infra/docs/nix-container-install.md

# Nix Installation for Hermes Agent Container
# Add these lines to the Dockerfile to bake Nix into the container image

# --- ADD AFTER BASE IMAGE AND BEFORE USER SETUP ---

# Install Nix (Determinate Systems installer)
# This provides nix, nixos-rebuild, and the Nix package manager
RUN apt-get update && apt-get install -y --no-install-recommends \
    curl \
    xz-utils \
    && rm -rf /var/lib/apt/lists/*

# Download and run Nix installer (non-interactive)
RUN curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix \
    -o /tmp/nix-install.sh \
    && chmod +x /tmp/nix-install.sh \
    && sh /tmp/nix-install.sh install --no-confirm \
    && rm /tmp/nix-install.sh

# Configure Nix for flakes
RUN mkdir -p /root/.config/nix \
    && echo 'experimental-features = nix-command flakes' > /root/.config/nix/nix.conf \
    && echo 'substituters = https://cache.nixos.org/' >> /root/.config/nix/nix.conf

# Add Nix to PATH for all users
ENV PATH="/nix/var/nix/profiles/default/bin:$PATH"

# Optional: Expose Nix daemon socket if you want to use host's Nix (less secure)
# VOLUME ["/nix/store"]
# Note: Not recommended for security - builds run in container instead

# --- CONTINUE WITH EXISTENT DOCKERFILE ---
feat: add NixOS deployment infrastructure - Nix installation guide for container (docs/nix-container-install.md) - Deployment helper script (scripts/deploy.sh) - SSH configuration template (scripts/deploy-ssh-config) - Deployment skill for Hermes (skills/nixos-deploy/) Enables remote NixOS deployment from Hermes container to target hosts via SSH with nixos-rebuild --target-host. Usage: ./scripts/deploy.sh <hostname> [branch] [action] Supported hosts: - lazyworkhorse (x86_64) - cyt-pi (aarch64) - uConsole (aarch64) - config pending 2026-04-29 18:56:36 +00:00			`# Nix Installation for Hermes Agent Container`
			`# Add these lines to the Dockerfile to bake Nix into the container image`

			`# --- ADD AFTER BASE IMAGE AND BEFORE USER SETUP ---`

			`# Install Nix (Determinate Systems installer)`
			`# This provides nix, nixos-rebuild, and the Nix package manager`
			`RUN apt-get update && apt-get install -y --no-install-recommends \`
			`curl \`
			`xz-utils \`
			`&& rm -rf /var/lib/apt/lists/*`

			`# Download and run Nix installer (non-interactive)`
			`RUN curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix \`
			`-o /tmp/nix-install.sh \`
			`&& chmod +x /tmp/nix-install.sh \`
			`&& sh /tmp/nix-install.sh install --no-confirm \`
			`&& rm /tmp/nix-install.sh`

			`# Configure Nix for flakes`
			`RUN mkdir -p /root/.config/nix \`
			`&& echo 'experimental-features = nix-command flakes' > /root/.config/nix/nix.conf \`
			`&& echo 'substituters = https://cache.nixos.org/' >> /root/.config/nix/nix.conf`

			`# Add Nix to PATH for all users`
			`ENV PATH="/nix/var/nix/profiles/default/bin:$PATH"`

			`# Optional: Expose Nix daemon socket if you want to use host's Nix (less secure)`
			`# VOLUME ["/nix/store"]`
			`# Note: Not recommended for security - builds run in container instead`

			`# --- CONTINUE WITH EXISTENT DOCKERFILE ---`