feat: add deploy-rs user config

config/network.nix

@@ -15,7 +15,7 @@
           "sntrup761x25519-sha512@openssh.com"
         ];
         PasswordAuthentication = false;
-        PermitRootLogin = "no";
+        PermitRootLogin = "prohibit-password";
         StreamLocalBindUnlink = "yes";
       };
     };

config/services/atuin.nix

@@ -1,6 +1,11 @@
-{config, ...}: {
+{
+  config,
+  pkgs,
+  ...
+}: {
   services.atuin = {
     enable = true;
+    package = pkgs.unstable.atuin;
     openRegistration = false;
     maxHistoryLength = 1024 * 16;
     port = 43473;

config/users.nix

@@ -4,8 +4,6 @@
   pkgs,
   ...
 }: let
-  keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILm0O46zW/XfVOSwz0okRWYeOAg+wCVkCtCAoVTpZsOh"];
-
   nu_scripts = "${pkgs.nu_scripts}/share/nu_scripts";
   mkCompletions = completions:
     lib.concatStringsSep "\n" (
@@ -17,14 +15,18 @@
 in {
   i18n.defaultLocale = "en_US.UTF-8";
 
-  users.mutableUsers = false;
+  users = {
-  users.users.root.hashedPasswordFile = config.age.secrets."system/password-root".path;
+    mutableUsers = false;
-
+    users.root = {
-  users.users.winston = {
+      hashedPasswordFile = config.age.secrets."system/password-root".path;
-    extraGroups = ["wheel"];
+      openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/mwLoiuaQ6KH+1IOvYO541gq37S43pYtMetilMG3v5"] ++ config.users.users.winston.openssh.authorizedKeys.keys;
-    hashedPasswordFile = config.age.secrets."system/password-winston".path;
+    };
-    isNormalUser = true;
+    users.winston = {
-    openssh.authorizedKeys.keys = keys;
+      extraGroups = ["wheel"];
+      hashedPasswordFile = config.age.secrets."system/password-winston".path;
+      isNormalUser = true;
+      openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILm0O46zW/XfVOSwz0okRWYeOAg+wCVkCtCAoVTpZsOh"];
+    };
   };
 
   home-manager = {

flake.lock

@@ -73,6 +73,30 @@
         "type": "github"
       }
     },
+    "deploy-rs": {
+      "inputs": {
+        "flake-compat": [],
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "utils": [
+          "flake-utils"
+        ]
+      },
+      "locked": {
+        "lastModified": 1718194053,
+        "narHash": "sha256-FaGrf7qwZ99ehPJCAwgvNY5sLCqQ3GDiE/6uLhxxwSY=",
+        "owner": "serokell",
+        "repo": "deploy-rs",
+        "rev": "3867348fa92bc892eba5d9ddb2d7a97b9e127a8a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "serokell",
+        "repo": "deploy-rs",
+        "type": "github"
+      }
+    },
     "flake-parts": {
       "inputs": {
         "nixpkgs-lib": [
@@ -174,26 +198,6 @@
         "type": "github"
       }
     },
-    "nixinate": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1708891350,
-        "narHash": "sha256-VOQrKK7Df/IVuNki+NshVuGkTa/Tw0GigPjWcZff6kk=",
-        "owner": "matthewcroughan",
-        "repo": "nixinate",
-        "rev": "452f33c60df5b72ad0858f5f2cf224bdf1f17746",
-        "type": "github"
-      },
-      "original": {
-        "owner": "matthewcroughan",
-        "repo": "nixinate",
-        "type": "github"
-      }
-    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1725001927,
@@ -255,14 +259,15 @@
       "inputs": {
         "agenix": "agenix",
         "attic": "attic",
+        "deploy-rs": "deploy-rs",
         "flake-parts": "flake-parts_2",
         "flake-utils": "flake-utils",
         "home-manager": "home-manager",
-        "nixinate": "nixinate",
         "nixpkgs": "nixpkgs",
         "nixpkgs-unstable": "nixpkgs-unstable",
         "pre-commit-hooks": "pre-commit-hooks",
         "satisfactory-server": "satisfactory-server",
+        "steam-fetcher": "steam-fetcher",
         "valheim-server": "valheim-server"
       }
     },
@@ -271,44 +276,27 @@
         "nixpkgs": [
           "nixpkgs"
         ],
-        "steam-fetcher": "steam-fetcher"
+        "steam-fetcher": [
+          "steam-fetcher"
+        ]
       },
       "locked": {
-        "lastModified": 1726069190,
+        "lastModified": 1726272490,
-        "narHash": "sha256-UYnjgHSIjxdbRBxpVwvQ5IX5TVfRmgVZsGvwvRHeuPc=",
+        "narHash": "sha256-gpbldF84vR73LevX+PuYFRDXuoQBiR8mRDtuSfqvAU4=",
-        "path": "/home/winston/satisfactory-flake",
+        "owner": "nekowinston",
-        "type": "path"
+        "repo": "satisfactory-server-flake",
+        "rev": "1b2cb3e067fad90576926df4f3d94ccc206e3225",
+        "type": "github"
       },
       "original": {
-        "path": "/home/winston/satisfactory-flake",
+        "owner": "nekowinston",
-        "type": "path"
+        "repo": "satisfactory-server-flake",
+        "type": "github"
       }
     },
     "steam-fetcher": {
       "inputs": {
         "nixpkgs": [
-          "satisfactory-server",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1714795926,
-        "narHash": "sha256-PkgC9jqoN6cJ8XYzTA2PlrWs7aPJkM3BGiTxNqax0cA=",
-        "owner": "nix-community",
-        "repo": "steam-fetcher",
-        "rev": "12f66eafb7862d91b3e30c14035f96a21941bd9c",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "steam-fetcher",
-        "type": "github"
-      }
-    },
-    "steam-fetcher_2": {
-      "inputs": {
-        "nixpkgs": [
-          "valheim-server",
           "nixpkgs"
         ]
       },
@@ -361,7 +349,9 @@
         "nixpkgs": [
           "nixpkgs"
         ],
-        "steam-fetcher": "steam-fetcher_2"
+        "steam-fetcher": [
+          "steam-fetcher"
+        ]
       },
       "locked": {
         "lastModified": 1724824251,

flake.nix

@@ -1,24 +1,24 @@
 {
   outputs = {
     flake-parts,
+    nixpkgs,
+    nixpkgs-unstable,
     self,
     ...
   } @ inputs: let
     overlays = [
-      (final: _: rec {
+      (final: _: {
-        atuin = unstable.atuin;
+        unstable = nixpkgs-unstable.legacyPackages.${final.system};
         prometheus-fail2ban-exporter = final.callPackage ./pkgs/prometheus-fail2ban-exporter {};
-        unstable = inputs.nixpkgs-unstable.legacyPackages.${final.system};
       })
     ];
   in
     flake-parts.lib.mkFlake {inherit inputs;} {
       flake = {
-        nixosConfigurations.main-node = inputs.nixpkgs.lib.nixosSystem {
+        nixosConfigurations.main-node = nixpkgs.lib.nixosSystem {
           system = "x86_64-linux";
           modules = [
             {
-              _module.args.nixinate.host = "main-node";
               nixpkgs = {
                 config.allowUnfree = true;
                 inherit overlays;
@@ -30,11 +30,21 @@
             inputs.agenix.nixosModules.default
             inputs.attic.nixosModules.atticd
             inputs.home-manager.nixosModules.home-manager
-            inputs.valheim-server.nixosModules.default
             inputs.satisfactory-server.nixosModules.default
+            inputs.valheim-server.nixosModules.default
           ];
           specialArgs = {inherit inputs;};
         };
+
+        checks = builtins.mapAttrs (_: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib;
+
+        deploy.nodes.main-node = {
+          hostname = "winston.sh";
+          profiles.system = {
+            sshUser = "root";
+            path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.main-node;
+          };
+        };
       };
 
       perSystem = {
@@ -45,11 +55,23 @@
         system,
         ...
       }: {
-        _module.args.pkgs = import inputs.nixpkgs {
+        _module.args.pkgs = import nixpkgs {
           inherit overlays system;
         };
 
-        apps = (inputs.nixinate.nixinate.${system} self).nixinate;
+        devShells.default = pkgs.mkShell {
+          inherit (config.pre-commit.devShell) shellHook;
+          buildInputs = [
+            inputs'.agenix.packages.agenix
+            pkgs.age-plugin-yubikey
+            pkgs.unstable.deploy-rs
+            pkgs.unstable.nh
+            pkgs.unstable.nixd
+            self'.formatter
+          ];
+        };
+
+        formatter = pkgs.alejandra;
 
         pre-commit = {
           check.enable = true;
@@ -63,19 +85,6 @@
             shellcheck.enable = true;
           };
         };
-
-        devShells.default = pkgs.mkShell {
-          inherit (config.pre-commit.devShell) shellHook;
-          buildInputs = [
-            inputs'.agenix.packages.agenix
-            pkgs.age-plugin-yubikey
-            pkgs.unstable.nh
-            pkgs.unstable.nil
-            self'.formatter
-          ];
-        };
-
-        formatter = pkgs.alejandra;
       };
 
       imports = [inputs.pre-commit-hooks.flakeModule];
@@ -109,9 +118,11 @@
       inputs.flake-compat.follows = "";
       inputs.flake-utils.follows = "flake-utils";
     };
-    nixinate = {
+    deploy-rs = {
-      url = "github:matthewcroughan/nixinate";
+      url = "github:serokell/deploy-rs";
+      inputs.flake-compat.follows = "";
       inputs.nixpkgs.follows = "nixpkgs";
+      inputs.utils.follows = "flake-utils";
     };
     pre-commit-hooks = {
       url = "github:cachix/pre-commit-hooks.nix";
@@ -119,14 +130,21 @@
       inputs.nixpkgs.follows = "nixpkgs-unstable";
       inputs.nixpkgs-stable.follows = "nixpkgs";
     };
-    valheim-server = {
+
-      url = "github:aidalgol/valheim-server-flake";
+    # game servers
+    steam-fetcher = {
+      url = "github:nix-community/steam-fetcher";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     satisfactory-server = {
-      # url = "github:nekowinston/satisfactory-server-flake";
+      url = "github:nekowinston/satisfactory-server-flake";
-      url = "path:/home/winston/satisfactory-flake";
       inputs.nixpkgs.follows = "nixpkgs";
+      inputs.steam-fetcher.follows = "steam-fetcher";
+    };
+    valheim-server = {
+      url = "github:aidalgol/valheim-server-flake";
+      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.steam-fetcher.follows = "steam-fetcher";
     };
   };