Home

dotnix @main - refs - log -
- 
https://git.jolheiser.com/dotnix.git
My nix dotfiles
tree log patch
feat: colmena Signed-off-by: jolheiser <john.olheiser@gmail.com>
Signature
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEgqEQpE3xoo1QwJO/uFOtpdp7v3oFAmUwhuUACgkQuFOtpdp7 v3oj5w//SVUndnQym5ePTHKdSTlXMnZTaPL8gHYEMajiBWz8Jfr/6tUe9LbyOFKZ T4YNne3kdpYj3vKIu9h8Uqkuidm/mYoiC3EcpKnGvWXBHmTZAU4uK3WaC3dWXE/N hhyFgKrmMJ6evt2sqMj4KB0h6YrpwsrwMsaQlEiZyjTsluOJNPfNeZmrR2xIZMI2 lAqvfX2H06gMVa1H0AFpv89FymfD1mZATp4MpPl8bk+IJY25TG9Y2/OlcQXt7g3c grZjLyDEVT8qBAzVEliR09nqzKI7R+lepJ4rQZ8vCPiKoF7I2mFuDzxQ7BdCqSOK ul0eoy9aSE4QJK4gflfDDw6Sh27cDGx9DrPjDWUp8Qk6yz0hxbvADlYvsWWSHypy Jo+KU6zq+eJIjhVqsWq1FI7F20jWIstVZ7CCZxZPzY2m/7/UgOEt1xMJqOrLUnHj p8/F+HhqXzZ16lTCMNIBYmSnPUHilq44Eo2DoP/UyyMRdD0xte+RbD7vpu5LvTRG vSUhwvDJDHRp6QEiiLhiVG49zqcTjI7PDy5P++iVyqb+Q8TbWLNRnUXhRr0zf7h+ 69lw3zlHjv7Kn5w1jKIVoQSJXW8nSDftWt4OqXP8dQc50w7nI888kwNzekZ9tS47 sOgugohYeyFR7sL2zgkQSMxKtixVVVfzQ9MTKvcTY6TBTSSP5U8= =G8o3 -----END PGP SIGNATURE-----
jolheiser <john.olheiser@gmail.com>
1 year ago
4 changed files, 27 additions(+), 14 deletions(-)
M flake.nix -> flake.nix
diff --git a/flake.nix b/flake.nix
index 4ce5570a2942d192391cef31d89eec488231a114..a4b4aeb4f23b807aea16bf09ee38238c402f789b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -169,14 +169,18 @@             ./machines/matcha
             (commonConfig {})
           ];
         };
-        "dragonwell" = nixpkgs.lib.nixosSystem {
-          system = "x86_64-linux";
-          modules = [
-            home-manager.nixosModules.home-manager
-            agenix.nixosModules.default
+      };
+      colmena = {
+        meta = {
+          nixpkgs = import nixpkgs {
+            system = "x86_64-linux";
+            overlays = overlays;
+          };
+        };
+        dragonwell = {
+          imports = [
             golink.nixosModules.default
             ./machines/dragonwell
-            (commonConfig {gui = false;})
           ];
         };
       };
@@ -187,6 +191,7 @@     in {
       devShells.default = pkgs.mkShell {
         nativeBuildInputs = [
           agenix.packages.${system}.agenix
+          pkgs.colmena
         ];
       };
     });
M justfile -> justfile
diff --git a/justfile b/justfile
index 1c4d46b2d009e6df244456fd5ba195cb951b4b30..0ca7c47ca21cbccaf1de0a820d4adeea55e82f50 100644
--- a/justfile
+++ b/justfile
@@ -13,6 +13,10 @@ # Rebuild the current machine
 switch *args:
 	@just rebuild switch {{args}}
 
+# Run colmena for remote deploy
+colmena node:
+	@nix run nixpkgs#colmena -- apply --on {{node}}
+
 # Update the flake
 update-flake:
 	@nix flake update
M machines/dragonwell/caddy.nix -> machines/dragonwell/caddy.nix
diff --git a/machines/dragonwell/caddy.nix b/machines/dragonwell/caddy.nix
index 619e60421d7234b0033828d397e76d1d2a35a72b..ae2b77d53791030262583bbf8a83e149501b1da5 100644
--- a/machines/dragonwell/caddy.nix
+++ b/machines/dragonwell/caddy.nix
@@ -3,7 +3,7 @@   pkgs,
   lib,
   ...
 }: let
-  packages = ["tmpl" "git-age" "ffmd"];
+  packages = ["tmpl" "git-age" "ffmd" "kv"];
 in {
   services.caddy = {
     enable = true;
M machines/dragonwell/default.nix -> machines/dragonwell/default.nix
diff --git a/machines/dragonwell/default.nix b/machines/dragonwell/default.nix
index d413d27f304af1c5d2dd4f39cf32d81cecdeb531..64b23fe5673f8a522650505fb7c3a1f65570e515 100644
--- a/machines/dragonwell/default.nix
+++ b/machines/dragonwell/default.nix
@@ -1,7 +1,8 @@
 let
   username = "jolheiser";
+  key = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfKqCWtDlS3tgvfT6hQN+ii8UtabIZ+ZNmYN+bLwIa8PHOEW5MbfaqXSlhKkSi4+7SfQDCHphw0SMfhsQ4qMEcoywZ+4niDgKlQEVkl+S/VGbLuPe92NRStkyreZBLPr3Rh7ScNlGHcmHmoV9v7725fMnsMmabGVhpGO84PwNHOfJyv2tx2h6LxFbAV8S44UQu2lc8YLWCK2UvKuRnBerBXLnDQThUUX8UuCFzb786gQzD5XDU0MENbByxiy0XdVGAC+tFXEiSIgFZlFbFYyShgdTP9MzX2MOglEi+ae+1UIFncraW7ptUey7qHFJylpHWWWvE+GTwsg2G50i0FvFj jolheiser@jolheiser'';
 in {
-  imports = [./caddy.nix ./golink.nix ./hardware.nix ../common/nogui];
+  imports = [./caddy.nix ./golink.nix ./hardware.nix];
 
   boot.tmp.cleanOnBoot = true;
   zramSwap.enable = true;
@@ -18,12 +19,15 @@
   services.openssh.enable = true;
   virtualisation.docker.enable = true;
 
-  users.users."${username}" = {
-    extraGroups = ["wheel" "docker" "storage"];
-    isNormalUser = true;
-    openssh.authorizedKeys.keys = [
-      ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfKqCWtDlS3tgvfT6hQN+ii8UtabIZ+ZNmYN+bLwIa8PHOEW5MbfaqXSlhKkSi4+7SfQDCHphw0SMfhsQ4qMEcoywZ+4niDgKlQEVkl+S/VGbLuPe92NRStkyreZBLPr3Rh7ScNlGHcmHmoV9v7725fMnsMmabGVhpGO84PwNHOfJyv2tx2h6LxFbAV8S44UQu2lc8YLWCK2UvKuRnBerBXLnDQThUUX8UuCFzb786gQzD5XDU0MENbByxiy0XdVGAC+tFXEiSIgFZlFbFYyShgdTP9MzX2MOglEi+ae+1UIFncraW7ptUey7qHFJylpHWWWvE+GTwsg2G50i0FvFj jolheiser@jolheiser''
-    ];
+  users.users = {
+    "${username}" = {
+      extraGroups = ["wheel" "docker" "storage"];
+      isNormalUser = true;
+      openssh.authorizedKeys.keys = [
+        key
+      ];
+    };
+    "root".openssh.authorizedKeys.keys = [key];
   };
 
   system.stateVersion = "22.11";
M secrets/shared/ssh-config.age -> secrets/shared/ssh-config.age
diff --git a/secrets/shared/ssh-config.age b/secrets/shared/ssh-config.age
index 66766088160d345c0a19fc635c33816514512cdb..bb109015af019db9b0249a00a25ab178a5cfb81f 100644
Binary files a/secrets/shared/ssh-config.age and b/secrets/shared/ssh-config.age differ