deployment with Colmena

README.md

@@ -190,6 +190,40 @@ niv add nix-community/NUR -n NUR
 # TODO (!)
 ```
 
+## Deployment and secrets
+
+Install Colmena:
+
+```shell
+nix-shell -p colmena
+```
+
+Configuration is done inside [hive.nix](hive.nix).
+
+Build config:
+
+```shell
+colmena build
+```
+
+Apply to all non-local nodes:
+
+```shell
+colmena apply switch
+#colmena apply boot
+```
+
+Apply to local node:
+
+```shell
+colmena apply-local --sudo switch
+#colmena apply-local --sudo boot
+```
+
+Filtering:
+- You can filter hosts by tags with `--on @tag-a,@tag-b`.
+- You can use globs in tag matching as well: `colmena apply --on '@infra-*'`
+
 ## BTRFS Swap file
 
 * https://nixos.wiki/wiki/Btrfs#Swap_file

hive.nix

@@ -0,0 +1,60 @@
+let
+  sources = import ./nix/sources.nix;
+in
+{
+  # Colmena config: https://colmena.cli.rs/0.4/tutorial/index.html#basic-configuration
+  # Colmena local node: https://colmena.cli.rs/0.4/features/apply-local.html
+
+  meta = {
+    # Override to pin the Nixpkgs version.
+    # Note: You can also override Nixpkgs by node.
+    nixpkgs = import sources.nixpkgs {};
+  };
+
+  defaults = { ... }: {
+    # This module will be imported by all hosts.
+  };
+
+  #
+  # LOCAL DEPLOYMENT
+  #
+
+  yodaTux = { name, nodes, ... }: {
+    # Import the per-host configuration file.
+    imports = [ ./hosts/${name}/configuration.nix ];
+
+    deployment = {
+      # Local deployment.
+      allowLocalDeployment = true;
+      targetHost = null;
+    };
+  };
+
+  yodaTab = { name, nodes, ... }: {
+    # Import the per-host configuration file.
+    imports = [ ./hosts/${name}/configuration.nix ];
+
+    deployment = {
+      # Local deployment.
+      allowLocalDeployment = true;
+      targetHost = null;
+    };
+  };
+
+  #
+  # SSH DEPLOYMENT
+  #
+
+  yodaYoga = { name, nodes, ... }: {
+    # Import the per-host configuration file.
+    imports = [ ./hosts/${name}/configuration.nix ];
+
+    deployment = {
+      # SSH deployment.
+      targetHost = "p1st.de";
+      targetPort = 2224;
+
+      # tags = [ "production" ];
+    };
+  };
+}

hosts/yodaTab/configuration.nix

@@ -2,7 +2,7 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running `nixos-help`).
 
-{ config, sources ? import ../../nix/sources.nix, pkgs ? import sources.nixpkgs {}, ... }:
+{ config, pkgs, ... }:
 let
   # Import Home Manager with niv.
   home-manager = (import ../../nix/sources.nix).home-manager;

hosts/yodaTux/configuration.nix

@@ -2,7 +2,7 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running `nixos-help`).
 
-{ config, sources ? import ../../nix/sources.nix, pkgs ? import sources.nixpkgs {}, ... }:
+{ config, pkgs, ... }:
 let
   # Import Home Manager with niv.
   home-manager = (import ../../nix/sources.nix).home-manager;

hosts/yodaYoga/configuration.nix

@@ -2,7 +2,7 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running `nixos-help`).
 
-{ config, sources ? import ../../nix/sources.nix, pkgs ? import sources.nixpkgs {}, ... }:
+{ config, pkgs, ... }:
 let
   # Import Home Manager with niv.
   home-manager = (import ../../nix/sources.nix).home-manager;