refactor(nix): move flake to repo root 🚚
clan-cli silently ignores the `?dir=` URL parameter when resolving a
flake source, so with the flake at nixos/flake.nix `clan machines
update` fails with "flake.nix does not exist". Move the flake tree up
so the repo root contains flake.nix, flake.lock, flake-modules/, lib/,
modules/, sops/, and vars/. Host-specific NixOS modules stay in
nixos/{hosts,home,fish.nix,neovim.nix,…}; flake-module paths updated
accordingly.
- dotfiles-rebuild flakeRef is now "${dotfilesDir}#<host>" (was
"${dotfilesDir}/nixos#<host>").
- CLAUDE.md build commands + clan section updated. nixupdate fish alias
updated. sunken-ship hostsfile comment updated.
- Existing /etc/dotfiles checkouts on the servers will pick up the new
layout on the next `dotfiles-rebuild` timer tick; the rebuild service
was pre-updated via rsync so its flakeRef matches before the pull.
Also includes 4b follow-through: zerotier identities are now live on
both servers (sunken-ship=d553a2de33 controller, phantom-ship=6c048abbdc
peer) and IPv6 ping across the ZT mesh works.
This commit is contained in:
DannyDannyDanny
parent
9921a7f9f1
commit
88c51399d0
33 changed files with 29 additions and 24 deletions
44
modules/dotfiles-rebuild.nix
Normal file
44
modules/dotfiles-rebuild.nix
Normal file
|
|
@ -0,0 +1,44 @@
|
|||
# Shared auto-rebuild-from-git service for homelab hosts.
|
||||
#
|
||||
# Every 15 min: git fetch origin, fast-forward main, and if there were any
|
||||
# new commits run nixos-rebuild switch against `<dotfilesDir>#<host>`.
|
||||
#
|
||||
# Assumes /etc/dotfiles is an already-cloned checkout of the dotfiles repo.
|
||||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
dotfilesDir = "/etc/dotfiles";
|
||||
flakeRef = "${dotfilesDir}#${config.networking.hostName}";
|
||||
in {
|
||||
environment.systemPackages = [ pkgs.git ];
|
||||
|
||||
# Trust /etc/dotfiles as root even though it's owned by `danny`.
|
||||
# nix/libgit2 reads safe.directory from /etc/gitconfig; the GIT_CONFIG_*
|
||||
# env vars on the service only affect the git CLI, not nix.
|
||||
programs.git.enable = true;
|
||||
programs.git.config.safe.directory = [ dotfilesDir ];
|
||||
|
||||
systemd.services.dotfiles-rebuild = {
|
||||
description = "Pull dotfiles and run nixos-rebuild if repo changed";
|
||||
path = with pkgs; [ git nix nixos-rebuild ];
|
||||
environment.GIT_CONFIG_COUNT = "1";
|
||||
environment.GIT_CONFIG_KEY_0 = "safe.directory";
|
||||
environment.GIT_CONFIG_VALUE_0 = dotfilesDir;
|
||||
script = ''
|
||||
set -euo pipefail
|
||||
cd ${dotfilesDir}
|
||||
git fetch origin
|
||||
if [ "$(git rev-parse HEAD)" = "$(git rev-parse origin/main)" ]; then
|
||||
exit 0
|
||||
fi
|
||||
git pull origin main
|
||||
exec nixos-rebuild switch --flake ${flakeRef}
|
||||
'';
|
||||
serviceConfig.Type = "oneshot";
|
||||
};
|
||||
|
||||
systemd.timers.dotfiles-rebuild = {
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig.OnCalendar = "*-*-* *:00/15:00"; # every 15 minutes
|
||||
timerConfig.RandomizedDelaySec = "2min";
|
||||
};
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue