setup colmena for deployment

2025-02-14 01:49:38 +02:00
parent 6a10625d4e
commit ecc02f4b59
9 changed files with 142 additions and 27 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -60,8 +60,12 @@
      url = "github:dnote/dnote";
      flake = false;
    };
+    colmena = {
+      url = "github:zhaofengli/colmena";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
  };
-  outputs = { flake-parts, agenix, nixpkgs, self, ... }@inputs:
+  outputs = { flake-parts, agenix, nixpkgs, self, colmena, ... }@inputs:
    flake-parts.lib.mkFlake { inherit inputs; } (
      let
        ssh.publicKeys.yubikey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLIUkESu5NnBi1M0+ZjYrkp6/rIFuwc3aguspf98jmOydNce6l65cnS3GRzc9oWx4lu11ahi87ZuE+pYV+gaHm4=";
@@ -70,36 +74,51 @@
      in
      {
        systems = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ];
-        perSystem = { pkgs, ... }: {
+        perSystem = { pkgs, system, ... }: {
          devShells.default = pkgs.mkShell {
            packages = with pkgs; [
-              (writeShellScriptBin "switch" ''
-                ${nh}/bin/nh os switch .
+              agenix.packages.${system}.default
+              colmena.packages.${system}.colmena
+              colmena.packages.${system}.manual
+              (pkgs.writeShellScriptBin "build" ''
+                colmena --experimental-flake-eval build --keep-result "$@"
              '')
-              (writeShellScriptBin "deploy" ''
-                ${openssh}/bin/ssh -t "$1" nh os switch sourcehut:~repomaa/NixOS -- --option tarball-ttl 0
+              (pkgs.writeShellScriptBin "apply" ''
+                colmena --experimental-flake-eval apply --keep-result "$@"
              '')
-              (writeShellScriptBin "evaluate" ''
-                ${nix}/bin/nix build --dry-run ".#nixosConfigurations.$1.config.system.build.toplevel" | ${nix-output-monitor}/bin/nom
+              (pkgs.writeShellScriptBin "apply-local" ''
+                colmena --experimental-flake-eval apply-local --sudo "$@"
              '')
-              agenix.packages.${pkgs.system}.default
            ];
          };
        };
-        flake.nixosConfigurations = {
-          freun-dev = lib.nixosSystem {
-            inherit specialArgs;
-            modules = [ ./modules ./hosts/freun.dev ];
-          };
+        flake = {
+          colmenaHive = colmena.lib.makeHive self.outputs.colmena;

-          radish = lib.nixosSystem {
-            inherit specialArgs;
-            modules = [ ./modules ./hosts/radish ];
-          };
+          colmena = {
+            meta = {
+              inherit specialArgs;

-          apu = nixpkgs.lib.nixosSystem {
-            inherit specialArgs;
-            modules = [ ./modules ./hosts/apu ];
+              nixpkgs = import nixpkgs {
+                system = "x86_64-linux";
+                overlays = [ ];
+              };
+            };
+
+            defaults = { name, ... }: {
+              imports = [ ./modules ./hosts/${name} ];
+            };
+
+            radish = { ... }: {
+              deployment = {
+                allowLocalDeployment = true;
+                targetHost = null;
+              };
+            };
+
+            freun-dev = { ... }: { };
+
+            apu = { ... }: { };
          };
        };
      }