Lane's Site

Build and deploy apps to NixOS

2 min read

My continuous homelab tinkering and self hosting, I wanted to rule out more cloud services I’m using just in my build process, not even hosting.

Current State

New State

nixos-rebuild switch --flake /home/lane/monorepo/infrastructure/nixos/hosts/server1#server1 --target-host lane@server1 --sudo --ask-sudo-password


nix-shell -p prefetch-npm-deps --run "prefetch-npm-deps /home/lane/monorepo/software/go/ui/package-lock.json"

AI Summary

Deploying a NixOS server from a monorepo — what went wrong and how I fixed it

I have a personal monorepo that contains both my application code and my NixOS server configuration. When I tried to deploy updates to my UI, the server kept running old code even after a successful nixos-rebuild switch.

Three separate issues were hiding behind each other:

  1. The flake lock was stale. NixOS uses a flake.lock file to pin all inputs to specific versions. My server config is inside the same monorepo it uses as a source input — a self-referential setup that prevents Nix from ever updating the lock file. Every deploy was silently using a commit from weeks ago. The fix: pass —override-input monorepo git+file:///home/lane/monorepo to nixos-rebuild, which bypasses the lock entirely and always uses the current HEAD.

  2. The npm dependency hash was wrong. NixOS builds npm projects in a sandbox and verifies dependencies against a stored hash. I had added Tailwind CSS and shadcn/ui since the hash was last set, so the build was failing. The fix: set npmDepsHash = "" in the Nix build file, run the build, and copy the correct hash from the got: line in the error output.

  3. nginx never reloaded. Even once the build was fixed, nginx was still serving the old files because it had been running since before the last successful deploy and didn’t detect a reason to restart. A manual sudo systemctl restart nginx cleared it.

The deeper lesson: when nixos-rebuild switch reports “copying 0 paths” and activates an old store path, something upstream failed silently — Nix found everything it needed already cached and never rebuilt anything new.