forked from Bos55/nix-config
35 lines
1.4 KiB
Markdown
35 lines
1.4 KiB
Markdown
# NixOS CI/CD Deployment — Tasks
|
|
|
|
## Planning
|
|
- [x] Explore repository structure and existing CI workflow
|
|
- [x] Confirm deploy-rs activation internals (`switch` vs `test` vs `boot`)
|
|
- [x] Write comprehensive implementation plan
|
|
- [x] User review and approval of plan
|
|
|
|
## Networking & IP Refactor
|
|
- [ ] Create `modules/common/networking.nix` with `homelab.networking.hostIp`
|
|
- [ ] Update all host configs to use the new `hostIp` option
|
|
- [ ] Update `deploy.nodes` to use `hostIp` instead of `targetHost` in deploy user module
|
|
|
|
## Flake & deploy-rs Refinement
|
|
- [ ] Review Nixpkgs #73404 status (is `cd /tmp` still needed?)
|
|
- [ ] Refactor `flake.nix` to use `flake-utils-plus` passthrough (removing `//`)
|
|
- [ ] Review `user = "root"` vs `sshUser = "deploy"` logic
|
|
|
|
## Security & Trust (Refinement)
|
|
- [ ] Add "Supply Chain Attacks" section to `SECURITY.md`
|
|
- [ ] Document project assumptions in `SECURITY.md`
|
|
|
|
## Local testing (Fixes)
|
|
- [ ] Debug and fix `test/vm-test.nix` exit error
|
|
- [ ] Verify test passes in WSL
|
|
|
|
## CI Workflows
|
|
- [x] Update `build.yml` with dynamic host matrix + `nix flake check`
|
|
- [x] Create `deploy.yml` (main → switch, test-* → test activation)
|
|
- [x] Create `check.yml` (deployChecks + eval validation)
|
|
- [ ] Configure Forgejo secrets (DEPLOY_SSH_KEY)
|
|
|
|
## Deferred (separate branches)
|
|
- [ ] Binary cache (Harmonia) — module, nix-cache config, signing keys
|
|
- [ ] Monitoring — NixOS generation exporter, node exporter per host
|