hektor/nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: set up colmena with hetzner stuff

Browse Source
This commit is contained in:
Hektor Misplon
2026-01-22 20:18:17 +01:00
parent 600e55de1f
commit 0f369bdf6c
10 changed files with 175 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
deploy/README.md Normal file
View File

@@ -0,0 +1,9 @@
# `colmena` deployments
* tags: `local`, `cloud`
* deployments can be made from `astyanax` and `andromache` hosts
## References
- [docs: `colmena`](https://colmena.cli.rs/)
- [repo: `colmena`](https://github.com/zhaofengli/colmena)

28
deploy/colmena.nix Normal file
View File

@@ -0,0 +1,28 @@
{
self,
inputs,
}:
inputs.colmena.lib.makeHive {
meta = {
nixpkgs = import inputs.nixpkgs {
system = "x86_64-linux";
};
nodeNixpkgs = builtins.mapAttrs (_: v: v.pkgs) self.nixosConfigurations;
nodeSpecialArgs = builtins.mapAttrs (_: v: v._module.specialArgs or { }) self.nixosConfigurations;
};
astyanax.deployment.tags = [ "local" ];
andromache.deployment.tags = [ "local" ];
vm.deployment.tags = [ "local" ];
hecuba.deployment = {
targetHost = "hecuba";
targetUser = "username";
targetPort = 22;
tags = [ "cloud" ];
};
}

95
flake.lock generated
View File

@@ -1,5 +1,29 @@
{ {
"nodes": { "nodes": {
"colmena": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"nixpkgs"
],
"stable": "stable"
},
"locked": {
"lastModified": 1762034856,
"narHash": "sha256-QVey3iP3UEoiFVXgypyjTvCrsIlA4ecx6Acaz5C8/PQ=",
"owner": "zhaofengli",
"repo": "colmena",
"rev": "349b035a5027f23d88eeb3bc41085d7ee29f18ed",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"repo": "colmena",
"type": "github"
}
},
"disko": { "disko": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -43,6 +67,22 @@
"type": "gitlab" "type": "gitlab"
} }
}, },
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": { "flake-parts": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
@@ -66,6 +106,21 @@
} }
}, },
"flake-utils": { "flake-utils": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": { "inputs": {
"systems": "systems" "systems": "systems"
}, },
@@ -122,6 +177,27 @@
"type": "github" "type": "github"
} }
}, },
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"colmena",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729742964,
"narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nix-secrets": { "nix-secrets": {
"flake": false, "flake": false,
"locked": { "locked": {
@@ -157,7 +233,7 @@
}, },
"nixgl": { "nixgl": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": "flake-utils_2",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
@@ -363,6 +439,7 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"colmena": "colmena",
"disko": "disko", "disko": "disko",
"firefox-addons": "firefox-addons", "firefox-addons": "firefox-addons",
"home-manager": "home-manager", "home-manager": "home-manager",
@@ -394,6 +471,22 @@
"type": "github" "type": "github"
} }
}, },
"stable": {
"locked": {
"lastModified": 1750133334,
"narHash": "sha256-urV51uWH7fVnhIvsZIELIYalMYsyr2FCalvlRTzqWRw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "36ab78dab7da2e4e27911007033713bab534187b",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"systems": { "systems": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,

12
flake.nix
View File

@@ -34,6 +34,10 @@
url = "path:./dots/.config/nvim"; url = "path:./dots/.config/nvim";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
colmena = {
url = "github:zhaofengli/colmena";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = outputs =
@@ -48,6 +52,7 @@
nixgl, nixgl,
firefox-addons, firefox-addons,
nvim, nvim,
colmena,
}@inputs: }@inputs:
let let
inherit (self) outputs; inherit (self) outputs;
@@ -82,5 +87,12 @@
}; };
}; };
}; };
colmenaHive = import ./deploy/colmena.nix {
inherit
self
inputs
;
};
}; };
} }

2
home/hosts/andromache/default.nix
View File

@@ -13,7 +13,7 @@ in
imports = [ imports = [
../../modules/desktop/niri ../../modules/desktop/niri
../../modules/git.nix ../../modules/git.nix
../../modules/hetzner # ../../modules/hetzner.nix
../../modules/k9s.nix ../../modules/k9s.nix
../../modules/kitty.nix ../../modules/kitty.nix
../../modules/ssh.nix ../../modules/ssh.nix

2
home/hosts/astyanax/default.nix
View File

@@ -13,7 +13,7 @@ in
../../modules/anki.nix ../../modules/anki.nix
../../modules/desktop/niri ../../modules/desktop/niri
../../modules/git.nix ../../modules/git.nix
../../modules/hetzner # ../../modules/hetzner.nix
../../modules/k9s.nix ../../modules/k9s.nix
../../modules/kitty.nix ../../modules/kitty.nix
../../modules/ssh.nix ../../modules/ssh.nix

2
hosts/andromache/default.nix
View File

@@ -51,6 +51,8 @@ in
secrets.username = username; secrets.username = username;
docker.user = username; docker.user = username;
nix.settings.secret-key-files = [ config.sops.secrets.nix_signing_key_andromache.path ];
disko.devices = { disko.devices = {
disk.data = { disk.data = {
type = "disk"; type = "disk";

2
hosts/astyanax/default.nix
View File

@@ -53,6 +53,8 @@ in
secrets.username = username; secrets.username = username;
docker.user = username; docker.user = username;
nix.settings.secret-key-files = [ config.sops.secrets.nix_signing_key_astyanax.path ];
hardware = { hardware = {
cpu.intel.updateMicrocode = true; cpu.intel.updateMicrocode = true;
# https://wiki.nixos.org/wiki/Intel_Graphics # https://wiki.nixos.org/wiki/Intel_Graphics

27
hosts/hecuba/default.nix
View File

@@ -18,11 +18,17 @@ in
../../modules/common ../../modules/common
./hard.nix ./hard.nix
../../modules/ssh/hardened-openssh.nix ../../modules/ssh/hardened-openssh.nix
../../modules/docker
]; ];
networking.hostName = hostName; networking.hostName = hostName;
ssh.username = username; ssh.username = username;
ssh.authorizedHosts = [ "andromache" ]; ssh.authorizedHosts = [
"andromache"
"astyanax"
];
docker.user = username;
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-label/nixos"; device = "/dev/disk/by-label/nixos";
@@ -51,7 +57,13 @@ in
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;
networking.firewall.enable = true; networking.firewall = {
enable = true;
allowedTCPPorts = [
80
443
];
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
vim vim
@@ -67,4 +79,15 @@ in
enable = true; enable = true;
harden = true; harden = true;
}; };
nix.settings = {
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"astyanax:JY2qJkZUFSax47R3c1nq53AZ8GnLfNqz6mSnJ60cLZ4="
"andromache:XM4VLrEw63RB/3v/56OxzH/Yw+kKXKMBLKCb7UGAXzo="
];
auto-optimise-store = true;
keep-derivations = false;
keep-outputs = false;
};
} }

1
hosts/hecuba/ssh_host.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPIffzYkin2QHGoaOKXbQv6pbim8SU1J+3vAf2vXerMj root@nixos