0m.ax
42b2ce4d1d
Self-hostable OTA update system for NixOS fleets: a control server, device agent, publisher CLI, and NixOS modules that ship prebuilt system closures from a binary cache to devices that don't have the flake. - crates/common: signed manifest types (ed25519), store-path validator - crates/server: axum + sqlite + HTMX dashboard, channel/device API - crates/agent: poll, verify signature + revision, nix copy, switch, health check, magic-rollback on failure - crates/publisher: keygen + sign + publish CLI for operators/CI - nix/modules: NixOS modules for server and agent - nix/tests/ota.nix: end-to-end VM test exercising publish A -> B -> broken C -> rollback to B (passes) The control server never holds the signing key; manifests are signed offline and verified against a pinned public key on each device.
27 lines
567 B
JSON
27 lines
567 B
JSON
{
|
|
"nodes": {
|
|
"nixpkgs": {
|
|
"locked": {
|
|
"lastModified": 1779508470,
|
|
"narHash": "sha256-Ap9KJX+5xHIn3bPIpfNgT6MEXdAECECwo4/rmlQD74M=",
|
|
"owner": "nixos",
|
|
"repo": "nixpkgs",
|
|
"rev": "29916453413845e54a65b8a1cf996842300cd299",
|
|
"type": "github"
|
|
},
|
|
"original": {
|
|
"owner": "nixos",
|
|
"ref": "nixos-unstable",
|
|
"repo": "nixpkgs",
|
|
"type": "github"
|
|
}
|
|
},
|
|
"root": {
|
|
"inputs": {
|
|
"nixpkgs": "nixpkgs"
|
|
}
|
|
}
|
|
},
|
|
"root": "root",
|
|
"version": 7
|
|
}
|