From 0946022a185f7d919bc4c0aa884eae3b0009d296 Mon Sep 17 00:00:00 2001
From: jolheiser <john.olheiser@gmail.com>
Date: Tue, 17 Oct 2023 23:54:24 -0500
Subject: [PATCH] feat: colmena

Signed-off-by: jolheiser <john.olheiser@gmail.com>
---
 flake.nix                       |  17 +++++++++++------
 justfile                        |   4 ++++
 machines/dragonwell/caddy.nix   |   2 +-
 machines/dragonwell/default.nix |  18 +++++++++++-------
 secrets/shared/ssh-config.age   | Bin 1487 -> 1472 bytes
 5 files changed, 27 insertions(+), 14 deletions(-)

diff --git a/flake.nix b/flake.nix
index 4ce5570..a4b4aeb 100644
--- a/flake.nix
+++ b/flake.nix
@@ -169,14 +169,18 @@
             (commonConfig {})
           ];
         };
-        "dragonwell" = nixpkgs.lib.nixosSystem {
-          system = "x86_64-linux";
-          modules = [
-            home-manager.nixosModules.home-manager
-            agenix.nixosModules.default
+      };
+      colmena = {
+        meta = {
+          nixpkgs = import nixpkgs {
+            system = "x86_64-linux";
+            overlays = overlays;
+          };
+        };
+        dragonwell = {
+          imports = [
             golink.nixosModules.default
             ./machines/dragonwell
-            (commonConfig {gui = false;})
           ];
         };
       };
@@ -187,6 +191,7 @@
       devShells.default = pkgs.mkShell {
         nativeBuildInputs = [
           agenix.packages.${system}.agenix
+          pkgs.colmena
         ];
       };
     });
diff --git a/justfile b/justfile
index 1c4d46b..0ca7c47 100644
--- a/justfile
+++ b/justfile
@@ -13,6 +13,10 @@ rebuild *args:
 switch *args:
 	@just rebuild switch {{args}}
 
+# Run colmena for remote deploy
+colmena node:
+	@nix run nixpkgs#colmena -- apply --on {{node}}
+
 # Update the flake
 update-flake:
 	@nix flake update
diff --git a/machines/dragonwell/caddy.nix b/machines/dragonwell/caddy.nix
index 619e604..ae2b77d 100644
--- a/machines/dragonwell/caddy.nix
+++ b/machines/dragonwell/caddy.nix
@@ -3,7 +3,7 @@
   lib,
   ...
 }: let
-  packages = ["tmpl" "git-age" "ffmd"];
+  packages = ["tmpl" "git-age" "ffmd" "kv"];
 in {
   services.caddy = {
     enable = true;
diff --git a/machines/dragonwell/default.nix b/machines/dragonwell/default.nix
index d413d27..64b23fe 100644
--- a/machines/dragonwell/default.nix
+++ b/machines/dragonwell/default.nix
@@ -1,7 +1,8 @@
 let
   username = "jolheiser";
+  key = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfKqCWtDlS3tgvfT6hQN+ii8UtabIZ+ZNmYN+bLwIa8PHOEW5MbfaqXSlhKkSi4+7SfQDCHphw0SMfhsQ4qMEcoywZ+4niDgKlQEVkl+S/VGbLuPe92NRStkyreZBLPr3Rh7ScNlGHcmHmoV9v7725fMnsMmabGVhpGO84PwNHOfJyv2tx2h6LxFbAV8S44UQu2lc8YLWCK2UvKuRnBerBXLnDQThUUX8UuCFzb786gQzD5XDU0MENbByxiy0XdVGAC+tFXEiSIgFZlFbFYyShgdTP9MzX2MOglEi+ae+1UIFncraW7ptUey7qHFJylpHWWWvE+GTwsg2G50i0FvFj jolheiser@jolheiser'';
 in {
-  imports = [./caddy.nix ./golink.nix ./hardware.nix ../common/nogui];
+  imports = [./caddy.nix ./golink.nix ./hardware.nix];
 
   boot.tmp.cleanOnBoot = true;
   zramSwap.enable = true;
@@ -18,12 +19,15 @@ in {
   services.openssh.enable = true;
   virtualisation.docker.enable = true;
 
-  users.users."${username}" = {
-    extraGroups = ["wheel" "docker" "storage"];
-    isNormalUser = true;
-    openssh.authorizedKeys.keys = [
-      ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfKqCWtDlS3tgvfT6hQN+ii8UtabIZ+ZNmYN+bLwIa8PHOEW5MbfaqXSlhKkSi4+7SfQDCHphw0SMfhsQ4qMEcoywZ+4niDgKlQEVkl+S/VGbLuPe92NRStkyreZBLPr3Rh7ScNlGHcmHmoV9v7725fMnsMmabGVhpGO84PwNHOfJyv2tx2h6LxFbAV8S44UQu2lc8YLWCK2UvKuRnBerBXLnDQThUUX8UuCFzb786gQzD5XDU0MENbByxiy0XdVGAC+tFXEiSIgFZlFbFYyShgdTP9MzX2MOglEi+ae+1UIFncraW7ptUey7qHFJylpHWWWvE+GTwsg2G50i0FvFj jolheiser@jolheiser''
-    ];
+  users.users = {
+    "${username}" = {
+      extraGroups = ["wheel" "docker" "storage"];
+      isNormalUser = true;
+      openssh.authorizedKeys.keys = [
+        key
+      ];
+    };
+    "root".openssh.authorizedKeys.keys = [key];
   };
 
   system.stateVersion = "22.11";
diff --git a/secrets/shared/ssh-config.age b/secrets/shared/ssh-config.age
index 66766088160d345c0a19fc635c33816514512cdb..bb109015af019db9b0249a00a25ab178a5cfb81f 100644
GIT binary patch
delta 1407
zcmV-_1%Ud`3&0DIEPrf5XI3j$D^Y4PV`eyRYcfr6HFs=JXiiKxa#TfRH&-`hF>XUx
zH*0KFK?-*_G-*{tQB6cScxz-vQ%_ZFa#>AEGfj4SHgiLGc64J{cu_=hYC(2PFbXX`
zAaiqQEoEdfH8n9gAb3?xb~1M$MNnx}LvccGGBrv?SZQi`dPY`BQF?E9Oh$8ZR%~us
zRa0<KWM(sPVr5cy3T=8xO=4qGI4^Knb!$^dZ)8hIYECONbYd}AHe@j{c5z{OMK4rq
zW^F5Xk?|K-RzqfFRaJ6uGi57FMOIiaNJ48=T5nNia7$!)Oj=4*NiSM(Sua{;Z7_EV
zR7qnsM{hMrT10JcMKyIpH)1()cv@L7O+#gAV{$ZMMRieTRc10;GDI+wUjY|?Z**xg
zZ!<4=Vp36AaA9XFH#aw9Vnk$eD^ON1N@;6lYgRZ#YA-KFLPszPSTRL;SyOdVcS>ny
zZb4ZyNJMQ_F)?&lLu4{nMnzLWMom*}ICXDlIW=zzEj}P&Dt;(IT5BjRXL4m>b7dfM
zDkWZR3OG<|RYzxUVslMRSZpwVW?^S=IWaUrM_N{FdU!-PD@|r(Z){OjS4&evIaxVo
zYiDzCbWui9Win1xHEnKfP*n;qQ)z8_VNx=9Ms87XH84;wVmB}_O>bB)X;)4-ZfSHl
zcyd{FW>r>8G*B^icUn;jEiEk|ICD=<XKGMmNl<8IO=3APNJ}tLVn;WBa6&b5W>sr$
zNNRF7Yh-dwR5fW;3U@Ls-7fHBqJdmF?PMui-x_$3<T$G1Yr~U*|1Cb#`2$8V607QV
zk++-9{X@RgAy1`3dzEhH3&`RF$LbT_GGrq$5K%zt4$h|iD>QtID31{VL)<f+f&R!m
zb0c(*UhzNaApJYzB(bJ{#(F}v0Tv;ALq6@w!9?^Ff|R)ul~#o8cCk!aB;F2h7{-VC
z%tqd2XkB`{;8{yAMBf~hB8ln~vWw+HF^RqHWC-F_@i|LxX3DDqU(${%VWdzKVDgV1
zD`wcnGnZdkbeCqYb8~ul9N6C6>DvDcZh+4%^AaZ>d+y6CZwI`8mvuJ?b_S~Vd<unc
z@4AN_1|~iYRCrJ6jKv%MI2A-WT7V0xqd9`$!hu(L0_4o}`2*8lp60CU10&BAr|4&P
z=YvkPy1Yy)YrFd-@;6e{3Y{PR0+t>{Ma%4l$Jl)x;yyV_1O*>JSU642E=iZR%WJZJ
zW1pfD>`V*$F6HHaD(tdr`n%@(d=b>>(`Q{O(^L(#R4illpbo8EZ^E=cqNwpZIK2kc
zm^iz=BQk>b1VhqAnR|iZ)2aeU?kpD#Py>SXXXv1yOEpb_pvoNUK>H%IuWQJs@z=*r
z8W4!UqfZB|m2<V!E{DbPeZyFt2zYX1PsuCZ`JK#X5^KzVlqHk17V5g_JYp<^Or{DK
zhlk6oW=x+n2CTatu|LNr-5Eu}A%8?s|H(zVBhvcgi-8LEu5hVb{^!SGaQI>dgWvwX
zUGPw!-3Tw%*_4zZEUSwe0k)Ov=pHjv^`EX~F<(~6-K?1>HB8l$V{lQ~1ce67GY2Ca
zSy4XYm=?`{&*?{z_3vwes*n5p&L*9IAVR)ShI)AdaB2*1&PlETV+Up{a2r!?Zh^M|
zgr1+JCc*?DWNW-rLO?zu`nFcd4z@Av_%n9L{_}^v@ZiRdZMm+6F}V)<T$-kO{qrL?
zqU-I)V^4YX)7bu;#jufC=9S0>Gm+}#Hzj$*8NPc`nozCBj&os_DwZc_{z}_KI+qLz
z!G9@M>a<*2=j+y6xviDDI-0L7%Qaslzh{OU`vI9ja2>|1)l81cMC5GO*ZCk>`E!M6
NOQMbEV(&Y#{FPGAUFZM+

delta 1422
zcmV;91#$Yo3(pIXEPq5qG*M7hS5j9ibyH|GVstexZfs&kV@Y&IMl)hCOEzIpGB<L0
za!7SnYYIViX<1}sbag8^YHC4rT6tGuNK8&xS4w6~NN-_zWN%J1Rzq=mOmtCXK?*HC
zAaiqQEoEdfH8n9gAb3?xb~1M$OG;Q}Q&}%eOj>bPc{6c0Sw?qJGfZT3N@!L>SZ+>f
zF?Ca6WN~&*XfH@b3T|q0Lt#&BGH^~eLU>wnb4EgVRAFpcY(sf*N-IV+Y-(0Wa%wO{
zaaC_wk?|K-Wn?gFb89qtRyS2dZB{u%Z!cnVZ#8UMW=}{$MOZXRPi1d;Y+5&NYDhr}
zXgE%6Y-(e2M|x^=Q+HZSIahX9ICN$<Mr$=sOmad_T2pXzP)SQ_FJWVoUjY|?c2`+O
zRYOE%M@~^!D@j3OG)zWKaZE>0QhGRNa${spRY`0$ICo=cMpkzUI8JF~S41y(F;8wt
zY)fxALu6VrP&sdFR7!M2FHKr&N=GqOOL0m|GeTnuEj}P-EoX9NVRL05S|LI+PD>y=
zVq*$aYI#>iYjHw%IZJX`XiPzWD^77TWkF$RFf?XQO?P5BY(_&`cVjDdRCa4IPjF91
zcTp>COm=fHQA;&(b8<CU3TkvUd2lO5WNt5NF)vnfT4i`zRb*LDR4Z3lHaT={Lq|q;
zWNJ)TZc##SMss#(a5iskM^0l;Xf$tePGm1I3N0-yAY(>HLPJV-Pew_9Q7cSSaW^?v
zRyA==Id^16Fhy@zL2qVjPDv|4QDbLra|+TrYgJg56Y46I{oT6SS_YTCK1ZPrCX{`X
z)H*cL02^gbKG`nAVvhA`lDUr)kIJY}BXmHuQ#jZ&uASV0-zxBR@a0}r7pA(R$c{t9
z>EB-$^D{|$M(=?xaMCD$cY&-c{ae`}`svCU;-)*qzX)VlojNL#dkwu6XDcjl4c2Tz
zR9+*B`vu3n#`QD5B)G~<f<2!Tf6o-{+eX7faYto8@=<>>-<9`bmzFgKYKR`dk}a8g
zsPS;ncY%D3cRL(OM@<jXD=e=yGpxORt!7ykhkGlqK~TK-^2>mKB|9Wl)?v(p5wu+M
z#vi=ke({|=ttw`QKycGlDebbny8D=?e~3)B!*%j)l&I|!u!l}ysA&F06*;0nrcy{m
zW@r>{2?H1z$fid1FMDg<I=dOCCr)1bT%M;7(Oksop3q2LH9f|8gGMaJ-_q66Ca51U
zx)`yoiox4)gAhP}&R<EndvBO@P83jbmXcC<dPC+^%!=_ABP)Wg0P<y|_&+)q*5N#Q
zdv4nAH|yP0zS@|y<j{YgSD!P2f}6Cqj;5@N@RwSy#6r-X^Kf9IHt`xd{f+kG)YdGK
zJ@%Y=XeVMK4-kcpV}Br-ObP-qxm;|v7g9gmm<#`QkZ~7()W3fZjBhEn`Glt_xwNiG
z`i^nL+aYjB2GcEQsY?Rw1LJapfWfuXrf(gGRZamehvXYtGk4LeozO<JEn&NFgQ`RU
z(9b#p^}w);&)pejn^|f(IoqPMcJkjHkRoZeb}(&*6n-C{l(2P51FNqz^K|*Cv=ck1
zp5ve#)%JsbtLeQq`VK|*&52%Cb%06vGhkuZ{&;^6H<qu1Nz{8|FJf^1V$z{Lo!La1
z@C@Mnbt4l>_K#m13FnmdidxrJSjH*Bls`UD^<L1)aRYhNvGyW%D05)x+Ib+v>Crd*
zLx!<E?V9f=gT7?fYlSdr1<f<V%E)FE-Pzy-Lf3F%wePJfrz_vDQx8;gGOkiyWukkY
zqL<_gCjZ4<HicIB^5*o@;M1EoAYL`KPQ-Ue^G(Be3A~WAz~yb$nwC`=c6mE!ZpiBB
cerp#aG|cq-ih%Dnit>&on@R%quw%5%d-qppO#lD@