test change Colmena

2025-02-12 20:03:33 +10:00 · 2025-02-12 20:03:33 +10:00 · 79504da0a5
commit 79504da0a5
parent 16c4e77524
5 changed files with 37 additions and 7 deletions
--- a/DEVDOC.md
+++ b/DEVDOC.md
@ -21,3 +21,5 @@ Enable an ssh server on the remote host, then on the
 local machine set `.ssh/config` to have a profile for 
 your desired host and have a key pair that's authorised 
 to your desired user. 
+
+NOTE: these keys must have permission 600 (only readable/writable by you)
--- a/2
+++ b/2
@ -2,4 +2,4 @@

 # Deploy to all Colmena hives
 colmena build
-colmena apply
+colmena apply --verbose
--- a/flake.nix
+++ b/flake.nix
@ -48,13 +48,27 @@
      config.allowUnfree = true;
    };

+    # Colmena's latest stable version is
+    # unusable so get latest unstable version.
+    #pkgsColmena = import (builtins.fetchGit {
+    #  name = "nixpkgs-unstable-colmena";
+    #  url = "https://github.com/NixOS/nixpkgs/";
+    #  ref = "refs/heads/nixpkgs-unstable";
+    #  rev = "21808d22b1cda1898b71cf1a1beb524a97add2c4";
+    #}) {};
+    pkgsColmena = import (builtins.fetchTarball {
+      url = "https://github.com/NixOS/nixpkgs/archive/21808d22b1cda1898b71cf1a1beb524a97add2c4.tar.gz";
+      sha256 = "0v2z6jphhbk1ik7fqhlfnihcyff5np9wb3pv19j9qb9mpildx0cg";
+    }) {inherit system;};
+
+    # TODO: come back to this its really cool
    # this is just something I'm experimenting with
    PROJECT_ROOT = builtins.toString ./.;
  in {
-    # shell for `nix develop`
-    devShells."x86_64-linux".default = pkgs.mkShell {
-      buildInputs = with pkgs; [
-        colmena
+    # `nix develop` shell
+    devShells."x86_64-linux".default = pkgsColmena.mkShell {
+      buildInputs = [
+        pkgsColmena.colmena
      ];
    };

--- a/homes/me/default.nix
+++ b/homes/me/default.nix
@ -104,6 +104,8 @@
    # (all we need is hyrule, everything else is through wishlist)
    ssh = {
      enable = true;
+      addKeysToAgent = "yes"; # always add keys to ssh-agent
+
      matchBlocks = {
        hyrule = {
          hostname = "imbored.dev";
@ -145,6 +147,9 @@
    */
  };

+  # enable OpenSSH private key agent
+  services.ssh-agent.enable = true;
+
  # ----- SERVICES -----
  # Nicely reload system units when changing configs
  systemd.user.startServices = "sd-switch";
--- a/hosts/hyrule/default.nix
+++ b/hosts/hyrule/default.nix
@ -36,8 +36,17 @@ in {
  # colmena deployment configuration
  deployment = {
    targetHost = "imbored.dev";
-    targetPort = 22;
    targetUser = "ae";
+    targetPort = 22;
+    sshOptions = "-i ~/.ssh/id_hyrule";
+    #keys = {
+    #  "imbored.dev" = {
+    #    # text, keyCommand, or keyFile must be set
+    #    # text = "";
+    #    #keyCommand = [ "" ];
+    #    keyFile = "/home/me/.ssh/id_hyrule";
+    #  };
+    #};
    buildOnTarget = false; # build locally then deploy
  };

@ -68,7 +77,7 @@ in {
      # primary user
      ae = {
        isNormalUser = true;
-        extraGroups = ["wheel"];
+        extraGroups = ["wheel" "networkmanager"];
        shell = pkgs.bash;
        home = "/home/ae"; # TEMP: remove and replace with home-manager
        packages = with pkgs; [