- Generate binary cache signing keys on Enterprise
- Add private key to enterprise config for signing
- Add public key to Bebop for accepting packages signed by Enterprise
- Setup hosts files on both systems to include other host name at local reserved
ip address
- Bebop: Enable OpenSSH access for root user
- Via SSH only, NO password
- Use same ssh public key as normal user
- Enterprise: Enable Qemu for compiling aarch64 pacakges
Deploy NixOS from enterprise to bebop with below:
```
nixos-rebuild boot --flake .#bebop -v --target-host root@bebop --build-host
localhost
```
Notice lack of sudo. Remote server does not ask for password for root (usually),
because it is supposed to use SSH key.
TODO: Add payas as trusted user in nix config for bebop so deploying via root is
not necessary. It is generally not best idea to expose root over network.
iwd is supposed to be lightweight and only depend on kernel+glibc
It sounds nice, and so far it is working well enough. with one caveat:
it cannot connect to Hidden networks.
Even with enabling the setting to connect to Hidden networks, which should have
worked, it just craps out on connecting my Hidden wifi.
For now, I'm inclied to try this thing out, so I just let my network brodcast
its SSID. We'll see how the experiment goes.
For some reason, bebop requiers starting ssh-agent manually and add key after
every reboot. Apparently this is the fix to it.
It is expected to remember keys added once.
While setting up Raspberry Pi, I realised there are some packages I consider
bare minimum, even for headless servers (that I own)
- NeoVim
- git
- ripgrep
- fd
- htop
- jq
- wget
- fzf
bebop is a raspberry Pi and intended to be a headless server for my home.
As such, it makes no sense for it to burn cycles or space for XServer or desktop environment.
I have not found a better way to make the user password setup declarative while
making it be included in config/store in encryoted format.
Perhaps agenix/sops-nix will be a fix, but I'll keep it for later
As before, modifying Emacs config has weird issues with doom+daemon.
Usually I have to restart emacs for any config changes to stick, and if there is
any issue or bug in my config, the daemon just craps out instead of giving any
good feedback. SO long, emacs the service, I'll probably never use you again.
Althoug I sure will miss lightning fast emacsclient opennigs
I could in theory just import all flake files from particular host, but so far
there aren't a lot of files in there, and I like the explicitness, and central
point of entry in flake.nix
Not sure what went wrong the last time I tried it. This seems to be working, so
I'll keep it and keep an eye for a while
Not that I ever interact with bare git conflicts, I always have magit or IDEA
gloves on while doing so, it is nonetheless a good habig to have this in the
config quiver.
nixpkgs-unfree supposedly provides builds for non-free, but redistributable
packages that cache.nixos.org does not build.
Along with cuda-maintainers, it should reduce the burden for using heavy
packages for machine learning quite a bit. So, lets see how this one goes.
I should also start checking how the machine learning story is with NixOS at
all, it is rife with Python and Python has absolutely horrible ecosystem for
managing dependencies.
It is not perfect, it does not load private files and it generally feels a set
and forget, not-updated-often situation like every other Nix derivation.
It is promising, but the edges are sharp, and not something I'd like to invest
time in right now.
Build Doom-emacs config via Nix itself, and comine all in single monolithic,
declarative system mwahahahahaha
Except, its not working yet. It keeps complaining about missing 'beancount' :/
So, this commit will most likely be promptly reverted.