX_SSHOPTS="-i /run/agenix/nix2nix" sudo nixos-rebuild switch --flake "~/.config/nixos-config/hosts/i001#nixosConfigurations.i001" --target-host luser@10.12.14.119 --build-host localhost
NIX_SSHOPTS="-i /run/agenix/nix2nix" sudo nixos-rebuild switch --flake "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=hosts/i001#i001" --target-host luser@10.12.14.119 --build-host localhost
nh os switch -H i001 --target-host luser@10.12.14.119 --build-host localhost -n ".config/nixos-config/hosts/i001"
```
## USB Key