Add stopIfChanged and restartIfChanged options to prevent the listener
from being interrupted when nixos-rebuild switch activates a new
configuration that changes the service definition.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The listener service had ProtectHome=read-only which prevented Nix
from writing to /root/.cache when fetching git flakes. This adds a
CacheDirectory managed by systemd and sets XDG_CACHE_HOME to use it.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add nixos-rebuild to listener service PATH in NixOS module
- Fix CLI deploy command hanging after receiving final status by properly
tracking lastResponse time and exiting when all hosts have responded
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Instead of requiring users to provide the package via overlay,
the module now receives `self` from the flake and uses the
package directly from `self.packages`.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Implement the complete homelab-deploy system with three operational modes:
- Listener mode: Runs on NixOS hosts as a systemd service, subscribes to
NATS subjects with configurable templates, executes nixos-rebuild on
deployment requests with concurrency control
- MCP mode: MCP server exposing deploy, deploy_admin, and list_hosts
tools for AI assistants with tiered access control
- CLI mode: Manual deployment commands with subject alias support via
environment variables
Key components:
- internal/messages: Request/response types with validation
- internal/nats: Client wrapper with NKey authentication
- internal/deploy: Executor with timeout and lock for concurrency
- internal/listener: Subject template expansion and request handling
- internal/cli: Deploy logic with alias resolution
- internal/mcp: MCP server with mcp-go integration
- nixos/module.nix: NixOS module with hardened systemd service
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
