From 255805947ef77dfb52c758dfa47bb84a01e658fb Mon Sep 17 00:00:00 2001
From: mrflos <mrflos@gmail.com>
Date: Wed, 18 Sep 2024 11:29:27 +0300
Subject: [PATCH] feat(deploy): first integration of krops

---
 .gitignore                                    |  2 +
 deploy/krops.nix                              | 57 ++++++++++++++++++
 .../ThinkCentre-M710q-zoro-configuration.nix  | 59 -------------------
 .../hardware-configuration.nix}               |  0
 modules/console.nix                           |  1 +
 modules/minimal-server.nix                    |  1 +
 6 files changed, 61 insertions(+), 59 deletions(-)
 create mode 100644 deploy/krops.nix
 delete mode 100644 machines/ThinkCentre-M710q-zoro-configuration.nix
 rename machines/{ThinkCentre-M710q-zoro-hardware-configuration.nix => zoro/hardware-configuration.nix} (100%)

diff --git a/.gitignore b/.gitignore
index d057fa4..762b6e3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,4 @@
+.DS_Store
+deploy/result
 configuration.nix
 darwin-configuration.nix
diff --git a/deploy/krops.nix b/deploy/krops.nix
new file mode 100644
index 0000000..45ff543
--- /dev/null
+++ b/deploy/krops.nix
@@ -0,0 +1,57 @@
+let
+  krops = builtins.fetchGit {
+    url = "https://cgit.krebsco.de/krops/";
+  };
+  lib = import "${krops}/lib";
+  pkgs = import "${krops}/pkgs" {};
+
+  source = name: lib.evalSource [
+    {
+      dotfiles.file  = toString ../dotfiles;
+      machines.file = toString ../machines;
+      modules.file = toString ../modules;
+      nixos-config.symlink = "machines/${name}/configuration.nix";
+      nixpkgs.git = {
+        clean.exclude = ["/.version-suffix"];
+        ref = "086b448a5d54fd117f4dc2dee55c9f0ff461bdc1";
+        url = https://github.com/NixOS/nixpkgs;
+        shallow = true;
+      };
+      #secrets.pass = {
+      #  dir  = toString ./secrets";
+      #  name = "${name}";
+      #};
+    }
+  ];
+
+  zoro = pkgs.krops.writeDeploy "deploy-zoro" {
+    source = source "zoro";
+    target = lib.mkTarget "optisseur@10.42.0.3:4222" // {
+      extraOptions = [
+        #"-o"
+        #"ControlMaster=auto"
+        #"-o"
+        #"ControlPath=~/.ssh/master-%r@%h:%p"
+        #"-o"
+        #"ControlPersist=480m"
+      ];
+      sudo = true;
+    };
+  };
+
+  sanji = pkgs.krops.writeDeploy "deploy-sanji" {
+    source = source "sanji";
+    target = "root@server02.mydomain.org";
+  };
+
+in {
+  zoro = zoro;
+  sanji = sanji;
+  all = pkgs.writeScript "deploy-all-servers"
+    (lib.concatStringsSep "\n" [ zoro sanji ]);
+}
+
+# ssh-add -t 4h ~/.ssh/id_ed25519
+# nix-build ./krops.nix -A zoro && ./result
+# nix-build ./krops.nix -A sanji && ./result
+# nix-build ./krops.nix -A all && ./result
diff --git a/machines/ThinkCentre-M710q-zoro-configuration.nix b/machines/ThinkCentre-M710q-zoro-configuration.nix
deleted file mode 100644
index ba6cda3..0000000
--- a/machines/ThinkCentre-M710q-zoro-configuration.nix
+++ /dev/null
@@ -1,59 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  imports = [
-    ./ThinkCentre-M710q-zoro-hardware-configuration.nix
-    ../modules/minimal-server.nix
-  ];
-
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-
-  networking = {
-    hostName = "zoro";
-    domain = "mrflos.pw";
-    nameservers = ["80.67.169.12" "2001:910:800::12" "80.67.169.40" "2001:910:800::40"];
-    wg-quick.interfaces = {
-      wg0 = {
-        address = [ "10.42.0.3/32"];
-        privateKeyFile = "/etc/wireguard_private_key";
-
-        peers = [
-          {
-            publicKey = "2MZzEGJzA3HrwkHf91TaKJEHwCNyVvsTLWoIYHrCxhY=";
-            presharedKeyFile = "/etc/wireguard_preshared_key";
-            allowedIPs = [ "10.42.0.0/24" ];
-            endpoint = "195.201.63.240:8098";
-            persistentKeepalive = 15;
-          }
-        ];
-      };
-    };
-  };
-
-  time.timeZone = "Europe/Moscow";
-  i18n.defaultLocale = "en_US.UTF-8";
-
-  users.users.optisseur = {
-    isNormalUser = true;
-    extraGroups = [ "wheel" ]; 
-    initialPassword = "ACHANGER";
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBBM+2TwkopAQF7splTWjORQoxjcp67VhodwzvTMlL8g florian@florian-LinuxMint-MBP"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRG0CyeeMMrrjTTm/PHgRXD/I4lH/bBPBCGUiL+cBdq douzeb@tux-12"
-    ];
-  };
-
-  services.openssh.enable = true;
-  services.openssh.ports = [ 4222 ];
-  services.openssh.settings = {
-    PermitRootLogin = "no";
-    PasswordAuthentication = false;
-    KbdInteractiveAuthentication = false;
-  };
-
-  networking.firewall.allowedTCPPorts = [ 80 443 4222 ];
-
-  system.stateVersion = "24.05"; 
-}
-
diff --git a/machines/ThinkCentre-M710q-zoro-hardware-configuration.nix b/machines/zoro/hardware-configuration.nix
similarity index 100%
rename from machines/ThinkCentre-M710q-zoro-hardware-configuration.nix
rename to machines/zoro/hardware-configuration.nix
diff --git a/modules/console.nix b/modules/console.nix
index f38e9ef..297c497 100644
--- a/modules/console.nix
+++ b/modules/console.nix
@@ -49,6 +49,7 @@ in
     htop
     lazygit
     lsd
+    magic-wormhole
     mc
     micro
     mosh
diff --git a/modules/minimal-server.nix b/modules/minimal-server.nix
index da497bc..414be82 100644
--- a/modules/minimal-server.nix
+++ b/modules/minimal-server.nix
@@ -21,6 +21,7 @@
     htop
     lazygit
     lsd
+    magic-wormhole
     mc
     micro
     mosh