Refactor, add roam using colmena

2025-05-14 03:22:38 +02:00 · 2025-05-14 03:22:38 +02:00 · 1106930891
commit 1106930891
parent a42514ce97
16 changed files with 348 additions and 103 deletions
--- a/3
+++ b/3
@ -10,6 +10,9 @@ all:

 switch: _switch_${HOST}

+apply:
+	colmena apply
+
 _switch_:
 	@echo "ERROR: couldn't find hostname"
 	@false
--- a/flake.lock
+++ b/flake.lock
@ -1,5 +1,58 @@
 {
  "nodes": {
+    "colmena": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "flake-utils": "flake-utils",
+        "nix-github-actions": "nix-github-actions",
+        "nixpkgs": "nixpkgs",
+        "stable": "stable"
+      },
+      "locked": {
+        "lastModified": 1746816769,
+        "narHash": "sha256-ymQzXrfHVT8/RJiGbfrNjEeuzXQan46lUJdxEhgivdM=",
+        "owner": "zhaofengli",
+        "repo": "colmena",
+        "rev": "df694ee23be7ed7b2d8b42c245a640f0724eb06c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "zhaofengli",
+        "repo": "colmena",
+        "type": "github"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1650374568,
+        "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "b4a34015c698c7793d592d66adbab377907a2be8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1659877975,
+        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@ -7,11 +60,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1747021744,
-        "narHash": "sha256-IDsM/9/tHQBlhG3tXI2fTM84AUN1uRa7JDPT1LMlGes=",
+        "lastModified": 1747155932,
+        "narHash": "sha256-NnPzzXEqfYjfrimLzK0JOBItfdEJdP/i6SNTuunCGgw=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "fb061f555f821fe4fb49f8f6f2a0cc3d5728bd52",
+        "rev": "8d832ddfda9facf538f3dda9b6985fb0234f151c",
        "type": "github"
      },
      "original": {
@ -20,13 +73,34 @@
        "type": "github"
      }
    },
+    "nix-github-actions": {
+      "inputs": {
+        "nixpkgs": [
+          "colmena",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1729742964,
+        "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
+        "owner": "nix-community",
+        "repo": "nix-github-actions",
+        "rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nix-github-actions",
+        "type": "github"
+      }
+    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1746814339,
-        "narHash": "sha256-hf2lICJzwACWuzHCmZn5NI6LUAOgGdR1yh8ip+duyhk=",
+        "lastModified": 1747129300,
+        "narHash": "sha256-L3clA5YGeYCF47ghsI7Tcex+DnaaN/BbQ4dR2wzoiKg=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "3c5e12673265dfb0de3d9121420c0c2153bf21e0",
+        "rev": "e81fd167b33121269149c57806599045fd33eeed",
        "type": "github"
      },
      "original": {
@ -52,11 +126,44 @@
        "type": "github"
      }
    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1746904237,
+        "narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
    "root": {
      "inputs": {
+        "colmena": "colmena",
        "home-manager": "home-manager",
        "nixos-hardware": "nixos-hardware",
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": "nixpkgs_2"
+      }
+    },
+    "stable": {
+      "locked": {
+        "lastModified": 1746557022,
+        "narHash": "sha256-QkNoyEf6TbaTW5UZYX0OkwIJ/ZMeKSSoOMnSDPQuol0=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "1d3aeb5a193b9ff13f63f4d9cc169fb88129f860",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-24.11",
+        "repo": "nixpkgs",
+        "type": "github"
      }
    }
  },
--- a/flake.nix
+++ b/flake.nix
@ -2,6 +2,7 @@
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
+    colmena.url = "github:zhaofengli/colmena";
    home-manager = {
      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs";
@ -13,26 +14,52 @@
      self,
      nixpkgs,
      nixos-hardware,
+      colmena,
      home-manager,
    }@inputs:
    let
      lib = nixpkgs.lib;
      lib' = import ./lib.nix { inherit lib; };
      mod = lib'.walk-dir ./mod;
-      specialArgs = { inherit inputs mod lib'; };
+      specialArgs = { inherit inputs lib' mod; };
    in
    {
      nixosConfigurations = {
        "solo" = nixpkgs.lib.nixosSystem {
          system = "x86_64-linux";
          inherit specialArgs;
-          modules = [ ./host/solo ];
+          modules = [
+            ./host/solo
+            mod.shared.pc
+          ];
        };

        "c2" = nixpkgs.lib.nixosSystem {
          system = "x86_64-linux";
          inherit specialArgs;
-          modules = [ ./host/c2 ];
+          modules = [
+            ./host/c2
+            mod.shared.pc
+          ];
+        };
+      };
+
+      colmenaHive = colmena.lib.makeHive {
+        meta = {
+          nixpkgs = import nixpkgs {
+            system = "x86_64-linux";
+          };
+          inherit specialArgs;
+        };
+        "roam" = {
+          deployment = {
+            targetHost = "185.163.117.158";
+            buildOnTarget = true;
+          };
+          imports = [
+            ./host/roam
+            mod.shared.all
+          ];
        };
      };

--- a/host/c2/default.nix
+++ b/host/c2/default.nix
@ -1,18 +1,13 @@
-{ mod, inputs, ... }:
+{ inputs, ... }:
 {
  networking.hostName = "c2";

-  imports =
-    with mod;
-    [
-      collections.pc
+  imports = with inputs.nixos-hardware.nixosModules; [
    ./hardware-configuration.nix
-    ]
-    ++ (with inputs.nixos-hardware.nixosModules; [
    common-cpu-intel
    common-pc-laptop
    common-pc-laptop-ssd
-    ]);
+  ];

  boot.loader.efi.efiSysMountPoint = "/boot/efi";

--- a/host/roam/default.nix
+++ b/host/roam/default.nix
@ -0,0 +1,18 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  networking.hostName = "roam";
+
+  imports = [
+    ./hardware-configuration.nix
+  ];
+
+  services.openssh.enable = true;
+
+  # ====== DON'T CHANGE ======
+  system.stateVersion = "24.11";
+}
--- a/host/roam/hardware-configuration.nix
+++ b/host/roam/hardware-configuration.nix
@ -0,0 +1,77 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "ata_piix"
+    "uhci_hcd"
+    "virtio_pci"
+    "sr_mod"
+    "virtio_blk"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/0d5c4e16-b584-4fa2-989a-17e5264886b0";
+    fsType = "btrfs";
+    options = [
+      "subvol=root"
+      "compress=zstd:1"
+      "noatime"
+    ];
+  };
+
+  fileSystems."/home" = {
+    device = "/dev/disk/by-uuid/0d5c4e16-b584-4fa2-989a-17e5264886b0";
+    fsType = "btrfs";
+    options = [
+      "subvol=home"
+      "compress=zstd:1"
+      "noatime"
+    ];
+  };
+
+  fileSystems."/nix" = {
+    device = "/dev/disk/by-uuid/0d5c4e16-b584-4fa2-989a-17e5264886b0";
+    fsType = "btrfs";
+    options = [
+      "subvol=nix"
+      "compress=zstd:1"
+      "noatime"
+    ];
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/332B-8C27";
+    fsType = "vfat";
+    options = [
+      "fmask=0022"
+      "dmask=0022"
+    ];
+  };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ens3.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
--- a/host/solo/default.nix
+++ b/host/solo/default.nix
@ -2,18 +2,16 @@
 {
  networking.hostName = "solo";

-  services.xserver.enable = true;
-
  imports = with mod; [
-    collections.pc
    software.keyboard
-    software.games
    nvidia-gpu
    ./hardware-configuration.nix
  ];

-  powerManagement.enable = true;
-  powerManagement.cpuFreqGovernor = "performance";
+  powerManagement = {
+    enable = true;
+    cpuFreqGovernor = "performance";
+  };

  # ====== DON'T CHANGE ======
  system.stateVersion = "25.05";
--- a/lib.nix
+++ b/lib.nix
@ -9,7 +9,7 @@ rec {
      name = lib.removeSuffix ".nix" name;
      value =
        if value == "regular" then
-          import (path + "/${name}")
+          builtins.toPath (path + "/${name}")
        else if value == "directory" then
          walk-dir (path + "/${name}")
        else
--- a/mod/collections/pc.nix
+++ b/mod/collections/pc.nix
@ -1,20 +0,0 @@
-{ mod, ... }:
-{
-  imports = with mod; [
-    audio
-    boot
-    fonts
-    gpg
-    locale
-    network
-    nix-configuration
-    security
-    services
-    software.development
-    software.editors
-    software.programs
-    software.shell
-    software.window-manager
-    users
-  ];
-}
--- a/mod/home-manager.nix
+++ b/mod/home-manager.nix
@ -0,0 +1,25 @@
+{
+  inputs,
+  lib,
+  options,
+  config,
+  ...
+}:
+{
+  imports = [
+    inputs.home-manager.nixosModules.home-manager
+  ];
+
+  config = {
+    home.home.stateVersion = config.system.stateVersion;
+    home-manager.users."hd" = lib.mkAliasDefinitions options.home;
+  };
+
+  options = {
+    home = lib.mkOption {
+      type = lib.types.attrs;
+      default = { };
+    };
+  };
+
+}
--- a/mod/nix-configuration.nix
+++ b/mod/nix-configuration.nix
@ -13,42 +13,10 @@
      ];
      trusted-users = [
        "root"
-        "@wheel"
      ];
      auto-optimise-store = true;
    };

-    programs.nix-ld.enable = true;
-
    nixpkgs.config.allowUnfree = false;
-    nixpkgs.config.allowUnfreePredicate =
-      pkg:
-      builtins.elem (lib.getName pkg) [
-        "nvidia-x11"
-        "nvidia-settings"
-        "vscode"
-        "obsidian"
-        "steam"
-        "steam-unwrapped"
-        "gateway" # jetbrains
-        "spotify"
-        "rust-rover"
-      ];
-
-    home.home.stateVersion = config.system.stateVersion; # is this safe?
-  };
-
-  imports = [
-    inputs.home-manager.nixosModules.home-manager
-  ];
-
-  # I don't think this will ever be multi user,
-  # no need to seperate home-manager. `home` is used
-  # in users.nix, I should prbably refactor...
-  options = {
-    home = lib.mkOption {
-      type = lib.types.attrs;
-      default = { };
-    };
  };
 }
--- a/mod/shared/all.nix
+++ b/mod/shared/all.nix
@ -0,0 +1,10 @@
+{ mod, ... }:
+{
+  imports = with mod; [
+    boot
+    locale
+    nix-configuration
+    shell
+    users
+  ];
+}
--- a/mod/shared/pc.nix
+++ b/mod/shared/pc.nix
@ -0,0 +1,36 @@
+{ mod, lib, ... }:
+{
+  imports = with mod; [
+    shared.all
+
+    audio
+    fonts
+    gpg
+    home-manager
+    network
+    nix-configuration
+    security
+    services
+    software.development
+    software.editors
+    software.programs
+    software.window-manager
+  ];
+
+  nixpkgs.config.allowUnfreePredicate =
+    pkg:
+    builtins.elem (lib.getName pkg) [
+      "nvidia-x11"
+      "nvidia-settings"
+      "vscode"
+      "obsidian"
+      "steam"
+      "steam-unwrapped"
+      "gateway" # jetbrains
+      "spotify"
+      "rust-rover"
+    ];
+
+  programs.nix-ld.enable = true;
+
+}
--- a/mod/software/shell.nix
+++ b/mod/software/shell.nix
@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, inputs, ... }:
 {
  environment.shells = with pkgs; [
    bashInteractive
@ -18,6 +18,7 @@
    unzip
    wget
    wl-clipboard
+    inputs.colmena.packages."x86_64-linux".colmena # todo use overlay
  ];

  programs = {
--- a/mod/software/games.nix
+++ b/mod/software/games.nix
@ -1,7 +0,0 @@
-{ pkgs, ... }:
-{
-  environment.systemPackages = with pkgs; [
-    runelite
-  ];
-  programs.steam.enable = true;
-}
--- a/mod/users.nix
+++ b/mod/users.nix
@ -5,19 +5,26 @@
  ...
 }:
 {
-  users.users."hd" = {
+  users = {
+    mutableUsers = false;
+    users."hd" = {
      description = "Henri";
      isNormalUser = true;
      createHome = true;
      home = "/home/hd";
-    extraGroups = [
-      "networkmanager"
-      "wheel"
-    ];
+      extraGroups = [ "wheel" ];
      shell = pkgs.fish;
      packages = [ ];
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEG+dd4m98aKEWfFa/7VZUlJNX0axvIlHVihT8w7RLyY hd@solo"
+      ];
+      hashedPassword = "$y$j9T$L7VT26HQSBsX.nq5hKrZw0$6k43wNsKIO.SI.fqE1opaDuNobmFQrGXE1nzFB5wYg3";
+    };
+    users.root = {
+      hashedPassword = "!";
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEG+dd4m98aKEWfFa/7VZUlJNX0axvIlHVihT8w7RLyY hd@solo"
+      ];
+    };
  };
-  home-manager.users."hd" = lib.mkAliasDefinitions options.home;
-
-  users.users.root.hashedPassword = "!";
 }