NixOS Configuration for AppDaemon Development

Objectives

• Use flakes
• devenv-based workflow
  • Shell
    • Makes uv available
    • Syncs devenv virtual environment
    • appdaemon
  • Build Docker
• SSH remote with VSCode
• Jupyter through VSCode
  • autoreload must work with editable install of the dev version
• Multiple dev versions
• Multiple config directories
• Debugger must work
• Observation - telegraf/promtail
• Utility - portainer, watchtower

Usage

nfs

Used to rebuild the ad-nix system with whatever is currently symlinked to /etc/nixos

ads

Used to enter the development shell. Be careful, as this will create a .devenv directory and venv wherever it's entered.

venv

Activated with .devenv/state/venv/bin/activate. Used in VSCode for type hints, running, and debugging

Jupyter

• Install devenv kernel - might not be useful?
  • python -m ipykernel install --user --name devenv --display-name "Python (devenv)"
• Run jupyter notebook on the side with a uv run jupyter notebook command
• Use the link with the token to connect the jupyter notebook kernel to it

Mechanics

SSH Connection

SSH keys are pre-authorized from secrets/authorized_keys which contains the public keys for desktop, laptop, and phone.

SOPS

• secrets/secrets.yaml contains the encrypted keys.
• There needs to be a ~/.config/sops/age/keys.txt file with the age secret key. This file has to be manually placed.
• .sops.yaml indicates to SOPS that the yaml file is encrypted with that secret key.
• sops-ad is a convenience script for editing the secrets.yaml file.

Setup

Bootstrapping

SSH in to the host as root and get into a shell with git.

nix-channel --update && nix-shell -p git

Then build the system from the flake

nixos-rebuild switch --flake git+https://gitea.john-stream.com/john/ad-nix#ad-nix

Secrets

secrets/secrets.yaml needs to have

• telegraf_influx_token