john/ad-nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
44a817e5ab3510dc78fac0bf571beccf2563dc1c
ad-nix/README.md
John Lancaster 44a817e5ab readme update
2024-12-29 14:25:57 -06:00

85 lines
2.2 KiB
Markdown
Raw Blame History

# NixOS Configuration for AppDaemon Development
## Objectives
- Use flakes
- `devenv`-based workflow
- Shell
- Makes `uv` available
- Syncs `devenv` virtual environment
- `appdaemon`
- Build Docker
- SSH remote with VSCode
- Jupyter through VSCode
- `autoreload` must work with editable install of the dev version
- Multiple dev versions
- Multiple config directories
- Debugger must work
- Observation - telegraf/promtail
- Utility - portainer, watchtower
## Usage
### `nfs`
Used to rebuild the `ad-nix` system with whatever is currently symlinked to `/etc/nixos`
### `ads`
Used to enter the development shell. Be careful, as this will create a `.devenv` directory and venv wherever it's entered.
### venv
Activated with `.devenv/state/venv/bin/activate`. Used in VSCode for type hints, running, and debugging
### Jupyter
- Install devenv kernel - might not be useful?
- `python -m ipykernel install --user --name devenv --display-name "Python (devenv)"`
- Run jupyter notebook on the side with a `uv run jupyter notebook` command
- Use the link with the token to connect the jupyter notebook kernel to it
## Mechanics
### SSH Connection
SSH keys are pre-authorized from `secrets/authorized_keys` which contains the public keys for desktop, laptop, and phone.
### SOPS
- `secrets/secrets.yaml` contains the encrypted keys.
- There needs to be a `~/.config/sops/age/keys.txt` file with the age secret key. This file has to be manually placed.
- `.sops.yaml` indicates to SOPS that the yaml file is encrypted with that secret key.
- `sops-ad` is a convenience script for editing the secrets.yaml file.
## Setup
### Bootstrapping
SSH in to the host as root and get into a shell with `git`.
```shell
nix-channel --update && nix-shell -p git
```
Then build the system from the flake
```shell
nixos-rebuild switch --flake git+https://gitea.john-stream.com/john/ad-nix#ad-nix
```
### Secrets
`secrets/secrets.yaml` needs to have
- `telegraf_influx_token`
### Tailscale
Needs this in the `/etc/pve/lxc/<vmid>.conf` file on the proxmox host.
```
lxc.cgroup2.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file
```
Reference in New Issue View Git Blame Copy Permalink