feat: add NixOS deployment infrastructure
- Nix installation guide for container (docs/nix-container-install.md) - Deployment helper script (scripts/deploy.sh) - SSH configuration template (scripts/deploy-ssh-config) - Deployment skill for Hermes (skills/nixos-deploy/) Enables remote NixOS deployment from Hermes container to target hosts via SSH with nixos-rebuild --target-host. Usage: ./scripts/deploy.sh <hostname> [branch] [action] Supported hosts: - lazyworkhorse (x86_64) - cyt-pi (aarch64) - uConsole (aarch64) - config pending
This commit is contained in:
32
docs/nix-container-install.md
Normal file
32
docs/nix-container-install.md
Normal file
@@ -0,0 +1,32 @@
|
||||
# Nix Installation for Hermes Agent Container
|
||||
# Add these lines to the Dockerfile to bake Nix into the container image
|
||||
|
||||
# --- ADD AFTER BASE IMAGE AND BEFORE USER SETUP ---
|
||||
|
||||
# Install Nix (Determinate Systems installer)
|
||||
# This provides nix, nixos-rebuild, and the Nix package manager
|
||||
RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||
curl \
|
||||
xz-utils \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Download and run Nix installer (non-interactive)
|
||||
RUN curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix \
|
||||
-o /tmp/nix-install.sh \
|
||||
&& chmod +x /tmp/nix-install.sh \
|
||||
&& sh /tmp/nix-install.sh install --no-confirm \
|
||||
&& rm /tmp/nix-install.sh
|
||||
|
||||
# Configure Nix for flakes
|
||||
RUN mkdir -p /root/.config/nix \
|
||||
&& echo 'experimental-features = nix-command flakes' > /root/.config/nix/nix.conf \
|
||||
&& echo 'substituters = https://cache.nixos.org/' >> /root/.config/nix/nix.conf
|
||||
|
||||
# Add Nix to PATH for all users
|
||||
ENV PATH="/nix/var/nix/profiles/default/bin:$PATH"
|
||||
|
||||
# Optional: Expose Nix daemon socket if you want to use host's Nix (less secure)
|
||||
# VOLUME ["/nix/store"]
|
||||
# Note: Not recommended for security - builds run in container instead
|
||||
|
||||
# --- CONTINUE WITH EXISTENT DOCKERFILE ---
|
||||
30
scripts/deploy-ssh-config
Normal file
30
scripts/deploy-ssh-config
Normal file
@@ -0,0 +1,30 @@
|
||||
# Hermes Container SSH Configuration
|
||||
# For NixOS deployment to remote hosts
|
||||
|
||||
Host lazyworkhorse
|
||||
HostName localhost
|
||||
User gortium
|
||||
IdentityFile /opt/data/home/.ssh/id_hermes_gitea
|
||||
StrictHostKeyChecking no
|
||||
UserKnownHostsFile /dev/null
|
||||
|
||||
Host cyt-pi
|
||||
HostName cyt-pi.local
|
||||
User thierry
|
||||
IdentityFile /opt/data/home/.ssh/id_hermes_gitea
|
||||
StrictHostKeyChecking no
|
||||
UserKnownHostsFile /dev/null
|
||||
|
||||
Host uconsole
|
||||
HostName uconsole.local
|
||||
User thierry
|
||||
IdentityFile /opt/data/home/.ssh/id_hermes_gitea
|
||||
StrictHostKeyChecking no
|
||||
UserKnownHostsFile /dev/null
|
||||
|
||||
# Generic pattern for .local hosts
|
||||
Host *.local
|
||||
User thierry
|
||||
IdentityFile /opt/data/home/.ssh/id_hermes_gitea
|
||||
StrictHostKeyChecking no
|
||||
UserKnownHostsFile /dev/null
|
||||
58
scripts/deploy.sh
Normal file
58
scripts/deploy.sh
Normal file
@@ -0,0 +1,58 @@
|
||||
#!/usr/bin/env bash
|
||||
# NixOS Deployment Helper Script
|
||||
# Usage: ./deploy.sh <hostname> [branch] [action]
|
||||
# Example: ./deploy.sh uConsole feat/test switch
|
||||
|
||||
set -e
|
||||
|
||||
HOSTNAME="${1:-}"
|
||||
BRANCH="${2:-main}"
|
||||
ACTION="${3:-switch}"
|
||||
|
||||
if [ -z "$HOSTNAME" ]; then
|
||||
echo "Usage: $0 <hostname> [branch] [action]"
|
||||
echo " hostname: lazyworkhorse, cyt-pi, uConsole"
|
||||
echo " branch: git branch to deploy (default: main)"
|
||||
echo " action: switch, test, boot (default: switch)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Environment setup
|
||||
export GIT_SSH_COMMAND="ssh -i /opt/data/home/.ssh/id_hermes_gitea -o StrictHostKeyChecking=no"
|
||||
export PATH="/nix/var/nix/profiles/default/bin:$PATH"
|
||||
|
||||
cd /opt/data/infra
|
||||
|
||||
echo "=== NixOS Deployment ==="
|
||||
echo "Host: $HOSTNAME"
|
||||
echo "Branch: $BRANCH"
|
||||
echo "Action: $ACTION"
|
||||
echo ""
|
||||
|
||||
# Checkout branch
|
||||
echo "[1/4] Checking out branch..."
|
||||
git fetch origin "$BRANCH" 2>/dev/null || true
|
||||
git checkout "$BRANCH" 2>/dev/null || git checkout -b "$BRANCH"
|
||||
|
||||
# Update submodules
|
||||
echo "[2/4] Updating submodules..."
|
||||
git submodule update --init --recursive
|
||||
|
||||
# Build configuration
|
||||
echo "[3/4] Building configuration..."
|
||||
if [ "$ACTION" = "switch" ]; then
|
||||
nixos-rebuild switch --flake ".#$HOSTNAME" --target-host "thierry@$HOSTNAME" --use-remote-sudo
|
||||
elif [ "$ACTION" = "test" ]; then
|
||||
nixos-rebuild test --flake ".#$HOSTNAME" --target-host "thierry@$HOSTNAME" --use-remote-sudo
|
||||
elif [ "$ACTION" = "boot" ]; then
|
||||
nixos-rebuild boot --flake ".#$HOSTNAME" --target-host "thierry@$HOSTNAME" --use-remote-sudo
|
||||
else
|
||||
echo "Unknown action: $ACTION"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "[4/4] Deployment complete!"
|
||||
echo "Host: $HOSTNAME"
|
||||
echo "Branch: $BRANCH"
|
||||
echo "Time: $(date -Iseconds)"
|
||||
Reference in New Issue
Block a user