From 44d2847778db7b31a0d893f18c629f38783371d0 Mon Sep 17 00:00:00 2001
From: Joey Hafner <joey@jafner.net>
Date: Thu, 23 Jan 2025 22:48:53 -0800
Subject: [PATCH] Artificer NixOS host: init, configure docker

---
 dotfiles/flake.nix                           | 38 ++++++++++++++++++++
 dotfiles/systems/artificer/configuration.nix | 34 ++++++++++++++++++
 dotfiles/systems/artificer/docker.nix        |  9 +++++
 3 files changed, 81 insertions(+)
 create mode 100644 dotfiles/systems/artificer/configuration.nix
 create mode 100644 dotfiles/systems/artificer/docker.nix

diff --git a/dotfiles/flake.nix b/dotfiles/flake.nix
index ab8dfbef..5c06e9d6 100644
--- a/dotfiles/flake.nix
+++ b/dotfiles/flake.nix
@@ -34,6 +34,8 @@
     home-manager,
     nixgl,
     ghostty,
+    deploy-rs,
+    self, 
     ...
   }:
   let
@@ -166,6 +168,42 @@
         inherit system pkgs;
         specialArgs = { inherit sys; };
       };
+      artificer = let 
+        sys = {
+          username = "admin";
+        };
+        system = "x86_64-linux";
+        pkgs = import inputs.nixpkgs {
+          inherit system;
+          config = { allowUnfreePredicate = (_: true); };
+        };
+      in nixpkgs.lib.nixosSystem {
+        modules = [
+          ./systems/artificer/configuration.nix
+        ];
+        inherit system pkgs;
+        specialArgs = { inherit sys; };
+      };
     };
+    deploy = {
+      nodes = {
+        artificer = {
+          hostname = "143.198.68.202";
+          profilesOrder = [ "system" ];
+          profiles.system = {
+            user = "root";
+            sshUser = "admin";
+            path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.artificer;
+          };
+        };
+      };
+      fastConnection = true;
+      interactiveSudo = false;
+      autoRollback = true;
+      magicRollback = true;
+      remoteBuild = true;
+      confirmTimeout = 60;
+    };
+    checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
   };
 }
diff --git a/dotfiles/systems/artificer/configuration.nix b/dotfiles/systems/artificer/configuration.nix
new file mode 100644
index 00000000..b1790e26
--- /dev/null
+++ b/dotfiles/systems/artificer/configuration.nix
@@ -0,0 +1,34 @@
+{ pkgs, sys, ... }: {
+  system.stateVersion = "24.11";
+  environment.systemPackages = with pkgs; [
+    git
+  ];
+  users.users."${sys.username}" = {
+    isNormalUser = true;
+    extraGroups = [ "networkmanager" "wheel" ];
+    description = "${sys.username}";
+    openssh.authorizedKeys.keys = let
+      authorizedKeys = pkgs.fetchurl {
+        url = "https://github.com/Jafner.keys";
+        sha256 = "1i3Vs6mPPl965g3sRmbXGzx6zQBs5geBCgNx2zfpjF4=";
+      }; in pkgs.lib.splitString "\n" (builtins.readFile authorizedKeys);
+  };
+  services.openssh = {
+    enable = true;
+    settings.PasswordAuthentication = false;
+    settings.KbdInteractiveAuthentication = false;
+  };
+  security.sudo = {
+    enable = true;
+    extraRules = [{
+      commands = [
+        {
+          command = "ALL";
+          options = [ "NOPASSWD" ];
+        }
+      ];
+      groups = [ "wheel" ];
+    }];
+  };
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+}
\ No newline at end of file
diff --git a/dotfiles/systems/artificer/docker.nix b/dotfiles/systems/artificer/docker.nix
new file mode 100644
index 00000000..7a029fdf
--- /dev/null
+++ b/dotfiles/systems/artificer/docker.nix
@@ -0,0 +1,9 @@
+{ pkgs, sys, ... }: {
+  virtualisation.docker = {
+    enable = true;
+    rootless.enable = true;
+    rootless.setSocketVariable = true;
+  };
+  users.users.${sys.username}.extraGroups = [ "docker" ];
+  environment.systemPackages = [ pkgs.docker-compose ];
+}
\ No newline at end of file