[VTimofeenko]

Excellent read, thank you! Just in time, I have been eyeing one of those tinyminimicro pcs to replace OpenWRT with Nix.

Could you share more details on push_to_router.sh? Is it a wrapper around calling nixos-rebuild through ssh?

[euroclydon]

Yes, although later I learned I could do it in a one-liner. Here nixconfig is a folder with all my nix files:

  tar -czf - nixconfig | ssh 192.168.1.1 \
    'tar -zxf - && sudo cp -r ./nixconfig/* /etc/nixos/ && sudo nixos-rebuild --show-trace '"${rebuild_flag} ${name_flag}"

[yencabulator]

If you're ok with building locally and not on the target host, this is simpler:

nixos-rebuild --flake .#foo --target-host root@foo --build-host localhost switch

[VTimofeenko]

Deploy-rs is a great alternative. It works as wrapper on top of flakes, local (optionally, cross-) building and copying closures to target machine with activation:

https://github.com/serokell/deploy-rs

[yencabulator]

These days, that's all included in nixos-rebuild itself, not much need for wrappers anymore. I migrated from Colmena to just nixos-rebuild.

[VTimofeenko]

Huh, I guess I was woefully behind on changes to nixos-rebuild. Thanks for the pointer, I will check it out

[yencabulator]

One thing nixos-rebuild doesn't get you is a secrets transmission mechanism. I've been dabbling to build something independent of NixOS/Nix that would still do that neatly...