feat: deploy remotely via colmena(instead of nixos-rebuild)

Makefile

@@ -64,31 +64,11 @@ ha-debug: darwin-set-proxy
 #
 ############################################################################
 
-
 add-idols-ssh-key:
 	ssh-add ~/.ssh/ai-idols
 
-aqua: add-idols-ssh-key
+idols: add-idols-ssh-key
-	nixos-rebuild --flake .#aquamarine --target-host aquamarine --build-host aquamarine switch --use-remote-sudo
+	colmena apply --on '@dist-build' --show-trace
-
-aqua-debug: add-idols-ssh-key
-	nixos-rebuild --flake .#aquamarine --target-host aquamarine --build-host aquamarine switch --use-remote-sudo --show-trace --verbose
-
-ruby: add-idols-ssh-key
-	nixos-rebuild --flake .#ruby --target-host ruby --build-host ruby switch --use-remote-sudo
-
-ruby-debug: add-idols-ssh-key
-	nixos-rebuild --flake .#ruby --target-host ruby --build-host ruby switch --use-remote-sudo --show-trace --verbose
-
-kana: add-idols-ssh-key
-	nixos-rebuild --flake .#kana --target-host kana --build-host kana switch --use-remote-sudo
-
-kana-debug: add-idols-ssh-key
-	nixos-rebuild --flake .#kana --target-host kana --build-host kana switch --use-remote-sudo --show-trace --verbose
-
-idols: aqua ruby kana
-
-idols-debug: aqua-debug ruby-debug kana-debug
 
 # only used once to setup the virtual machines
 idols-image:

README.md

@@ -148,15 +148,12 @@ Once the virtual machine `aquamarine` is created, we can deploy updates to it wi
 # 1. add the ssh key to ssh-agent
 ssh-add ~/.ssh/ai-idols
 
-# 2. deploy the configuration to the remote host, using the ssh key we added in step 1
+# 2. deploy the configuration to all the remote host with tag `@dist-build`
-#    and the username defaults to `$USER`, it's `ryan` in my case.
+# using the ssh key we added in step 1
-nixos-rebuild --flake .#aquamarine --target-host aquamarine --build-host aquamarine switch --use-remote-sudo --verbose
+colmena apply --on '@dist-build' --show-trace
-
-# or we can replace the command above with the following command, which is defined in Makefile
-make aqua
 ```
 
-The commands above will build & deploy the configuration to `aquamarine`, the build process will be executed on `aquamarine` too, and the `--use-remote-sudo` option indicates that we will use `sudo` on the remote host.
+If you're not familiar with remote deployment, please read this tutorial first: [Remote Deployment - NixOS & Flakes Book](https://nixos-and-flakes.thiscute.world/best-practices/remote-deployment)
 
 ## References
 

flake.nix

@@ -32,75 +32,98 @@
 
     nixosSystem = import ./lib/nixosSystem.nix;
     macosSystem = import ./lib/macosSystem.nix;
+    colemnaSystem = import ./lib/colmenaSystem.nix;
+
+    # 星野 アイ, Hoshino Ai
+    idol_ai_modules_i3 = {
+      nixos-modules = [
+        ./hosts/idols/ai
+        ./modules/nixos/i3.nix
+      ];
+      home-module = import ./home/linux/desktop-i3.nix;
+    };
+    idol_ai_modules_hyprland = {
+      nixos-modules = [
+        ./hosts/idols/ai
+        ./modules/nixos/hyprland.nix
+      ];
+      home-module = import ./home/linux/desktop-hyprland.nix;
+    };
+
+    # 星野 愛久愛海, Hoshino Akuamarin
+    idol_aquamarine_modules = {
+      nixos-modules = [
+        ./hosts/idols/aquamarine
+      ];
+      home-module = import ./home/linux/server.nix;
+    };
+    idol_aquamarine_tags = ["dist-build"];
+
+    # 星野 瑠美衣, Hoshino Rubii
+    idol_ruby_modules = {
+      nixos-modules = [
+        ./hosts/idols/ruby
+      ];
+      home-module = import ./home/linux/server.nix;
+    };
+    idol_ruby_tags = ["dist-build"];
+
+    # 有馬 かな, Arima Kana
+    idol_kana_modules = {
+      nixos-modules = [
+        ./hosts/idols/kana
+      ];
+      home-module = import ./home/linux/server.nix;
+    };
+    idol_kana_tags = ["dist-build"];
+
+    x64_specialArgs =
+      {
+        inherit username userfullname useremail;
+        # use unstable branch for some packages to get the latest updates
+        pkgs-unstable = import nixpkgs-unstable {
+          system = x64_system; # refer the `system` parameter form outer scope recursively
+          # To use chrome, we need to allow the installation of non-free software
+          config.allowUnfree = true;
+        };
+      }
+      // inputs;
   in {
     nixosConfigurations = let
-      # 星野 アイ, Hoshino Ai
-      idol_ai_modules_i3 = {
-        nixos-modules = [
-          ./hosts/idols/ai
-          ./modules/nixos/i3.nix
-        ];
-        home-module = import ./home/linux/desktop-i3.nix;
-      };
-      idol_ai_modules_hyprland = {
-        nixos-modules = [
-          ./hosts/idols/ai
-          ./modules/nixos/hyprland.nix
-        ];
-        home-module = import ./home/linux/desktop-hyprland.nix;
-      };
-
-      # 星野 愛久愛海, Hoshino Akuamarin
-      idol_aquamarine_modules = {
-        nixos-modules = [
-          ./hosts/idols/aquamarine
-        ];
-        home-module = import ./home/linux/server.nix;
-      };
-
-      # 星野 瑠美衣, Hoshino Rubii
-      idol_ruby_modules = {
-        nixos-modules = [
-          ./hosts/idols/ruby
-        ];
-        home-module = import ./home/linux/server.nix;
-      };
-
-      # 有馬 かな, Arima Kana
-      idol_kana_modules = {
-        nixos-modules = [
-          ./hosts/idols/kana
-        ];
-        home-module = import ./home/linux/server.nix;
-      };
-
-      system = x64_system;
-      specialArgs =
-        {
-          inherit username userfullname useremail;
-          # use unstable branch for some packages to get the latest updates
-          pkgs-unstable = import nixpkgs-unstable {
-            system = x64_system; # refer the `system` parameter form outer scope recursively
-            # To use chrome, we need to allow the installation of non-free software
-            config.allowUnfree = true;
-          };
-        }
-        // inputs;
       base_args = {
-        inherit home-manager nixos-generators system specialArgs;
+        inherit home-manager nixos-generators;
+        nixpkgs = nixpkgs;  # or nixpkgs-unstable
+        system = x64_system;
+        specialArgs = x64_specialArgs;
       };
-      stable_args = base_args // {inherit nixpkgs;};
-      unstable_args = base_args // {nixpkgs = nixpkgs-unstable;};
     in {
       # ai with i3 window manager
-      ai_i3 = nixosSystem (idol_ai_modules_i3 // stable_args);
+      ai_i3 = nixosSystem (idol_ai_modules_i3 // base_args);
       # ai with hyprland compositor
-      ai_hyprland = nixosSystem (idol_ai_modules_hyprland // stable_args);
+      ai_hyprland = nixosSystem (idol_ai_modules_hyprland // base_args);
 
       # three virtual machines without desktop environment.
-      aquamarine = nixosSystem (idol_aquamarine_modules // stable_args);
+      aquamarine = nixosSystem (idol_aquamarine_modules // base_args);
-      ruby = nixosSystem (idol_ruby_modules // stable_args);
+      ruby = nixosSystem (idol_ruby_modules // base_args);
-      kana = nixosSystem (idol_kana_modules // stable_args);
+      kana = nixosSystem (idol_kana_modules // base_args);
+    };
+
+    # colmena - remote deployment via SSH
+    colmena = let
+      base_args = {
+        inherit home-manager;
+        nixpkgs = nixpkgs;  # or nixpkgs-unstable
+        specialArgs = x64_specialArgs;
+      };
+    in {
+      meta = {
+        nixpkgs = import nixpkgs { system = x64_system; };
+        specialArgs = x64_specialArgs;
+      };
+
+      aquamarine = colemnaSystem (idol_aquamarine_modules // base_args // { host_tags = idol_aquamarine_tags; });
+      ruby = colemnaSystem (idol_ruby_modules // base_args // { host_tags = idol_ruby_tags; });
+      kana = colemnaSystem (idol_kana_modules // base_args // { host_tags = idol_kana_tags; });
     };
 
     # take system images for idols

lib/colmenaSystem.nix

@@ -0,0 +1,39 @@
+# colemena - Remote Deployment via SSH
+{
+  nixpkgs,
+  home-manager,
+  specialArgs,
+  nixos-modules,
+  home-module,
+  host_tags,
+}: let
+  username = specialArgs.username;
+in
+  { name, nodes, ... }: {
+    deployment = {
+      targetHost = name;  # hostName or IP address
+      targetUser = username;
+      tags = host_tags;
+    };
+
+    imports =
+      nixos-modules
+      ++ [
+        {
+          # make `nix run nixpkgs#nixpkgs` use the same nixpkgs as the one used by this flake.
+          nix.registry.nixpkgs.flake = nixpkgs;
+          # make `nix repl '<nixpkgs>'` use the same nixpkgs as the one used by this flake.
+          environment.etc."nix/inputs/nixpkgs".source = "${nixpkgs}";
+          nix.nixPath = ["/etc/nix/inputs"];
+        }
+
+        home-manager.nixosModules.home-manager
+        {
+          home-manager.useGlobalPkgs = true;
+          home-manager.useUserPackages = true;
+
+          home-manager.extraSpecialArgs = specialArgs;
+          home-manager.users."${username}" = home-module;
+        }
+      ];
+  }

modules/nixos/core-desktop.nix

@@ -39,6 +39,7 @@
       ]
     ))
     psmisc  # killall/pstree/prtstat/fuser/...
+    colmena  # nixos's remote deployment tool
   ];
 
   programs = {