Add aliass for home-manager commands

I'm not entirely sure this whole rigamaroll was worth it, but basically
I noticed that for some reason Ansible was skipping doing the
home-manager derivation when running playbooks back-to-back. So I fixed
that, or so I think. To make sure the derivation only happens when the
repo is updated, I added an activation script to the home-manager
config. Yes, technically the Nix part of the repo could be untouched and
yet still trigger a rebuild, but that's fine. I hope this convoluted
logic tree doesn't break down.

homes/common.nix

@@ -58,8 +58,22 @@ in {
         "tailscale set --exit-node=$(tailscale exit-node suggest | awk '{print $4}' | head -n1)";
       # tsed - TailScale Exit node Disconnect
       tsed = "tailscale set --exit-node=";
+      hms =
+        "home-manager switch --flake ~/.config/home-manager#$USER@$(hostname -s)";
+      hmb =
+        "home-manager build --flake ~/.config/home-manager#$USER@$(hostname -s)";
     };
     sessionPath = [ "$HOME/.local/bin" ];
+    activation = {
+      recordHmGitHash = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
+        cd "$HOME/.config/home-manager" || exit 1
+        if [ -z "$(${pkgs.git}/bin/git status --porcelain --untracked-files=no)" ]; then
+          run echo "$(${pkgs.git}/bin/git rev-parse HEAD)" | tee $HOME/.cache/hm-git-hash
+        else
+          run echo '*' | tee $HOME/.cache/hm-git-hash
+        fi
+      '';
+    };
   };
   programs = {
     home-manager = { enable = true; };

playbook.yaml

@@ -239,7 +239,7 @@
         state: latest
         method: user
 
-# Install home-manager for the first time
+# Pull the latest home-manager configuration
 - name: Ensure home-manager configuration is up-to-date
   hosts: fedora
   become: false
@@ -262,23 +262,55 @@
       when: not home_manager_repo.stat.exists
       register: home_manager_clone
       changed_when: home_manager_clone.rc == 0
+    # Only run an ssh clone/pull if home-manager was present from the very
+    # beginning of the playbook. They need to be part of the same play,
+    # otherwise the hash is lost downstream. These steps assume that SSH access
+    # to the git repo has been established - something that cannot possibly have
+    # happened during the first run.
+    - name: Update the home-manager config repo
+      ansible.builtin.git:
+        repo: git@code.millironx.com:millironx/nix-dotfiles.git # noqa: latest
+        dest: "{{ ansible_env.HOME }}/.config/home-manager"
+        clone: true
+        update: true
+      register: home_manager_pull
+      when: home_manager_repo.stat.exists
+
+    # Install home-manager for the first time
+    # home-manager bootstraps itself via the nix command. If the home-manager
+    # command is not available, then it will need to bootstrap itself
     - name: Determine if home-manager is installed
       ansible.builtin.stat:
         path: "{{ ansible_env.HOME }}/.nix-profile/bin/home-manager"
       register: home_manager_exists
     - name: Init home-manager
       ansible.builtin.shell: |
-        /nix/var/nix/profiles/default/bin/nix run home-manager switch --flake ~/.config/home-manager#{{ ansible_user_id }}@{{ ansible_hostname }}
+        /nix/var/nix/profiles/default/bin/nix run home-manager -- switch --flake ~/.config/home-manager#{{ ansible_user_id }}@{{ ansible_hostname }}
       when: not home_manager_exists.stat.exists
       register: home_manager_init
       changed_when: home_manager_init.rc == 0
-    - name: Update home-manager git config
+
-      ansible.builtin.shell: |
+    # There are machines with a working home-manager config without a hash file.
-        cd $HOME/.config/home-manager || exit 1 \
+    # Make sure that those machines have a working hash file for future use.
-        && git pull \
+    - name: Safety check for home-manager hash file
-        && cd -
+      ansible.builtin.file:
-      changed_when: false
+        path: "{{ ansible_env.HOME }}/.cache/hm-git-hash"
+        state: touch
+        mode: "644"
+    # So now we're at the part where we're assuming that the home-manager repo
+    # is in place, and also that home-manager has already been bootstrapped.
+    # We'll use the activation script from our home-manager config that records
+    # the hash of the repo at the time of derivation and compare that against
+    # the hash found by Ansible's git pull. We will skip running the derivation
+    # if the hashes match
+    - name: Find home-manager's latest commit hash
+      ansible.builtin.slurp:
+        src: "{{ ansible_env.HOME }}/.cache/hm-git-hash"
+      register: home_manager_hash
     - name: Update home-manager derivation
       ansible.builtin.shell: |
         $HOME/.nix-profile/bin/home-manager switch --flake ~/.config/home-manager#{{ ansible_user_id }}@{{ ansible_hostname }}
-      changed_when: false
+      register: home_manager_derivation
+      changed_when: home_manager_derivation.rc == 0
+      when: |
+        home_manager_exists.stat.exists and (home_manager_hash.content | b64decode | trim) != home_manager_pull.after