From b0c8664f5c10e74598cc3d013028ccc475523327 Mon Sep 17 00:00:00 2001 From: DannyDannyDanny Date: Mon, 20 Apr 2026 20:28:05 +0200 Subject: [PATCH] =?UTF-8?q?docs:=20update=20stale=20dotfiles/nixos=20flake?= =?UTF-8?q?=20paths=20=F0=9F=93=9D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Stage 4f cleanup. The flake moved from ~/dotfiles/nixos/ to ~/dotfiles/ in 88c5139; docs and install scripts hadn't been refreshed. Point all rebuild / flake references at the new root: - AGENTS.md, README.md, server-quickstart.md, docs/server-installer-usb.md, docs/sunken-ship-wifi.md, nixos/readme.md — rebuild command paths. - scripts/nixos-server-install.sh — auto-detect now looks for flake.nix at repo root (was nixos/flake.nix). - scripts/post-install-provision.sh — first-rebuild hint path. `nixos/hosts/-hardware.nix` and friends stay where they are — host-specific NixOS modules still live under nixos/; only the flake entry-points + sops/ + vars/ + lib/ + modules/ + flake-modules/ moved. nixos/readme.md rewritten to reflect the split (flake at root, per-host modules under nixos/). --- AGENTS.md | 4 ++-- README.md | 2 +- docs/server-installer-usb.md | 8 +++---- docs/sunken-ship-wifi.md | 4 ++-- nixos/readme.md | 35 ++++++++++++++++++------------- scripts/nixos-server-install.sh | 8 +++---- scripts/post-install-provision.sh | 2 +- server-quickstart.md | 2 +- 8 files changed, 36 insertions(+), 29 deletions(-) diff --git a/AGENTS.md b/AGENTS.md index 1a11b77..dcf9ab5 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -10,11 +10,11 @@ From the Mac, agents can SSH to sunken-ship: ssh -i ~/.ssh/id_ed25519_sunken_ship danny@sunken-ship 'hostname; ip addr' ``` -Rebuild on the server: `ssh ... 'cd /etc/dotfiles/nixos && sudo nixos-rebuild switch --flake .#sunken-ship'`. The server has WiFi; it remains reachable when ethernet is unplugged. +Rebuild on the server: `ssh ... 'cd /etc/dotfiles && sudo nixos-rebuild switch --flake .#sunken-ship'`. The server has WiFi; it remains reachable when ethernet is unplugged. Preferred from the mac: `nix run git+https://git.clan.lol/clan/clan-core#clan-cli -- machines update sunken-ship --flake ~/dotfiles`. ## Server installer USB (new machines only) -Build from **Linux**: `cd ~/dotfiles/nixos && nix build .#installer-iso` (x86_64-linux only; cannot build on macOS). Or use official NixOS minimal ISO, write to USB, boot server, clone repo, run [scripts/nixos-server-install.sh](scripts/nixos-server-install.sh). See [docs/server-installer-usb.md](docs/server-installer-usb.md). Optional live WiFi: add `nixos/installer-wifi.nix` (gitignored) when building custom ISO on Linux. +Build from **Linux**: `cd ~/dotfiles && nix build .#installer-iso` (x86_64-linux only; cannot build on macOS). Or use official NixOS minimal ISO, write to USB, boot server, clone repo, run [scripts/nixos-server-install.sh](scripts/nixos-server-install.sh). See [docs/server-installer-usb.md](docs/server-installer-usb.md). Optional live WiFi: add `nixos/installer-wifi.nix` (gitignored) when building custom ISO on Linux. ## Learnings (NixOS server) diff --git a/README.md b/README.md index a181f19..201e803 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ nix-shell -p gh git gh auth login gh repo clone dannydannydanny/dotfiles && cd dotfiles # git checkout # if needed -sudo nixos-rebuild switch --flake ~/dotfiles/nixos#wsl +sudo nixos-rebuild switch --flake ~/dotfiles#wsl ``` ### Clone via SSH diff --git a/docs/server-installer-usb.md b/docs/server-installer-usb.md index 4377f22..4c69d53 100644 --- a/docs/server-installer-usb.md +++ b/docs/server-installer-usb.md @@ -50,7 +50,7 @@ Bootable USB that installs NixOS on a new server with disk encryption (LUKS). Th 8. SSH in: `ssh danny@phantom-ship` 9. First rebuild to switch from generic `server-install` to `phantom-ship` config: ```bash - cd /etc/dotfiles/nixos && sudo nixos-rebuild switch --flake .#phantom-ship + cd /etc/dotfiles && sudo nixos-rebuild switch --flake .#phantom-ship ``` 10. Commit the generated `phantom-ship-hardware.nix` back to the repo. @@ -87,7 +87,7 @@ Adds WiFi kernel modules for servers that need WiFi on the live system. ### Build directly on Linux ```bash -cd ~/dotfiles/nixos && nix build .#installer-iso +cd ~/dotfiles && nix build .#installer-iso # Write to USB: sudo dd if=result/iso/nixos-minimal-*.iso of=/dev/sdX status=progress bs=4M ``` @@ -117,7 +117,7 @@ sudo INSTALLER_SYSTEM_CONFIG_FILE=/path/to/wifi.json INSTALLER_HOSTNAME=my-serve ```bash sudo nix run github:nix-community/disko/latest#disko-install -- \ - --flake 'path:/tmp/dotfiles/nixos#server-install' \ + --flake 'path:/tmp/dotfiles#server-install' \ --disk main /dev/sda \ --system-config '{"networking":{"hostName":"my-server"}}' ``` @@ -130,5 +130,5 @@ sudo nix run github:nix-community/disko/latest#disko-install -- \ | **Boot** | Boot new server from USB, plug Ethernet | | **Install** | `curl ... \| INSTALLER_HOSTNAME=phantom-ship SSH_PUBKEY_FILE=/tmp/key.pub sudo -E bash` | | **Reboot** | Remove USB, unlock LUKS | -| **First rebuild** | `sudo nixos-rebuild switch --flake /etc/dotfiles/nixos#phantom-ship` | +| **First rebuild** | `sudo nixos-rebuild switch --flake /etc/dotfiles#phantom-ship` | | **Commit** | Push generated `phantom-ship-hardware.nix` to repo | diff --git a/docs/sunken-ship-wifi.md b/docs/sunken-ship-wifi.md index aa8f06c..92410b6 100644 --- a/docs/sunken-ship-wifi.md +++ b/docs/sunken-ship-wifi.md @@ -42,10 +42,10 @@ nix shell nixpkgs#wpa_supplicant -c wpa_passphrase "YOUR_SSID" "YOUR_PASSWORD" ## Rebuild (after changing Nix config) -From the server (flake is in `nixos/`): +From the server (flake is at the repo root): ```bash -cd /etc/dotfiles/nixos && sudo nixos-rebuild switch --flake .#sunken-ship +cd /etc/dotfiles && sudo nixos-rebuild switch --flake .#sunken-ship ``` ## Verify diff --git a/nixos/readme.md b/nixos/readme.md index 34e6316..7dc6432 100644 --- a/nixos/readme.md +++ b/nixos/readme.md @@ -1,32 +1,39 @@ -# NixOS flake +# NixOS modules -Rebuild from dotfiles dir: +Host-specific NixOS and home-manager modules live under this dir: + +- `hosts/.nix` + `hosts/-hardware.nix` +- `home/danny/home.nix` (home-manager) +- `fish.nix`, `neovim.nix`, `ollama.nix`, `installer-iso.nix`, `disko-server.nix` + +The flake itself (`flake.nix`, `flake.lock`, `flake-modules/`, `lib/`, `modules/`, `sops/`, `vars/`) lives at the **repo root**, not here. See [CLAUDE.md](../CLAUDE.md) at the repo root for rebuild commands, clan.lol operations, and the `dotfiles-rebuild` timer. + +## Quick rebuild reference ```bash # macOS -cd ~/dotfiles/nixos && darwin-rebuild switch --flake . +cd ~/dotfiles && darwin-rebuild switch --flake . # WSL -sudo nixos-rebuild switch --flake ~/dotfiles/nixos#wsl +sudo nixos-rebuild switch --flake ~/dotfiles#wsl -# sunken-ship (on server) -sudo nixos-rebuild switch --flake /etc/dotfiles/nixos#sunken-ship +# Servers (via clan from mac) +nix run git+https://git.clan.lol/clan/clan-core#clan-cli -- \ + machines update sunken-ship --flake ~/dotfiles ``` -## Server (sunken-ship) - -One-time bootstrap (no git until first rebuild): +## Server bootstrap (one-time) ```bash -nix run --extra-experimental-features "nix-command flakes" nixpkgs#git -- clone https://github.com/DannyDannyDanny/dotfiles.git /tmp/dotfiles +nix run --extra-experimental-features "nix-command flakes" nixpkgs#git -- \ + clone https://github.com/DannyDannyDanny/dotfiles.git /tmp/dotfiles sudo mv /tmp/dotfiles /etc/dotfiles -sudo nixos-rebuild switch --flake /etc/dotfiles/nixos#sunken-ship --option accept-flake-config true +sudo nixos-rebuild switch --flake /etc/dotfiles#sunken-ship \ + --option accept-flake-config true ``` -If the daemon doesn't have flakes: copy [server-configuration-with-flakes.nix](server-configuration-with-flakes.nix) to `/etc/nixos/configuration.nix`, run `sudo nixos-rebuild switch`, then build and switch to the flake (see [server-quickstart.md](../server-quickstart.md) for SSH keys). +If the daemon doesn't have flakes: copy [server-configuration-with-flakes.nix](server-configuration-with-flakes.nix) to `/etc/nixos/configuration.nix`, `sudo nixos-rebuild switch`, then build the flake. SSH keys (not in repo): `scp ~/.ssh/*.pub danny@server:/tmp/`, then on server `mkdir -p ~/.ssh; cat /tmp/*.pub >> ~/.ssh/authorized_keys`. See [docs/ssh-and-secrets.md](../docs/ssh-and-secrets.md). -Timer: every 15 min the server pulls and rebuilds when `main` changes. Config: `hosts/sunken-ship.nix`, `hosts/sunken-ship-hardware.nix`. - No git in PATH: `sudo nix run nixpkgs#git -- -C /etc/dotfiles pull origin main`. diff --git a/scripts/nixos-server-install.sh b/scripts/nixos-server-install.sh index d8370ed..dbb690c 100644 --- a/scripts/nixos-server-install.sh +++ b/scripts/nixos-server-install.sh @@ -16,12 +16,12 @@ set -euo pipefail FLAKE_REF="${FLAKE_REF:-}" if [[ -z "$FLAKE_REF" ]]; then - if [[ -d "$(dirname "$0")/../nixos" ]] && [[ -f "$(dirname "$0")/../nixos/flake.nix" ]]; then + if [[ -f "$(dirname "$0")/../flake.nix" ]]; then REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)" - FLAKE_REF="path:${REPO_ROOT}/nixos" + FLAKE_REF="path:${REPO_ROOT}" else echo "FLAKE_REF not set and not running from dotfiles repo. Example:" - echo " export FLAKE_REF=github:USER/REPO # or path:/path/to/dotfiles/nixos" + echo " export FLAKE_REF=github:USER/REPO # or path:/path/to/dotfiles" exit 1 fi fi @@ -197,5 +197,5 @@ echo "" echo "=== Done! ===" echo "Remove the USB and reboot. After unlocking LUKS:" echo " 1. SSH in: ssh danny@${hostname}" -echo " 2. First rebuild: cd /etc/dotfiles/nixos && sudo nixos-rebuild switch --flake .#${hostname}" +echo " 2. First rebuild: cd /etc/dotfiles && sudo nixos-rebuild switch --flake .#${hostname}" echo " 3. Commit ${hostname}-hardware.nix back to the repo" diff --git a/scripts/post-install-provision.sh b/scripts/post-install-provision.sh index 2e67ccc..d59792b 100755 --- a/scripts/post-install-provision.sh +++ b/scripts/post-install-provision.sh @@ -57,5 +57,5 @@ cryptsetup close crypted 2>/dev/null || true echo "" echo "=== Done! Remove USB and reboot. ===" echo "After unlocking LUKS, SSH in: ssh danny@${HOSTNAME}" -echo "Then: cd /etc/dotfiles/nixos && sudo nixos-rebuild switch --flake .#${HOSTNAME}" +echo "Then: cd /etc/dotfiles && sudo nixos-rebuild switch --flake .#${HOSTNAME}" echo "Commit ${HOSTNAME}-hardware.nix from the USB back to the repo." diff --git a/server-quickstart.md b/server-quickstart.md index 1cad215..866ac9f 100644 --- a/server-quickstart.md +++ b/server-quickstart.md @@ -44,7 +44,7 @@ Optional: `services.openssh.settings = { PasswordAuthentication = false; PermitR ```bash sudo nixos-rebuild switch -# or: sudo nixos-rebuild switch --flake /path/to/dotfiles/nixos#hostname +# or: sudo nixos-rebuild switch --flake /path/to/dotfiles#hostname ``` Then from your main machine: `ssh danny@myserver`