cryodev/docs/deployment/cd.md

Continuous Deployment

All hosts use Comin (pull-based) for automatic deployment.

Overview

Host	Strategy	Tool	Trigger
cryodev-main	Pull-based	Comin	Automatic polling
cryodev-pi	Pull-based	Comin	Automatic polling

How It Works

1. Developer pushes to main branch
2. CI (Forgejo Actions) runs flake-check and builds all hosts
3. Comin on each host periodically polls the Git repository
4. On changes, Comin builds and activates the new configuration

Configuration

# hosts/<hostname>/services/comin.nix
{
  services.comin = {
    enable = true;
    remotes = [{
      name = "origin";
      url = "https://git.cryodev.xyz/steffen/cryodev.git";
      branches.main.name = "main";
    }];
  };
}

Monitoring

Check Comin status:

sudo systemctl status comin
sudo journalctl -u comin -f

Force immediate update:

sudo systemctl restart comin

Troubleshooting

If Comin fails to build:

# Check logs
sudo journalctl -u comin --since "1 hour ago"

# Manual build test
cd /var/lib/comin/repo
nix build .#nixosConfigurations.<hostname>.config.system.build.toplevel

Rollback

# List generations
sudo nix-env -p /nix/var/nix/profiles/system --list-generations

# Rollback to previous
sudo nixos-rebuild switch --rollback

Manual Deployment

For initial setup or emergencies:

# Using the deploy app
nix run .#deploy -- -n <hostname>

# Or manually with nixos-rebuild
NIX_SSHOPTS="-p 2299" nixos-rebuild switch --flake .#<hostname> \
  --target-host <user>@<hostname> --sudo --ask-sudo-password

Testing Changes

Before pushing, always verify:

# Check flake validity
nix flake check

# Build configuration (dry-run)
nix build .#nixosConfigurations.<hostname>.config.system.build.toplevel --dry-run

# Full build
nix build .#nixosConfigurations.<hostname>.config.system.build.toplevel