diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..3550a30 --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use flake diff --git a/README.md b/README.md index 600b96d..51dede9 100644 --- a/README.md +++ b/README.md @@ -40,14 +40,14 @@ nix run github:nix-community/nixos-anywhere -- --store-paths \ ``` ### 3. Update Existing Server (No Wipe) -Once the server is running NixOS, use `nixos-rebuild` to push updates. This is faster and doesn't wipe data. +Once the server is running NixOS, use `nh` to push updates. This repository provides `nh` via `direnv` (loaded from `flake.nix` devShell), so just run `direnv allow` first. ```bash # Update via IP -nixos-rebuild switch --flake path:.#extremist-software --target-host root@ --impure +nh os switch --hostname extremist-software --target-host root@ --impure path:. # Update via Tailscale (Once tailored up) -nixos-rebuild switch --flake path:.#extremist-software --target-host root@extremist-software --impure +nh os switch --hostname extremist-software --target-host root@extremist-software --impure path:. ``` repo uses `impure` build to load `secrets/secrets.nix` directly. no encrypted secrets in git. diff --git a/configuration.nix b/configuration.nix index a623e34..6ad6d2e 100644 --- a/configuration.nix +++ b/configuration.nix @@ -44,6 +44,14 @@ settings.PermitRootLogin = "prohibit-password"; }; + # nh (yet another nix helper) + programs.nh = { + enable = true; + clean.enable = true; + clean.extraArgs = "--keep 2"; + flake = "/home/jet/Documents/extremist-software"; + }; + # System system.stateVersion = "24.05"; nix.settings.experimental-features = [ "nix-command" "flakes" ]; diff --git a/flake.nix b/flake.nix index 2308773..fd6d838 100644 --- a/flake.nix +++ b/flake.nix @@ -21,5 +21,11 @@ ./configuration.nix ]; }; + + devShells.x86_64-linux.default = let + pkgs = nixpkgs.legacyPackages.x86_64-linux; + in pkgs.mkShell { + packages = [ pkgs.nh ]; + }; }; }