Skip to content

Maintenance#

Building#

System Configurations#

All of the hosts are available as packages using the .#system- path. For example, to build the octopi host, you would run:

nom build .#system-octopi

Deploying#

Using deploy-rs

  1. add the host as normal
  2. add the host and profiles to the top level deploy.nodes set
  3. run deploy or deploy .#<host> -s --remote-build

Manual Deployment#

If you are on the remote host, all you need to do is run:

git clone http://voile:8418/tsunaminoai/nix-flake-final.git
cd nix-flake-final
nix develop
rebuild-system

If on the deployment server:

nh os build -H <host> .# -o result
nix copy --to ssh://<user>@<host> ./result
ssh <user>@<host> 'sudo /nix/store/<hash>/bin/switch-to-configuration switch'

See also NixOS for more information on building and deploying NixOS configurations.

Nix storage#

Currently, this is a local binary store that is service from Ereshkigal and is used for all builds and deployments. It is a Nix binary cache that is available to all hosts.

It may be worth converting this to an S3 bucket on voile1.

Development Shell#

Currently, the development shell is set up to use the nix develop command. This can be used to enter a development environment with all of the necessary dependencies and tools installed. If direnv is installed, it will automatically load the environment when you enter the directory.

Run menu to see the available commands in the development shell.

Useful Commands provided by the Shell#

  • rebuild-system - rebuild and switch the system configuration on any localhost regardless of system type
  • home-switch - switch the home-manager configuration for the current user
  • build-docs - build this documentation site
  • docs-serve - build and serve this documentation site locally
  • store-fix - fix the Nix store permissions and ownership
  • clean-nix - clean the Nix store and remove old generations
  • clean-home - clean the home-manager store and remove old generations
  • update-flake - update the flake inputs and lock file
  • format - format the Nix code using alejandra
  • vulscan - Runs a vunerability scan using vulnxscan
  • sbom <system> - Generats a Software Bill of Materials for a system configuration using sbomnix (use --buildtime for build time dependencies that dont require a build of the system closure)

Other Useful Commands available in the Shell#

  • nh os switch .# - switch the system configuration for the current host
  • nh os build -H <host> .# - build the system configuration for the specified host
  • nh home switch .# - switch the home-manager configuration for the current user
  • nh home build -c user@host .# - build the home-manager configuration for the specified user and host
  • nix run github:tiiuae/sbomnix#sbomnix ./result -- --buildtime - generate a Software Bill of Materials for the system closure in the result directory, including build time dependencies
  • nix run github:tiiuae/sbomnix#nixgraph -- --depth=3 ./result - generate a graph of the closure dependencies using nixgraph
  • nix run github:tiiuae/sbomnix#nix_outdated -- ./result - check for outdated packages in the system closure using nix_outdated
  • nix run github:tiiuae/sbomnix#provenance (nixpkgs#hello or ./result) --recursive -out ./provenance.json - generate a provenance file for a package using sbomnix

  1. https://jcollie.github.io/nixos/2022/04/27/nixos-binary-cache-2022.html