From d0b1d9b7750978da8a9bb446bb0516fdd727a501 Mon Sep 17 00:00:00 2001
From: m3tam3re <m@m3tam3re.com>
Date: Thu, 24 Oct 2024 13:29:49 +0200
Subject: [PATCH] video 16

---
 flake.lock                        | 87 ++++++++++++++++++++++++++++++-
 flake.nix                         | 23 ++++++++
 hosts/m3-kratos/configuration.nix |  5 ++
 hosts/m3-kratos/default.nix       |  1 -
 4 files changed, 114 insertions(+), 2 deletions(-)

diff --git a/flake.lock b/flake.lock
index 3a88c99..a89291e 100644
--- a/flake.lock
+++ b/flake.lock
@@ -21,6 +21,27 @@
         "type": "github"
       }
     },
+    "colmena": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "flake-utils": "flake-utils",
+        "nixpkgs": "nixpkgs_2",
+        "stable": "stable"
+      },
+      "locked": {
+        "lastModified": 1728263678,
+        "narHash": "sha256-gyUVsPAWY9AgVKjrNPoowrIr5BvK4gI0UkDXvv8iSxA=",
+        "owner": "zhaofengli",
+        "repo": "colmena",
+        "rev": "b0a62f234fae02a006123e661ff70e62af16106b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "zhaofengli",
+        "repo": "colmena",
+        "type": "github"
+      }
+    },
     "darwin": {
       "inputs": {
         "nixpkgs": [
@@ -79,6 +100,37 @@
         "url": "https://code.m3tam3re.com/m3tam3re/dotfiles-flake-demo.git"
       }
     },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1650374568,
+        "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "b4a34015c698c7793d592d66adbab377907a2be8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1659877975,
+        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -153,6 +205,22 @@
       }
     },
     "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1725103162,
+        "narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
       "locked": {
         "lastModified": 1726463316,
         "narHash": "sha256-gI9kkaH0ZjakJOKrdjaI/VbaMEo9qBbSUl93DnU7f4c=",
@@ -171,13 +239,30 @@
     "root": {
       "inputs": {
         "agenix": "agenix",
+        "colmena": "colmena",
         "disko": "disko",
         "dotfiles": "dotfiles",
         "home-manager": "home-manager_2",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs_3",
         "nixpkgs-stable": "nixpkgs-stable"
       }
     },
+    "stable": {
+      "locked": {
+        "lastModified": 1724316499,
+        "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-24.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "systems": {
       "locked": {
         "lastModified": 1681028828,
diff --git a/flake.nix b/flake.nix
index 856dc3c..e585e98 100644
--- a/flake.nix
+++ b/flake.nix
@@ -18,6 +18,8 @@
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
     nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05";
 
+    colmena.url = "github:zhaofengli/colmena";
+
     agenix.url = "github:ryantm/agenix";
 
     disko = {
@@ -36,6 +38,7 @@
     agenix,
     home-manager,
     nixpkgs,
+    nixpkgs-stable,
     ...
   } @ inputs: let
     inherit (self) outputs;
@@ -69,5 +72,25 @@
         modules = [./home/m3tam3re/m3tam3re.nix];
       };
     };
+    colmena = {
+      meta = {
+        nixpkgs = import nixpkgs {
+          system = "x86_64-linux";
+        };
+        specialArgs = {inherit inputs outputs;};
+      };
+      m3-kratos-vm = {
+        deployment = {
+          targetHost = "m3-kratos-vm";
+          targetUser = "m3tam3re";
+          tags = ["vm"];
+        };
+        imports = [
+          ./hosts/m3-kratos
+          inputs.disko.nixosModules.disko
+          agenix.nixosModules.default
+        ];
+      };
+    };
   };
 }
diff --git a/hosts/m3-kratos/configuration.nix b/hosts/m3-kratos/configuration.nix
index 204500f..cfa2459 100644
--- a/hosts/m3-kratos/configuration.nix
+++ b/hosts/m3-kratos/configuration.nix
@@ -89,6 +89,11 @@
   networking.nat.enable = true;
   networking.nat.internalInterfaces = ["ve-+"];
   networking.nat.externalInterface = "enp1s0";
+
+  #security.sudo.wheelNeedsPassword = false;
+
+  security.sudo.extraConfig = "m3tam3re ALL=(ALL) NOPASSWD: ALL";
+
   # networking.firewall.enable = false;
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
diff --git a/hosts/m3-kratos/default.nix b/hosts/m3-kratos/default.nix
index e8cbd19..9f604f6 100644
--- a/hosts/m3-kratos/default.nix
+++ b/hosts/m3-kratos/default.nix
@@ -39,6 +39,5 @@
     ./secrets.nix
     ./services
   ];
-
   extraServices.podman.enable = true;
 }