docs: agent server notes, README server link, TODO verify note, nixos readme

Made-with: Cursor

AGENTS.md

@@ -23,3 +23,9 @@ No keys, tokens, or identifying secrets in the repo. Prefer `scp` or config outs
 - Root password: console only; set danny’s password as root once for sudo.
 - SSH keys: use actual key names on the machine (e.g. `id_ed25519_github`), not assumed `id_ed25519`.
 
+## Server (nixos-server)
+
+- **Commit and push** before testing on the server; it clones/pulls from origin.
+- Bootstrap: server has no git until first rebuild. Use `nix run --extra-experimental-features "nix-command flakes" nixpkgs#git` to clone. Enable flakes in the daemon via `server-configuration-with-flakes.nix`: scp to server `/tmp/configuration.nix`, on server `sudo cp` to `/etc/nixos/configuration.nix`, then `sudo nixos-rebuild switch`. Then build flake and run `switch-to-configuration switch` (see nixos/readme.md).
+- Auto-rebuild timer (`dotfiles-rebuild`) only runs after the system has been switched to the flake config. Check with `systemctl is-active dotfiles-rebuild.timer` on the server.
+

README.md

@@ -7,7 +7,7 @@ This repo is an extension of [dannydannydanny/methodology](https://github.com/Da
 ## Roadmap:
 
 * configure [firefox-scrolling](firefox-scrolling.md) via terminal
-* server cluster roadmap: [server](server.md)
+* server cluster roadmap: [server](server.md); NixOS server flake and bootstrap: [nixos/readme.md](nixos/readme.md) (nixos-server).
 * :art: check for `nvim checkhealth` status
 * make tmux nice: https://www.youtube.com/watch?v=DzNmUNvnB04
 * [fonts](https://www.programmingfonts.org/) - how does this relate to nerdfonts?

TODO.md

@@ -10,6 +10,6 @@
    - Continue configuring the server (add more services to `hosts/nixos-server.nix` as needed).
 
 4. **Verify**
-   - After 2–4: confirm server hardware in repo, flake builds, auto-rebuild works.
+   - After 2–4: confirm server hardware in repo, flake builds, auto-rebuild works. On server, `systemctl is-active dotfiles-rebuild.timer` should be `active` once the flake config is live (see nixos/readme.md).
 
 5. Rename nixos-server to <something-cooler>

nixos/readme.md

@@ -18,11 +18,23 @@ sudo mv /tmp/dotfiles /etc/dotfiles
 # Enable flakes for this run (needed if the current system config does not)
 sudo nixos-rebuild switch --flake /etc/dotfiles/nixos#nixos-server --option accept-flake-config true
 ```
-If that fails with "does not provide attribute ... nixos-rebuild", build and switch manually (NIX_CONFIG makes the daemon accept flakes for this run):
+If that fails with "does not provide attribute ... nixos-rebuild", enable flakes for the Nix daemon via the current config (on NixOS, `/etc/nix/nix.conf` is often read-only), then build and switch manually.
+
+**From your Mac:** push a config that enables flakes, then on the server copy it and rebuild:
 ```bash
-NIX_CONFIG="extra-experimental-features = nix-command flakes" sudo nix build /etc/dotfiles/nixos#nixosConfigurations.nixos-server.config.system.build.toplevel -o /tmp/nixos-result
+scp nixos/server-configuration-with-flakes.nix danny@<server>:/tmp/configuration.nix
+```
+**On the server:**
+```bash
+sudo cp /tmp/configuration.nix /etc/nixos/configuration.nix
+sudo nixos-rebuild switch
+```
+Then build and switch to the flake:
+```bash
+sudo nix build /etc/dotfiles/nixos#nixosConfigurations.nixos-server.config.system.build.toplevel -o /tmp/nixos-result
 sudo /tmp/nixos-result/bin/switch-to-configuration switch
 ```
+
 Use `git@github.com:DannyDannyDanny/dotfiles.git` if the repo is private (clone as danny then `sudo mv` and `sudo chown -R root:root /etc/dotfiles`).
 
 SSH keys for danny (not in repo): from your machine `scp ~/.ssh/*.pub danny@server:/tmp/`, then on server `mkdir -p ~/.ssh; cat /tmp/*.pub >> ~/.ssh/authorized_keys`.