diff --git a/.forgejo/workflows/ci.yml b/.forgejo/workflows/ci.yml index 481d33c..c9ed6e6 100644 --- a/.forgejo/workflows/ci.yml +++ b/.forgejo/workflows/ci.yml @@ -23,4 +23,4 @@ jobs: run: nix build .#nixosConfigurations.cryodev-main.config.system.build.toplevel --impure - name: Build cryodev-pi - run: nix build .#nixosConfigurations.cryodev-pi.config.system.build.toplevel --impure + run: nix build .#nixosConfigurations.cryodev-pi.config.system.build.toplevel --impure --extra-platforms aarch64-linux diff --git a/.forgejo/workflows/deploy.yml b/.forgejo/workflows/deploy.yml index d69d66e..9ff2d49 100644 --- a/.forgejo/workflows/deploy.yml +++ b/.forgejo/workflows/deploy.yml @@ -26,10 +26,10 @@ jobs: run: nix build .#nixosConfigurations.cryodev-main.config.system.build.toplevel --impure - name: Build cryodev-pi - run: nix build .#nixosConfigurations.cryodev-pi.config.system.build.toplevel --impure + run: nix build .#nixosConfigurations.cryodev-pi.config.system.build.toplevel --impure --extra-platforms aarch64-linux build-pi-images: - needs: flake-check + needs: build-hosts runs-on: host strategy: matrix: diff --git a/AGENTS.md b/AGENTS.md index 0b23dfa..367ea5c 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -27,7 +27,7 @@ nix build .#nixosConfigurations.cryodev-pi.config.system.build.sdImage # Format code (required before committing) nix fmt -# Run all checks (lint, formatting, deploy-rs validation) +# Run all checks (lint, formatting) nix flake check # Quick evaluation test (faster than full build) @@ -46,14 +46,17 @@ nix develop # Deploy all hosts via deploy app (uses deploy.json) nix run .#deploy -# Deploy to cryodev-main via deploy-rs -nix run github:serokell/deploy-rs -- .#cryodev-main +# Deploy a specific host +nix run .#deploy -- -n cryodev-main # Manual deployment via SSH NIX_SSHOPTS="-p 2299" nixos-rebuild switch --flake .# \ --target-host @ --sudo --ask-sudo-password ``` +> **Note:** Both hosts use Comin for automatic pull-based deployment. +> Manual deployment is only needed for the initial setup or emergencies. + ### Apps ```bash @@ -200,7 +203,7 @@ services.nginx.enable = lib.mkDefault true; | Host | Strategy | Trigger | |------|----------|---------| -| `cryodev-main` | Push via deploy-rs | Forgejo Actions on push to main | +| `cryodev-main` | Pull via Comin | Automatic polling | | `cryodev-pi` | Pull via Comin | Automatic polling | | SD Images | Built in CI | Push to main (for Pi hosts) | diff --git a/README.md b/README.md index 3605ade..fde2dc0 100644 --- a/README.md +++ b/README.md @@ -6,8 +6,8 @@ Declarative NixOS infrastructure for the **cryodev** environment, managed with N ```bash # Clone repository -git clone https://git.cryodev.xyz/steffen/cryodev-server.git -cd cryodev-server +git clone https://git.cryodev.xyz/steffen/cryodev.git +cd cryodev # Check configuration nix flake check @@ -20,7 +20,7 @@ nix build .#nixosConfigurations.cryodev-main.config.system.build.toplevel | Host | Architecture | Deployment | Description | |------|--------------|------------|-------------| -| `cryodev-main` | x86_64 | Push (deploy-rs) | Main server | +| `cryodev-main` | x86_64 | Pull (Comin) | Main server | | `cryodev-pi` | aarch64 | Pull (Comin) | Raspberry Pi client | ## Services @@ -37,7 +37,7 @@ nix build .#nixosConfigurations.cryodev-main.config.system.build.toplevel SD card images for Raspberry Pi clients are **built automatically** on every push to `main`. -Download from: [Releases](https://git.cryodev.xyz/steffen/cryodev-server/releases) +Download from: [Releases](https://git.cryodev.xyz/steffen/cryodev/releases) ```bash # Flash to SD card diff --git a/docs/deployment/cd.md b/docs/deployment/cd.md index 628ee5e..223b397 100644 --- a/docs/deployment/cd.md +++ b/docs/deployment/cd.md @@ -1,121 +1,38 @@ # Continuous Deployment -The cryodev infrastructure uses two deployment strategies optimized for different host types. +All hosts use **Comin** (pull-based) for automatic deployment. ## Overview | Host | Strategy | Tool | Trigger | |------|----------|------|---------| -| `cryodev-main` | Push-based | deploy-rs | Git push via Forgejo Actions | -| `cryodev-pi` | Pull-based | Comin | Periodic polling | +| `cryodev-main` | Pull-based | Comin | Automatic polling | +| `cryodev-pi` | Pull-based | Comin | Automatic polling | -## Push-based Deployment (cryodev-main) - -### How It Works +## How It Works 1. Developer pushes to `main` branch -2. Forgejo Actions workflow triggers -3. `deploy-rs` connects via SSH and deploys +2. CI (Forgejo Actions) runs flake-check and builds all hosts +3. Comin on each host periodically polls the Git repository +4. On changes, Comin builds and activates the new configuration -### Setup - -#### 1. Generate Deploy Key - -```bash -ssh-keygen -t ed25519 -f deploy_key -C "forgejo-actions" -``` - -#### 2. Add Public Key to Server - -On `cryodev-main`: - -```bash -echo "PUBLIC_KEY_CONTENT" >> /root/.ssh/authorized_keys -``` - -#### 3. Add Private Key to Forgejo - -1. Go to Repository Settings > Secrets -2. Add secret named `DEPLOY_SSH_KEY` -3. Paste the private key content - -#### 4. Workflow Configuration - -`.forgejo/workflows/deploy.yaml`: - -```yaml -name: Deploy -on: - push: - branches: [main] - -jobs: - check: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v24 - - run: nix flake check - - deploy: - needs: check - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v24 - - - name: Setup SSH - env: - SSH_PRIVATE_KEY: ${{ secrets.DEPLOY_SSH_KEY }} - run: | - mkdir -p ~/.ssh - echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519 - chmod 600 ~/.ssh/id_ed25519 - ssh-keyscan cryodev-main >> ~/.ssh/known_hosts - - - name: Deploy - run: nix run github:serokell/deploy-rs -- .#cryodev-main -``` - -### Rollback - -deploy-rs automatically rolls back if the new configuration fails health checks. - -Manual rollback: - -```bash -# List generations -sudo nix-env -p /nix/var/nix/profiles/system --list-generations - -# Rollback to previous -sudo nixos-rebuild switch --rollback -``` - -## Pull-based Deployment (cryodev-pi) - -### How It Works - -1. Comin periodically polls the Git repository -2. On changes, it builds and activates the new configuration -3. Works through NAT without incoming connections - -### Configuration +## Configuration ```nix -# hosts/cryodev-pi/services/comin.nix +# hosts//services/comin.nix { services.comin = { enable = true; remotes = [{ name = "origin"; - url = "https://git.cryodev.xyz/steffen/cryodev-server.git"; + url = "https://git.cryodev.xyz/steffen/cryodev.git"; branches.main.name = "main"; }]; }; } ``` -### Monitoring +## Monitoring Check Comin status: @@ -130,7 +47,7 @@ Force immediate update: sudo systemctl restart comin ``` -### Troubleshooting +## Troubleshooting If Comin fails to build: @@ -140,23 +57,30 @@ sudo journalctl -u comin --since "1 hour ago" # Manual build test cd /var/lib/comin/repo -nix build .#nixosConfigurations.cryodev-pi.config.system.build.toplevel +nix build .#nixosConfigurations..config.system.build.toplevel +``` + +## Rollback + +```bash +# List generations +sudo nix-env -p /nix/var/nix/profiles/system --list-generations + +# Rollback to previous +sudo nixos-rebuild switch --rollback ``` ## Manual Deployment -For hosts not using automated deployment: +For initial setup or emergencies: ```bash -# Build locally -nix build .#nixosConfigurations..config.system.build.toplevel +# Using the deploy app +nix run .#deploy -- -n -# Deploy with nixos-rebuild +# Or manually with nixos-rebuild NIX_SSHOPTS="-p 2299" nixos-rebuild switch --flake .# \ --target-host @ --sudo --ask-sudo-password - -# Or using deploy-rs -nix run github:serokell/deploy-rs -- .# ``` ## Testing Changes diff --git a/docs/index.md b/docs/index.md index 47ad07d..c63bb6c 100644 --- a/docs/index.md +++ b/docs/index.md @@ -90,5 +90,5 @@ Für Raspberry Pi: [SD-Image Referenz](getting-started/sd-image.md) | Host | Strategie | Tool | Beschreibung | |------|-----------|------|--------------| -| `cryodev-main` | Push-basiert | deploy-rs via Forgejo Actions | Sofortige Updates bei Push | -| `cryodev-pi` | Pull-basiert | Comin | Pollt Repository auf Änderungen | +| `cryodev-main` | Pull-basiert | Comin | Pollt Repository auf Aenderungen | +| `cryodev-pi` | Pull-basiert | Comin | Pollt Repository auf Aenderungen | diff --git a/docs/services/forgejo.md b/docs/services/forgejo.md index 09d5b6a..5955405 100644 --- a/docs/services/forgejo.md +++ b/docs/services/forgejo.md @@ -75,44 +75,23 @@ forgejo-runner: ## CI/CD Workflows -### deploy-rs Workflow +CI runs on every push to `main` via Forgejo Actions: -`.forgejo/workflows/deploy.yaml`: +1. **flake-check** -- validates the flake +2. **build-hosts** -- builds all host configurations -```yaml -name: Deploy -on: - push: - branches: [main] - -jobs: - deploy: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - name: Install Nix - uses: cachix/install-nix-action@v24 - - - name: Deploy - env: - SSH_PRIVATE_KEY: ${{ secrets.DEPLOY_SSH_KEY }} - run: | - mkdir -p ~/.ssh - echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519 - chmod 600 ~/.ssh/id_ed25519 - nix run .#deploy -``` +Deployment is handled by **Comin** (pull-based), not by CI. +See [CD documentation](../deployment/cd.md) for details. ## Administration ### Create Admin User ```bash -sudo -u forgejo forgejo admin user create \ - --username admin \ - --password changeme \ - --email admin@cryodev.xyz \ +forgejo admin user create \ + --username \ + --email @ \ + --password \ --admin ``` diff --git a/hosts/cryodev-pi/hardware.nix b/hosts/cryodev-pi/hardware.nix index a0d751a..bb0722b 100644 --- a/hosts/cryodev-pi/hardware.nix +++ b/hosts/cryodev-pi/hardware.nix @@ -3,11 +3,15 @@ { boot = { kernelPackages = pkgs.linuxKernel.packages.linux_rpi4; - initrd.availableKernelModules = [ - "xhci_pci" - "usbhid" - "usb_storage" - ]; + initrd = { + availableKernelModules = [ + "xhci_pci" + "usbhid" + "usb_storage" + ]; + # Disable default x86 modules that don't exist in the Pi kernel (e.g. dw-hdmi) + includeDefaultModules = false; + }; }; fileSystems = { diff --git a/hosts/cryodev-pi/sd-image.nix b/hosts/cryodev-pi/sd-image.nix index 100123f..237f214 100644 --- a/hosts/cryodev-pi/sd-image.nix +++ b/hosts/cryodev-pi/sd-image.nix @@ -27,4 +27,12 @@ "vfat" "ext4" ]; + + # sd-image.nix imports all-hardware.nix which adds x86 modules like dw-hdmi + # that don't exist in the RPi4 kernel. Filter them out. + boot.initrd.availableKernelModules = lib.mkForce [ + "xhci_pci" + "usbhid" + "usb_storage" + ]; } diff --git a/modules/nixos/nixvim/plugins/default.nix b/modules/nixos/nixvim/plugins/default.nix index 1941f43..5f3891a 100644 --- a/modules/nixos/nixvim/plugins/default.nix +++ b/modules/nixos/nixvim/plugins/default.nix @@ -11,8 +11,6 @@ ]; config.programs.nixvim.plugins = { - markdown-preview.enable = lib.mkDefault true; - # warning: Nixvim: `plugins.web-devicons` was enabled automatically because the following plugins are enabled. This behaviour is deprecated. Please explicitly define `plugins.web-devicons.enable` web-devicons.enable = true; }; } diff --git a/templates/raspberry-pi/hardware.nix b/templates/raspberry-pi/hardware.nix index a0d751a..bb0722b 100644 --- a/templates/raspberry-pi/hardware.nix +++ b/templates/raspberry-pi/hardware.nix @@ -3,11 +3,15 @@ { boot = { kernelPackages = pkgs.linuxKernel.packages.linux_rpi4; - initrd.availableKernelModules = [ - "xhci_pci" - "usbhid" - "usb_storage" - ]; + initrd = { + availableKernelModules = [ + "xhci_pci" + "usbhid" + "usb_storage" + ]; + # Disable default x86 modules that don't exist in the Pi kernel (e.g. dw-hdmi) + includeDefaultModules = false; + }; }; fileSystems = {