88c51399d0
clan-cli silently ignores the `?dir=` URL parameter when resolving a
flake source, so with the flake at nixos/flake.nix `clan machines
update` fails with "flake.nix does not exist". Move the flake tree up
so the repo root contains flake.nix, flake.lock, flake-modules/, lib/,
modules/, sops/, and vars/. Host-specific NixOS modules stay in
nixos/{hosts,home,fish.nix,neovim.nix,…}; flake-module paths updated
accordingly.
- dotfiles-rebuild flakeRef is now "${dotfilesDir}#<host>" (was
"${dotfilesDir}/nixos#<host>").
- CLAUDE.md build commands + clan section updated. nixupdate fish alias
updated. sunken-ship hostsfile comment updated.
- Existing /etc/dotfiles checkouts on the servers will pick up the new
layout on the next `dotfiles-rebuild` timer tick; the rebuild service
was pre-updated via rsync so its flakeRef matches before the pull.
Also includes 4b follow-through: zerotier identities are now live on
both servers (sunken-ship=d553a2de33 controller, phantom-ship=6c048abbdc
peer) and IPv6 ping across the ZT mesh works.
44 lines
1.5 KiB
Nix
44 lines
1.5 KiB
Nix
# Shared auto-rebuild-from-git service for homelab hosts.
|
|
#
|
|
# Every 15 min: git fetch origin, fast-forward main, and if there were any
|
|
# new commits run nixos-rebuild switch against `<dotfilesDir>#<host>`.
|
|
#
|
|
# Assumes /etc/dotfiles is an already-cloned checkout of the dotfiles repo.
|
|
{ config, lib, pkgs, ... }:
|
|
let
|
|
dotfilesDir = "/etc/dotfiles";
|
|
flakeRef = "${dotfilesDir}#${config.networking.hostName}";
|
|
in {
|
|
environment.systemPackages = [ pkgs.git ];
|
|
|
|
# Trust /etc/dotfiles as root even though it's owned by `danny`.
|
|
# nix/libgit2 reads safe.directory from /etc/gitconfig; the GIT_CONFIG_*
|
|
# env vars on the service only affect the git CLI, not nix.
|
|
programs.git.enable = true;
|
|
programs.git.config.safe.directory = [ dotfilesDir ];
|
|
|
|
systemd.services.dotfiles-rebuild = {
|
|
description = "Pull dotfiles and run nixos-rebuild if repo changed";
|
|
path = with pkgs; [ git nix nixos-rebuild ];
|
|
environment.GIT_CONFIG_COUNT = "1";
|
|
environment.GIT_CONFIG_KEY_0 = "safe.directory";
|
|
environment.GIT_CONFIG_VALUE_0 = dotfilesDir;
|
|
script = ''
|
|
set -euo pipefail
|
|
cd ${dotfilesDir}
|
|
git fetch origin
|
|
if [ "$(git rev-parse HEAD)" = "$(git rev-parse origin/main)" ]; then
|
|
exit 0
|
|
fi
|
|
git pull origin main
|
|
exec nixos-rebuild switch --flake ${flakeRef}
|
|
'';
|
|
serviceConfig.Type = "oneshot";
|
|
};
|
|
|
|
systemd.timers.dotfiles-rebuild = {
|
|
wantedBy = [ "timers.target" ];
|
|
timerConfig.OnCalendar = "*-*-* *:00/15:00"; # every 15 minutes
|
|
timerConfig.RandomizedDelaySec = "2min";
|
|
};
|
|
}
|