bos55-nix-config-cicd/docs/binary-cache/task.md

NixOS CI/CD Deployment — Tasks

Planning

• Explore repository structure and existing CI workflow
• Confirm deploy-rs activation internals (switch vs test vs boot)
• Write comprehensive implementation plan
• User review and approval of plan

Networking & IP Refactor

• Create modules/common/networking.nix with homelab.networking.hostIp
• Update all host configs to use the new hostIp option
• Update deploy.nodes to use hostIp instead of targetHost in deploy user module

Flake & deploy-rs Refinement

• Review Nixpkgs #73404 status (is cd /tmp still needed?)
• Refactor flake.nix to use flake-utils-plus passthrough (removing //)
• Review user = "root" vs sshUser = "deploy" logic

Security & Trust (Refinement)

• Add "Supply Chain Attacks" section to SECURITY.md
• Document project assumptions in SECURITY.md

Local testing (Fixes)

• Debug and fix test/vm-test.nix exit error
• Verify test passes in WSL

CI Workflows

• Update build.yml with dynamic host matrix + nix flake check
• Create deploy.yml (main → switch, test-* → test activation)
• Create check.yml (deployChecks + eval validation)
• Configure Forgejo secrets (DEPLOY_SSH_KEY)

Deferred (separate branches)

• Binary cache (Harmonia) — module, nix-cache config, signing keys
• Monitoring — NixOS generation exporter, node exporter per host