tdpeuter/bos55-nix-config-cicd
1
Fork 0
forked from Bos55/nix-config
Code Pull requests 1 Releases Packages Activity Actions
bos55-nix-config-cicd/README.md
Tibo De Peuter 8fb651fd60
refactor: optimize flake.nix and modularize networking config 
Cleaner deploy.nodes generation, improved devShell experience, and centralized host IP definitions.
2026-03-17 18:24:17 +01:00

64 lines
2.2 KiB
Markdown
Raw Blame History

# Bos55 NixOS Config
Automated CI/CD deployment for NixOS homelab using `deploy-rs`.
## Repository Structure
- `hosts/`: Host-specific configurations.
- `modules/`: Shared NixOS modules.
- `users/`: User definitions (including the `deploy` user).
- `secrets/`: Encrypted secrets via `sops-nix`.
## Deployment Workflow
### Prerequisites
- SSH access to the `deploy` user on target hosts.
- `deploy-rs` installed locally (`nix profile install github:serokell/deploy-rs`).
### Deployment Modes
1. **Production Deployment (main branch):**
Triggered on push to `main`. Automatically builds and switches all hosts. bootloader is updated.
Manual: `deploy .`
2. **Test Deployment (test-<hostname> branch):**
Triggered on push to `test-<hostname>`. Builds and activates the configuration on the specific host **without** updating the bootloader. Reboots will revert to the previous generation.
Manual: `deploy .#<hostname>.test`
3. **Kernel Upgrades / Maintenance:**
Use `deploy .#<hostname>.system --boot` to update the bootloader without immediate activation, followed by a manual reboot.
## Local Development
### 1. Developer Shell
This repository includes a standardized development environment containing all necessary tools (`deploy-rs`, `sops`, `age`, etc.).
```bash
nix develop
# or if using direnv
direnv allow
```
### 2. Build a host VM
You can build a QEMU VM for any host configuration to test changes locally:
```bash
nix build .#nixosConfigurations.<hostname>.config.system.build.vm
./result/bin/run-<hostname>-vm
```
> [!WARNING]
> **Network Conflict**: Default VMs use user-mode networking (NAT) which is safe. However, if you configure the VM to use bridge networking, it will attempt to use the static IP defined in `hostIp`. Ensure you do not have a physical host with that IP active on the same bridge to avoid network interference.
### 3. Run Integration Tests
Run the automated test suite:
```bash
nix-build test/vm-test.nix
```
### 3. Test CI Workflows Locally
Use `act` to test the GitHub Actions workflows:
```bash
act -W .github/workflows/check.yml
```
## Security
See [SECURITY.md](SECURITY.md) for details on the trust model and secret management.
View git blame Copy permalink