cryodev/docs/deployment/cd.md

# Continuous Deployment

All hosts use **Comin** (pull-based) for automatic deployment.

## Overview

| Host | Strategy | Tool | Trigger |
|------|----------|------|---------|
| `cryodev-main` | Pull-based | Comin | Automatic polling |
| `cryodev-pi` | Pull-based | Comin | Automatic polling |

## How It Works

1. Developer pushes to `main` branch
2. CI (Forgejo Actions) runs flake-check and builds all hosts
3. Comin on each host periodically polls the Git repository
4. On changes, Comin builds and activates the new configuration

## Configuration

```nix
# hosts/<hostname>/services/comin.nix
{
  services.comin = {
    enable = true;
    remotes = [{
      name = "origin";
      url = "https://git.cryodev.xyz/steffen/cryodev.git";
      branches.main.name = "main";
    }];
  };
}
```

## Monitoring

Check Comin status:

```bash
sudo systemctl status comin
sudo journalctl -u comin -f
```

Force immediate update:

```bash
sudo systemctl restart comin
```

## Troubleshooting

If Comin fails to build:

```bash
# Check logs
sudo journalctl -u comin --since "1 hour ago"

# Manual build test
cd /var/lib/comin/repo
nix build .#nixosConfigurations.<hostname>.config.system.build.toplevel
```

## Rollback

```bash
# List generations
sudo nix-env -p /nix/var/nix/profiles/system --list-generations

# Rollback to previous
sudo nixos-rebuild switch --rollback
```

## Manual Deployment

For initial setup or emergencies:

```bash
# Using the deploy app
nix run .#deploy -- -n <hostname>

# Or manually with nixos-rebuild
NIX_SSHOPTS="-p 2299" nixos-rebuild switch --flake .#<hostname> \
  --target-host <user>@<hostname> --sudo --ask-sudo-password
```

## Testing Changes

Before pushing, always verify:

```bash
# Check flake validity
nix flake check

# Build configuration (dry-run)
nix build .#nixosConfigurations.<hostname>.config.system.build.toplevel --dry-run

# Full build
nix build .#nixosConfigurations.<hostname>.config.system.build.toplevel
```