From fbfe594def3c3d60f3d3b908495887aa91f4994d Mon Sep 17 00:00:00 2001
From: Sridhar Ratnakumar <srid@srid.ca>
Date: Tue, 26 Mar 2024 14:14:33 -0400
Subject: [PATCH] Add colmena deployment

---
 flake.lock | 16 ++++++++++++++++
 flake.nix  | 18 ++++++++++++++++++
 2 files changed, 34 insertions(+)

diff --git a/flake.lock b/flake.lock
index f8534da..e23f897 100644
--- a/flake.lock
+++ b/flake.lock
@@ -66,6 +66,21 @@
         "type": "github"
       }
     },
+    "colmena-flake": {
+      "locked": {
+        "lastModified": 1711476729,
+        "narHash": "sha256-Qgbafdn8cakqnSKD6tC1G6+5LrKs12c+vs9PoQ8Hq14=",
+        "owner": "juspay",
+        "repo": "colmena-flake",
+        "rev": "8a659d55529918012234e662413a3758a2ba3db1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "juspay",
+        "repo": "colmena-flake",
+        "type": "github"
+      }
+    },
     "crane": {
       "inputs": {
         "nixpkgs": [
@@ -1791,6 +1806,7 @@
     "root": {
       "inputs": {
         "actual": "actual",
+        "colmena-flake": "colmena-flake",
         "disko": "disko",
         "emacs-overlay": "emacs-overlay",
         "emanote": "emanote",
diff --git a/flake.nix b/flake.nix
index fe38533..d7c7402 100644
--- a/flake.nix
+++ b/flake.nix
@@ -13,6 +13,7 @@
     nixos-flake.url = "github:srid/nixos-flake";
     disko.url = "github:nix-community/disko";
     disko.inputs.nixpkgs.follows = "nixpkgs";
+    colmena-flake.url = "github:juspay/colmena-flake";
 
     # CI server
     sops-nix.url = "github:juspay/sops-nix/json-nested"; # https://github.com/Mic92/sops-nix/pull/328
@@ -59,12 +60,28 @@
       imports = [
         inputs.treefmt-nix.flakeModule
         inputs.nixos-flake.flakeModule
+        inputs.colmena-flake.flakeModules.default
         ./users
         ./home
         ./nixos
         ./nix-darwin
       ];
 
+      colmena-parts.deployment =
+        let
+          read1Password = field:
+            [ "op" "read" "op://Personal/nixos-config/${field}" ];
+        in
+        {
+          github-runner = {
+            targetHost = "github-runner";
+            targetUser = "srid";
+            keys."github-runner-token.secret" = {
+              keyCommand = read1Password "github-runner-token";
+            };
+          };
+        };
+
       flake = {
         # Configuration for my M1 Macbook Max (using nix-darwin)
         darwinConfigurations.appreciate =
@@ -109,6 +126,7 @@
             pkgs.ssh-to-age
             pkgs.nixos-rebuild
             pkgs.just
+            pkgs.colmena
           ];
         };
       };