added hyrule vps host and colmena remote deployment

DEVDOC.md

@@ -13,3 +13,11 @@ essentials for my work, no graphical environment.
 A simple account I let me friends connect to. 
 Limited functionality, mostly just for letting
 them test small things or for giving them files.
+
+
+## Setup Guide
+##### New Colmena Instance
+Enable an ssh server on the remote host, then on the 
+local machine set `.ssh/config` to have a profile for 
+your desired host and have a key pair that's authorised 
+to your desired user. 

deploy-remote

@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+# Deploy to all Colmena hives
+colmena build
+colmena apply

flake.nix

@@ -51,6 +51,13 @@
     # this is just something I'm experimenting with
     PROJECT_ROOT = builtins.toString ./.;
   in {
+    # shell for `nix develop`
+    devShells."x86_64-linux".default = pkgs.mkShell {
+      buildInputs = with pkgs; [
+        colmena
+      ];
+    };
+
     nixosConfigurations = {
       # i be on my puter fr
       myputer = nixpkgs.lib.nixosSystem {
@@ -73,14 +80,29 @@
         ];
       };
 
-      # my server (vps)
-      imbored = nixpkgs.lib.nixosSystem {
-        specialargs = {inherit inputs pkgs;};
+      # meine vps
+      #imbored = nixpkgs.lib.nixosSystem {
+      #  specialargs = {inherit inputs pkgs;};
+      #
+      #  modules = [
+      #    ./hosts/imbored
+      #  ];
+      #};
+    };
 
-        modules = [
-          ./hosts/imbored
-        ];
+    # remote deployment to my servers!!
+    colmena = {
+      meta = {
+        # set nixpkgs global
+        nixpkgs = pkgs;
+        # set nixpkgs per server
+        # nodeNixpkgs = {
+        #   hyrule = pkgs;
+        # };
       };
+
+      # meine vps
+      hyrule = import ./hosts/hyrule;
     };
   };
 }

hosts/hyrule/default.nix

@@ -9,17 +9,17 @@
     sha256 = "19w63qccz78v0spx03911z98w1bvlxvd07hb0ma14a4vdzi4ninj";
   };
 in {
-  # TODO: 
+  # TODO:
   #    - add github:charmbracelet/soft-serve
   #    - add forgejo
 
   imports = [
+    ./hardware-configuration.nix
     #../modules/server/nginx.nix
     #../modules/server/ssh.nix
     #../modules/server/fail2ban.nix
   ];
 
-  system.stateVersion = "24.11"; # DO NOT MODIFY
   nix.settings.experimental-features = [
     "nix-command"
     "flakes"
@@ -33,16 +33,32 @@ in {
     keyMap = "us";
   };
 
-  boot.loader = {
-    # TODO
+  # colmena deployment configuration
+  deployment = {
+    targetHost = "imbored.dev";
+    targetPort = 22;
+    targetUser = "ae";
+    buildOnTarget = false; # build locally then deploy
+  };
+
+  # super duper minimum grub2 config
+  boot.loader.grub = {
+    enable = true;
+    device = "/dev/vda";
   };
 
   networking = {
-    hostName = "imbored";
+    hostName = "hyrule";
     networkmanager.enable = true;
-    firewall.allowedTCPPorts = [
-      22 # sshd
-    ]
+
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [
+        22 # sshd
+        80 # nginx
+        443 # nginx
+      ];
+    };
   };
 
   users = {
@@ -50,10 +66,11 @@ in {
 
     users = {
       # primary user
-      dev = {
+      ae = {
         isNormalUser = true;
         extraGroups = ["wheel"];
         shell = pkgs.bash;
+        home = "/home/ae"; # TEMP: remove and replace with home-manager
         packages = with pkgs; [
         ];
       };
@@ -62,12 +79,55 @@ in {
       friends = {
         isNormalUser = true;
         shell = pkgs.bash;
+        home = "/home/friends"; # TEMP: remove and replace with home-manager
         packages = with pkgs; [
         ];
       };
     };
   };
 
+  services = {
+    # simple nginx instance to host static construction page
+    nginx = {
+      enable = true;
+
+      # package = pkgs.nginxStable.override { openssl = pkgs.libressl; };
+
+      #virtualHosts."imbored.dev".locations."/" = {
+      virtualHosts."imbored.dev" = {
+        addSSL = true;
+        enableACME = true;
+        root = "/var/www/imbored";
+        #index = "index.html";
+        #root = pkgs.writeTextDir "index.html" ''
+        #  <html>
+        #  <body>
+        #  Give me your mittens!
+        #  </body>
+        #  </html>
+        #'';
+      };
+    };
+
+    # quick and dirty way temporary way accessing my server
+    openssh = {
+      enable = true;
+      ports = [22];
+      settings = {
+        PasswordAuthentication = true;
+        PermitRootLogin = "no";
+        AllowUsers = ["ae"]; # allow all users by default
+        UseDns = true;
+        X11Forwarding = false;
+      };
+    };
+  };
+  # accept Lets Encrypt's security policy (for nginx)
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "eclarkboman@gmail.com";
+  };
+
   #home-manager = {
   #  users = {
   #    dev = import ../../homes/dev;
@@ -75,9 +135,13 @@ in {
   #  };
   #};
 
-  environment.SystemPackages = with pkgs; [
+  environment.systemPackages = with pkgs; [
+    vim
+    helix
   ];
 
   programs = {
   };
+
+  system.stateVersion = "24.11"; # DO NOT MODIFY
 }

hosts/hyrule/hardware-configuration.nix

@@ -0,0 +1,37 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "ahci" "sd_mod" "sr_mod" "virtio_blk" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-label/NIXROOT";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-label/NIXBOOT";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ens3.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}