Bos55 NixOS Config

Automated CI/CD deployment for NixOS homelab using deploy-rs.

Repository Structure

• hosts/: Host-specific configurations.
• modules/: Shared NixOS modules.
• users/: User definitions (including the deploy user).
• secrets/: Encrypted secrets via sops-nix.

Deployment Workflow

Prerequisites

• SSH access to the deploy user on target hosts.
• deploy-rs installed locally (nix profile install github:serokell/deploy-rs).

Deployment Modes

1. Production Deployment (main branch): Triggered on push to main. Automatically builds and switches all hosts. bootloader is updated. Manual: deploy .

2. Test Deployment (test- branch): Triggered on push to test-<hostname>. Builds and activates the configuration on the specific host without updating the bootloader. Reboots will revert to the previous generation. Manual: deploy .#<hostname>.test

3. Kernel Upgrades / Maintenance: Use deploy .#<hostname>.system --boot to update the bootloader without immediate activation, followed by a manual reboot.

Local Development

1. Developer Shell

This repository includes a standardized development environment containing all necessary tools (deploy-rs, sops, age, etc.).

nix develop
# or if using direnv
direnv allow

2. Build a host VM

You can build a QEMU VM for any host configuration to test changes locally:

nix build .#nixosConfigurations.<hostname>.config.system.build.vm
./result/bin/run-<hostname>-vm

Warning

Network Conflict: Default VMs use user-mode networking (NAT) which is safe. However, if you configure the VM to use bridge networking, it will attempt to use the static IP defined in hostIp. Ensure you do not have a physical host with that IP active on the same bridge to avoid network interference.

3. Run Integration Tests

Run the automated test suite:

nix-build test/vm-test.nix

3. Test CI Workflows Locally

Use act to test the GitHub Actions workflows:

act -W .github/workflows/check.yml

Security

See SECURITY.md for details on the trust model and secret management.