NixOS Configuration for AppDaemon Development

Objectives

Use flakes
devenv-based workflow
- Shell
  - Makes uv available
  - Syncs devenv virtual environment
  - appdaemon
- Build Docker
SSH remote with VSCode
Jupyter through VSCode
- autoreload must work with editable install of the dev version
Multiple dev versions
Multiple config directories
Debugger must work
Observation - telegraf/promtail
Utility - portainer, watchtower

Used to rebuild the ad-nix system with whatever is currently symlinked to /etc/nixos

Used to enter the development shell. Be careful, as this will create a .devenv directory and venv wherever it's entered.

Activated with .devenv/state/venv/bin/activate. Used in VSCode for type hints, running, and debugging

Install devenv kernel - might not be useful?
- python -m ipykernel install --user --name devenv --display-name "Python (devenv)"
Run jupyter notebook on the side with a uv run jupyter notebook command
Use the link with the token to connect the jupyter notebook kernel to it

SSH keys are pre-authorized from secrets/authorized_keys which contains the public keys for desktop, laptop, and phone.

secrets/secrets.yaml contains the encrypted keys.
There needs to be a ~/.config/sops/age/keys.txt file with the age secret key. This file has to be manually placed.
.sops.yaml indicates to SOPS that the yaml file is encrypted with that secret key.
sops-ad is a convenience script for editing the secrets.yaml file.

SSH in to the host as root and get into a shell with git.

nix-channel --update && nix-shell -p git

Then build the system from the flake

nixos-rebuild switch --flake git+https://gitea.john-stream.com/john/ad-nix#ad-nix

secrets/secrets.yaml needs to have

Needs this in the /etc/pve/lxc/<vmid>.conf file on the proxmox host.

lxc.cgroup2.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file