From 46d7220479a4e7521492a72b7ee5152da0d1e724 Mon Sep 17 00:00:00 2001 From: h7x4 Date: Tue, 13 Jan 2026 22:54:21 +0900 Subject: [PATCH] Move deployment section from dev docs to README, add warning --- README.md | 28 +++++++++++++++++++++++++++- docs/development.md | 21 --------------------- 2 files changed, 27 insertions(+), 22 deletions(-) diff --git a/README.md b/README.md index 9962eff..b6aafe5 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,33 @@ This repository contains the NixOS configurations for Programvareverkstedet's se In addition to machine configurations, it also contains a bunch of shared modules, packages, and more. -## Machines +> [!WARNING] +> Please read [Development - working on the PVV machines](./docs/development.md) before making +> any changes, and [Secret management and `sops-nix`](./docs/secret-management.md) before adding +> any credentials such as passwords, API tokens, etc. to the configuration. + +## Deploying to machines + +> [!WARNING] +> Be careful to think about state when testing changes against the machines. Sometimes, a certain change +> can lead to irreversible changes to the data stored on the machine. An example would be a set of database +> migrations applied when testing a newer version of a service. Unless that service also comes with downwards +> migrations, you can not go back to the previous version without losing data. + +To deploy the changes to a machine, you should first SSH into the machine, and clone the pvv-nixos-config +repository unless you have already done so. After that, checkout the branch you want to deploy from, and rebuild: + +```bash +# Run this while in the pvv-nixos-config directory +sudo nixos-rebuild switch --update-input nixpkgs --update-input nixpkgs-unstable --no-write-lock-file --refresh --flake .# --upgrade +``` + +This will rebuild the NixOS system on the current branch and switch the system configuration to reflect the new changes. + +Note that unless you eventually merge the current changes into `main`, the machine will rebuild itself automatically and +revert the changes on the next nightly rebuild (tends to happen when everybody is asleep). + +## Machine overview | Name | Type | Description | |----------------------------|----------|-----------------------------------------------------------| diff --git a/docs/development.md b/docs/development.md index 350c605..3557d95 100644 --- a/docs/development.md +++ b/docs/development.md @@ -156,27 +156,6 @@ nix build .# > built some of the machines recently. Be prepared to wait for up to an hour to build all machines from scratch > if this is the first time. -### Deploying to machines - -> [!WARNING] -> Be careful to think about state when testing changes against the machines. Sometimes, a certain change -> can lead to irreversible changes to the data stored on the machine. An example would be a set of database -> migrations applied when testing a newer version of a service. Unless that service also comes with downwards -> migrations, you can not go back to the previous version without losing data. - -To deploy the changes to a machine, you should first SSH into the machine, and clone the pvv-nixos-config -repository unless you have already done so. After that, checkout the branch you want to deploy from, and rebuild: - -```bash -# Run this while in the pvv-nixos-config directory -sudo nixos-rebuild switch --update-input nixpkgs --update-input nixpkgs-unstable --no-write-lock-file --refresh --flake .# --upgrade -``` - -This will rebuild the NixOS system on the current branch and switch the system configuration to reflect the new changes. - -Note that unless you eventually merge the current changes into `main`, the machine will rebuild itself automatically and -revert the changes on the next nightly rebuild (tends to happen when everybody is asleep). - ### Forcefully reset to `main` If you ever want to reset a machine to the `main` branch, you can do so by running: