fix(flake): make Hetzner the canonical cc-ci host target
This commit is contained in:
autonomic-bot
@ -5,11 +5,16 @@ reports the result back. Everything on the `cc-ci` host is declared in this repo
|
||||
|
||||
## Repo layout
|
||||
|
||||
All Nix code lives under **`nix/`** — `nix/hosts/cc-ci/` (the machine config) and `nix/modules/`
|
||||
(the service modules). `flake.nix` / `flake.lock` stay at the **repo root** as the entry point, so
|
||||
the build reference is unchanged (`nixos-rebuild switch --flake '…#cc-ci'`). Application source sits
|
||||
at the root (`bridge/`, `dashboard/`, `runner/`, `tests/`); encrypted secrets are the `secrets/`
|
||||
submodule.
|
||||
All Nix code lives under **`nix/`** — `nix/hosts/cc-ci-hetzner/` (the live machine config),
|
||||
`nix/hosts/cc-ci/` (the legacy Incus config), and `nix/modules/` (the service modules).
|
||||
`flake.nix` / `flake.lock` stay at the **repo root** as the entry point. Host targets:
|
||||
|
||||
- `#cc-ci` = live Hetzner host
|
||||
- `#cc-ci-hetzner` = explicit alias for the same live Hetzner host
|
||||
- `#cc-ci-incus` = legacy Incus VM config only
|
||||
|
||||
Application source sits at the root (`bridge/`, `dashboard/`, `runner/`, `tests/`); encrypted secrets
|
||||
are the `secrets/` submodule.
|
||||
|
||||
## Components
|
||||
|
||||
|
||||
@ -53,6 +53,7 @@ install -m700 -d /var/lib/sops-nix
|
||||
install -m600 /path/to/bootstrap-age-key /var/lib/sops-nix/key.txt
|
||||
|
||||
# 3. One nixos-rebuild switch. NOTE: ?submodules=1 so the git flake includes secrets/.
|
||||
# `#cc-ci` is the canonical live Hetzner host target. The old Incus config is `#cc-ci-incus`.
|
||||
nixos-rebuild switch --flake 'git+file:///root/cc-ci?submodules=1#cc-ci'
|
||||
```
|
||||
|
||||
|
||||
Reference in New Issue
Block a user