add deployment method: ssh

2025-08-10 13:18:44 +02:00 · 2025-08-10 13:18:44 +02:00 · ba3d3adf73
commit ba3d3adf73
parent a75442c940
2 changed files with 65 additions and 5 deletions
--- a/deployment/check/data-model/deployment.nix
+++ b/deployment/check/data-model/deployment.nix
@ -2,7 +2,7 @@
  inputs,
  # sources,
  lib,
-  # providers,
+  config,
  ...
 }:

@ -28,7 +28,20 @@ let
          {
            implementation = requests: {
              input = requests;
-              output = { };
+              output.ssh-host = {
+                ssh = {
+                  host = "localhost";
+                  username = "root";
+                  authentication.password = "password";
+                };
+                nixos-configuration =
+                  { ... }:
+                  {
+                    users.users = config.resources.shell.login-shell.apply (
+                      lib.filterAttrs (_name: value: value ? login-shell) requests
+                    );
+                  };
+              };
            };
          };
      };
--- a/deployment/data-model.nix
+++ b/deployment/data-model.nix
@ -6,12 +6,15 @@
 let
  inherit (lib) mkOption types;
  inherit (lib.types)
-    attrsOf
    attrTag
+    attrsOf
    deferredModuleWith
-    submodule
-    optionType
    functionTo
+    nullOr
+    optionType
+    raw
+    str
+    submodule
    ;

  functionType = import ./function.nix;
@ -25,7 +28,51 @@ let
      );
    };
  };
+  nixos-configuration = mkOption {
+    description = "A NixOS configuration.";
+    type = raw;
+  };
+  host-ssh = mkOption {
+    description = "SSH connection info to connect to a single host.";
+    type = submodule {
+      options = {
+        host = mkOption {
+          description = "the host to access by SSH";
+          type = str;
+        };
+        username = mkOption {
+          description = "the SSH user to use";
+          type = nullOr str;
+          default = null;
+        };
+        authentication = mkOption {
+          description = "authentication method";
+          type = attrTag {
+            private-key = mkOption {
+              description = "path to the user's SSH private key";
+              type = str;
+              example = "/root/.ssh/id_ed25519";
+            };
+            password = mkOption {
+              description = "SSH password";
+              # TODO: mark as sensitive
+              type = str;
+            };
+          };
+        };
+      };
+    };
+  };
  deployment = attrTag {
+    ssh-host = {
+      description = "A Terraform deployment by SSH to update a single existing NixOS host.";
+      type = submodule {
+        options = {
+          inherit nixos-configuration;
+          ssh = host-ssh;
+        };
+      };
+    };
  };
 in
 {