Configure remote deployment with deploy-rs

.envrc

@@ -0,0 +1 @@
+use flake .

flake.lock

@@ -16,6 +16,28 @@
         "type": "github"
       }
     },
+    "deploy-rs": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "utils": "utils"
+      },
+      "locked": {
+        "lastModified": 1718194053,
+        "narHash": "sha256-FaGrf7qwZ99ehPJCAwgvNY5sLCqQ3GDiE/6uLhxxwSY=",
+        "owner": "serokell",
+        "repo": "deploy-rs",
+        "rev": "3867348fa92bc892eba5d9ddb2d7a97b9e127a8a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "serokell",
+        "repo": "deploy-rs",
+        "type": "github"
+      }
+    },
     "disko": {
       "inputs": {
         "nixpkgs": [
@@ -75,6 +97,22 @@
         "type": "github"
       }
     },
+    "flake-compat_2": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1696426674,
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
     "flake-parts": {
       "inputs": {
         "nixpkgs-lib": "nixpkgs-lib"
@@ -110,7 +148,7 @@
     },
     "flake-utils_2": {
       "inputs": {
-        "systems": "systems"
+        "systems": "systems_2"
       },
       "locked": {
         "lastModified": 1710146030,
@@ -207,7 +245,7 @@
     },
     "nix-vscode-extensions": {
       "inputs": {
-        "flake-compat": "flake-compat",
+        "flake-compat": "flake-compat_2",
         "flake-utils": "flake-utils_2",
         "nixpkgs": [
           "nixpkgs"
@@ -326,6 +364,7 @@
     "root": {
       "inputs": {
         "betterfox": "betterfox",
+        "deploy-rs": "deploy-rs",
         "disko": "disko",
         "firefox-addons": "firefox-addons",
         "flake-parts": "flake-parts",
@@ -379,6 +418,21 @@
         "type": "github"
       }
     },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
     "treefmt-nix": {
       "inputs": {
         "nixpkgs": [
@@ -399,6 +453,24 @@
         "type": "github"
       }
     },
+    "utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1701680307,
+        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
     "wrapper-manager": {
       "inputs": {
         "nixpkgs": [

flake.nix

@@ -11,6 +11,11 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
+    deploy-rs = {
+      url = "github:serokell/deploy-rs";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     home-manager = {
       url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs";

flake/checks.nix

@@ -17,4 +17,8 @@
         '';
       };
     };
+
+  flake.checks = builtins.mapAttrs (
+    _: deployLib: deployLib.deployChecks self.deploy
+  ) inputs.deploy-rs.lib;
 }

flake/dev-shells.nix

@@ -1,13 +1,23 @@
+{ inputs, ... }:
 {
   perSystem =
-    { pkgs, ... }:
+    { pkgs, system, ... }:
     {
-      devShells.sops = pkgs.mkShell {
+      devShells = {
-        packages = [
+        default = pkgs.mkShell {
-          pkgs.sops
+          packages = [
-          pkgs.age
+            pkgs.nh
-          pkgs.ssh-to-age
+            inputs.deploy-rs.defaultPackage.${system}
-        ];
+          ];
+        };
+
+        sops = pkgs.mkShell {
+          packages = [
+            pkgs.sops
+            pkgs.age
+            pkgs.ssh-to-age
+          ];
+        };
       };
     };
 }

flake/hosts.nix

@@ -25,13 +25,20 @@ let
         );
     };
   };
-
 in
 {
-  flake.nixosConfigurations = lib.mkMerge [
+  flake = {
-    (mkHost "north" unstable)
+    nixosConfigurations = lib.mkMerge [
-    (mkHost "inspiron" unstable)
+      (mkHost "north" unstable)
-    (mkHost "stratus" stable)
+      (mkHost "inspiron" unstable)
-    (mkHost "installer" stable)
+      (mkHost "stratus" stable)
-  ];
+      (mkHost "installer" stable)
+    ];
+
+    deploy.nodes.stratus = {
+      hostname = "stratus";
+      sshUser = "root";
+      profiles.system.path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.stratus;
+    };
+  };
 }

hosts/common.nix

@@ -65,7 +65,6 @@
   environment.systemPackages = [
     pkgs.git
     pkgs.just
-    pkgs.nh
   ];
 
   nixpkgs.config.allowUnfree = true;

justfile

@@ -26,8 +26,8 @@ fmt:
 check:
     nix flake check
 
-dev-sops:
+dev shell='default':
-    nix develop .#sops --command zsh
+    nix develop .#{{ shell }} --command zsh
 
 build-iso:
     nix build .#nixosConfigurations.installer.config.formats.iso -o result