How do you go about keeping multiple hosts in sync?

p3t3 · December 28, 2023, 7:15pm

So I am finally almost happy with my multiple hosts flake and the level of code reuse between all of them. One of the final things I would like to automate is keeping all of them in sync.

My current flow is to do some nix work on one of the hosts(lets say I update my neovim config), make sure I am happy with the results, then to go over all my other hosts pull the changes from my repository and rebuild.

The simple solution would be to create a systemd oneshot and a timer as a nix unit that will run as root. I will include this unit on all of my hosts and automate the manual process I was doing so far. The same way this is done for restic backup or in my previous life with Ubuntu, ansible pull and a cron job

So is this the “way to go” or is there something more nix idiomatic? and how do you guys keep all your hosts in sync?

adomixaszvers · December 28, 2023, 7:44pm

A lot of my hosts’ flakes are “dirty” because they include changes I am too lazy to commit or maybe those changes are not ready. But I keep my inputs in-sync by updating them mostly with https://github.com/DeterminateSystems/update-flake-lock

shanesveller · December 28, 2023, 8:21pm

This is more or less what I do and doesn’t really feel deficient enough to automate it further. Sometimes I work on them feverishly, sometimes they don’t get touched for a few weeks other than flake.lock. I’m only managing three discrete machines in that repo atm, a Mac and two x86 NixOS, so I don’t get much mileage out of remote builders.

carlthome · December 29, 2023, 1:24am

Thinking a bit on how ArgoCD does it, I kinda enjoy the idea of pull-based deployment, and to be fairly confident that what’s in the latest source release is what’s actually in-use.

Thus I’m currently tinkering with using my remote flake as the default input here: https://github.com/carlthome/dotfiles/blob/e2b3f66d9db244ae2f5216df870183f98ff10fae/modules%2Fnixos%2Fconfiguration.nix#L24-L27

This means that any dirty changes will be replaced on a schedule, which still gives me a little time window to play around on a specific host, but if I don’t commit and push, then the machine will go back to the latest main commit configuration.

Perhaps a bit strict, but I’ll see if it feels nice over time for me.

p3t3 · December 30, 2023, 1:04pm

@carlthome I actually came across your solution in a another non directly related thread.

This option is intended to be used both with channels and flakes but it looks like it has some “bugs” in the form of a flake command having channel flags.

When I define it to work with a flake

{ config, ... }:
{
    system.autoUpgrade.enable = true;
    system.autoUpgrade.dates  = "Fri *-*-1..7,15..21 01:00:00";
    system.autoUpgrade.flake  = "github:${config.userDefinedGlobalVariables.githubFlakeRepositoryName}#${config.userDefinedGlobalVariables.hostTag}";
    system.autoUpgrade.randomizedDelaySec = "5m";

}

looking at the file that systemd will execute I can see a single line

nix/store/as1snmyxhr9633n30pbcy2fcbbggii4p-nixos-rebuild/bin/nixos-rebuild switch --flake github:p3t33/nixos_flake#homelab --upgrade

The --upgrade have nothing to do with a flake(and is used with channels) which is updated to the best of my knowledge with

nix flake update