feat: use nh to keep 2 gens and to deploy builds

.envrc

@@ -0,0 +1 @@
+use flake

README.md

@@ -40,14 +40,14 @@ nix run github:nix-community/nixos-anywhere -- --store-paths \
 ```
 
 ### 3. Update Existing Server (No Wipe)
-Once the server is running NixOS, use `nixos-rebuild` to push updates. This is faster and doesn't wipe data.
+Once the server is running NixOS, use `nh` to push updates. This repository provides `nh` via `direnv` (loaded from `flake.nix` devShell), so just run `direnv allow` first.
 
 ```bash
 # Update via IP
-nixos-rebuild switch --flake path:.#extremist-software --target-host root@<TARGET_IP> --impure
+nh os switch --hostname extremist-software --target-host root@<TARGET_IP> --impure path:.
 
 # Update via Tailscale (Once tailored up)
-nixos-rebuild switch --flake path:.#extremist-software --target-host root@extremist-software --impure
+nh os switch --hostname extremist-software --target-host root@extremist-software --impure path:.
 ```
 
 repo uses `impure` build to load `secrets/secrets.nix` directly. no encrypted secrets in git.

configuration.nix

@@ -44,6 +44,14 @@
     settings.PermitRootLogin = "prohibit-password";
   };
 
+  # nh (yet another nix helper)
+  programs.nh = {
+    enable = true;
+    clean.enable = true;
+    clean.extraArgs = "--keep 2";
+    flake = "/home/jet/Documents/extremist-software";
+  };
+
   # System
   system.stateVersion = "24.05";
   nix.settings.experimental-features = [ "nix-command" "flakes" ];

flake.nix

@@ -21,5 +21,11 @@
         ./configuration.nix
       ];
     };
+
+    devShells.x86_64-linux.default = let
+      pkgs = nixpkgs.legacyPackages.x86_64-linux;
+    in pkgs.mkShell {
+      packages = [ pkgs.nh ];
+    };
   };
 }