Based on cachix-deploy-hetzner-dedicated.
Based on Cachix Deploy for nix-darwin.
Make sure to install rosetta: softwareupdate --install-rosetta --agree-to-license
List services:
sudo launchctl list
Print detailed service status:
sudo launchctl print system/org.nixos.github-runner-cachix-aarch64-darwin-0
Restart a service:
sudo launchctl kickstart -k system/org.nixos.github-runner-cachix-aarch64-darwin-0
View launchd logs for the service:
sudo log show --last 10m | grep "org.nixos.github-runner-cachix-aarch64-darwin-0"
Note
This may be outdated information for newer versions of macOS.
If automatic software updates are disabled, but automatic downloads aren't, macOS will continously download udpates into /tmp, eventually filling up the disk.
Run software update --list to view the pending updates.
You can install everything (including major OS upgrades) with sudo softwareudpate --install --all -R.
Secrets are managed by agenix: https://github.com/ryantm/agenix
Edit secrets/secrets.nix to add secrets, machines, and users.
You can get the public key for a machine with ssh-keyscan:
ssh-keyscan <IP/DOMAIN>Create a new encrypted secret with:
cd secrets
agenix -e <NAME>.age -i ~/.ssh/<publickey>cd secrets
agenix -e <NAME>.age -i ~/.ssh/<publickey>