setup colmena for deployment

.gitignore

@@ -1,2 +1,3 @@
 /result
 /.direnv
+/.gcroots

flake.lock

@@ -43,6 +43,30 @@
         "type": "github"
       }
     },
+    "colmena": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "flake-utils": "flake-utils",
+        "nix-github-actions": "nix-github-actions",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "stable": "stable"
+      },
+      "locked": {
+        "lastModified": 1734897875,
+        "narHash": "sha256-LLpiqfOGBippRax9F33kSJ/Imt8gJXb6o0JwSBiNHCk=",
+        "owner": "zhaofengli",
+        "repo": "colmena",
+        "rev": "a6b51f5feae9bfb145daa37fd0220595acb7871e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "zhaofengli",
+        "repo": "colmena",
+        "type": "github"
+      }
+    },
     "commander-nvim": {
       "flake": false,
       "locked": {
@@ -113,6 +137,22 @@
       }
     },
     "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1650374568,
+        "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "b4a34015c698c7793d592d66adbab377907a2be8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-compat_2": {
       "flake": false,
       "locked": {
         "lastModified": 1696426674,
@@ -204,6 +244,21 @@
       }
     },
     "flake-utils": {
+      "locked": {
+        "lastModified": 1659877975,
+        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_2": {
       "inputs": {
         "systems": "systems_2"
       },
@@ -221,7 +276,7 @@
         "type": "github"
       }
     },
-    "flake-utils_2": {
+    "flake-utils_3": {
       "inputs": {
         "systems": "systems_3"
       },
@@ -239,7 +294,7 @@
         "type": "github"
       }
     },
-    "flake-utils_3": {
+    "flake-utils_4": {
       "inputs": {
         "systems": "systems_4"
       },
@@ -259,7 +314,7 @@
     },
     "frontend": {
       "inputs": {
-        "flake-utils": "flake-utils",
+        "flake-utils": "flake-utils_2",
         "nixpkgs": "nixpkgs",
         "pnpm2nix": "pnpm2nix"
       },
@@ -402,7 +457,7 @@
     },
     "ketchup": {
       "inputs": {
-        "flake-utils": "flake-utils_3",
+        "flake-utils": "flake-utils_4",
         "nixpkgs": [
           "nixpkgs"
         ]
@@ -456,7 +511,7 @@
     "lanzaboote": {
       "inputs": {
         "crane": "crane",
-        "flake-compat": "flake-compat",
+        "flake-compat": "flake-compat_2",
         "flake-parts": "flake-parts_4",
         "nixpkgs": "nixpkgs_3",
         "pre-commit-hooks-nix": "pre-commit-hooks-nix",
@@ -498,6 +553,27 @@
         "type": "github"
       }
     },
+    "nix-github-actions": {
+      "inputs": {
+        "nixpkgs": [
+          "colmena",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1729742964,
+        "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
+        "owner": "nix-community",
+        "repo": "nix-github-actions",
+        "rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nix-github-actions",
+        "type": "github"
+      }
+    },
     "nixos-hardware": {
       "locked": {
         "lastModified": 1738816619,
@@ -681,7 +757,7 @@
     },
     "pnpm2nix": {
       "inputs": {
-        "flake-utils": "flake-utils_2",
+        "flake-utils": "flake-utils_3",
         "nixpkgs": "nixpkgs_2"
       },
       "locked": {
@@ -729,6 +805,7 @@
       "inputs": {
         "agenix": "agenix",
         "auto-cpufreq": "auto-cpufreq",
+        "colmena": "colmena",
         "commander-nvim": "commander-nvim",
         "dnote": "dnote",
         "flake-parts": "flake-parts",
@@ -769,6 +846,22 @@
         "type": "github"
       }
     },
+    "stable": {
+      "locked": {
+        "lastModified": 1730883749,
+        "narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "dba414932936fde69f0606b4f1d87c5bc0003ede",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-24.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "systems": {
       "locked": {
         "lastModified": 1681028828,

flake.nix

@@ -60,8 +60,12 @@
       url = "github:dnote/dnote";
       flake = false;
     };
+    colmena = {
+      url = "github:zhaofengli/colmena";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
-  outputs = { flake-parts, agenix, nixpkgs, self, ... }@inputs:
+  outputs = { flake-parts, agenix, nixpkgs, self, colmena, ... }@inputs:
     flake-parts.lib.mkFlake { inherit inputs; } (
       let
         ssh.publicKeys.yubikey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLIUkESu5NnBi1M0+ZjYrkp6/rIFuwc3aguspf98jmOydNce6l65cnS3GRzc9oWx4lu11ahi87ZuE+pYV+gaHm4=";
@@ -70,36 +74,51 @@
       in
       {
         systems = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ];
-        perSystem = { pkgs, ... }: {
+        perSystem = { pkgs, system, ... }: {
           devShells.default = pkgs.mkShell {
             packages = with pkgs; [
-              (writeShellScriptBin "switch" ''
+              agenix.packages.${system}.default
-                ${nh}/bin/nh os switch .
+              colmena.packages.${system}.colmena
+              colmena.packages.${system}.manual
+              (pkgs.writeShellScriptBin "build" ''
+                colmena --experimental-flake-eval build --keep-result "$@"
               '')
-              (writeShellScriptBin "deploy" ''
+              (pkgs.writeShellScriptBin "apply" ''
-                ${openssh}/bin/ssh -t "$1" nh os switch sourcehut:~repomaa/NixOS -- --option tarball-ttl 0
+                colmena --experimental-flake-eval apply --keep-result "$@"
               '')
-              (writeShellScriptBin "evaluate" ''
+              (pkgs.writeShellScriptBin "apply-local" ''
-                ${nix}/bin/nix build --dry-run ".#nixosConfigurations.$1.config.system.build.toplevel" | ${nix-output-monitor}/bin/nom
+                colmena --experimental-flake-eval apply-local --sudo "$@"
               '')
-              agenix.packages.${pkgs.system}.default
             ];
           };
         };
-        flake.nixosConfigurations = {
+        flake = {
-          freun-dev = lib.nixosSystem {
+          colmenaHive = colmena.lib.makeHive self.outputs.colmena;
-            inherit specialArgs;
-            modules = [ ./modules ./hosts/freun.dev ];
-          };
 
-          radish = lib.nixosSystem {
+          colmena = {
-            inherit specialArgs;
+            meta = {
-            modules = [ ./modules ./hosts/radish ];
+              inherit specialArgs;
-          };
 
-          apu = nixpkgs.lib.nixosSystem {
+              nixpkgs = import nixpkgs {
-            inherit specialArgs;
+                system = "x86_64-linux";
-            modules = [ ./modules ./hosts/apu ];
+                overlays = [ ];
+              };
+            };
+
+            defaults = { name, ... }: {
+              imports = [ ./modules ./hosts/${name} ];
+            };
+
+            radish = { ... }: {
+              deployment = {
+                allowLocalDeployment = true;
+                targetHost = null;
+              };
+            };
+
+            freun-dev = { ... }: { };
+
+            apu = { ... }: { };
           };
         };
       }

hosts/radish/boot.nix

@@ -23,6 +23,8 @@
     kernel.sysctl = {
       "vm.max_map_count" = 262144;
     };
+
+    binfmt.emulatedSystems = [ "aarch64-linux" ];
   };
 
   environment.systemPackages = with pkgs; [