docs(binary-cache): Add implementation documentation

2026-03-17 18:40:07 +01:00 · 2026-03-17 18:40:07 +01:00 · a9d3469959
commit a9d3469959
parent 4f160adef3
4 changed files with 459 additions and 0 deletions
--- a/docs/binary-cache/task.md
+++ b/docs/binary-cache/task.md
@ -0,0 +1,35 @@
+# NixOS CI/CD Deployment — Tasks
+
+## Planning
+- [x] Explore repository structure and existing CI workflow
+- [x] Confirm deploy-rs activation internals (`switch` vs `test` vs `boot`)
+- [x] Write comprehensive implementation plan
+- [x] User review and approval of plan
+
+## Networking & IP Refactor
+- [ ] Create `modules/common/networking.nix` with `homelab.networking.hostIp`
+- [ ] Update all host configs to use the new `hostIp` option
+- [ ] Update `deploy.nodes` to use `hostIp` instead of `targetHost` in deploy user module
+
+## Flake & deploy-rs Refinement
+- [ ] Review Nixpkgs #73404 status (is `cd /tmp` still needed?)
+- [ ] Refactor `flake.nix` to use `flake-utils-plus` passthrough (removing `//`)
+- [ ] Review `user = "root"` vs `sshUser = "deploy"` logic
+
+## Security & Trust (Refinement)
+- [ ] Add "Supply Chain Attacks" section to `SECURITY.md`
+- [ ] Document project assumptions in `SECURITY.md`
+
+## Local testing (Fixes)
+- [ ] Debug and fix `test/vm-test.nix` exit error
+- [ ] Verify test passes in WSL
+
+## CI Workflows
+- [x] Update `build.yml` with dynamic host matrix + `nix flake check`
+- [x] Create `deploy.yml` (main → switch, test-* → test activation)
+- [x] Create `check.yml` (deployChecks + eval validation)
+- [ ] Configure Forgejo secrets (DEPLOY_SSH_KEY)
+
+## Deferred (separate branches)
+- [ ] Binary cache (Harmonia) — module, nix-cache config, signing keys
+- [ ] Monitoring — NixOS generation exporter, node exporter per host