From b65a8daa8261980638918e82aecac049bd88832a Mon Sep 17 00:00:00 2001
From: Kiara Grouwstra <kiara@procolix.eu>
Date: Sun, 10 Aug 2025 13:18:44 +0200
Subject: [PATCH] add deployment method: ssh

---
 deployment/check/data-model/deployment.nix | 17 ++++++-
 deployment/data-model.nix                  | 53 ++++++++++++++++++++--
 2 files changed, 65 insertions(+), 5 deletions(-)

diff --git a/deployment/check/data-model/deployment.nix b/deployment/check/data-model/deployment.nix
index 2074edc0..135b9944 100644
--- a/deployment/check/data-model/deployment.nix
+++ b/deployment/check/data-model/deployment.nix
@@ -2,7 +2,7 @@
   inputs,
   # sources,
   lib,
-  # providers,
+  config,
   ...
 }:
 
@@ -28,7 +28,20 @@ let
           {
             implementation = requests: {
               input = requests;
-              output = { };
+              output.ssh-host = {
+                ssh = {
+                  host = "localhost";
+                  username = "root";
+                  authentication.password = "password";
+                };
+                nixos-configuration =
+                  { ... }:
+                  {
+                    users.users = config.resources.shell.login-shell.apply (
+                      lib.filterAttrs (_name: value: value ? login-shell) requests
+                    );
+                  };
+              };
             };
           };
       };
diff --git a/deployment/data-model.nix b/deployment/data-model.nix
index dd7ada19..230e18f1 100644
--- a/deployment/data-model.nix
+++ b/deployment/data-model.nix
@@ -6,12 +6,15 @@
 let
   inherit (lib) mkOption types;
   inherit (lib.types)
-    attrsOf
     attrTag
+    attrsOf
     deferredModuleWith
-    submodule
-    optionType
     functionTo
+    nullOr
+    optionType
+    raw
+    str
+    submodule
     ;
 
   functionType = import ./function.nix;
@@ -25,7 +28,51 @@ let
       );
     };
   };
+  nixos-configuration = mkOption {
+    description = "A NixOS configuration.";
+    type = raw;
+  };
+  host-ssh = mkOption {
+    description = "SSH connection info to connect to a single host.";
+    type = submodule {
+      options = {
+        host = mkOption {
+          description = "the host to access by SSH";
+          type = str;
+        };
+        username = mkOption {
+          description = "the SSH user to use";
+          type = nullOr str;
+          default = null;
+        };
+        authentication = mkOption {
+          description = "authentication method";
+          type = attrTag {
+            private-key = mkOption {
+              description = "path to the user's SSH private key";
+              type = str;
+              example = "/root/.ssh/id_ed25519";
+            };
+            password = mkOption {
+              description = "SSH password";
+              # TODO: mark as sensitive
+              type = str;
+            };
+          };
+        };
+      };
+    };
+  };
   deployment = attrTag {
+    ssh-host = {
+      description = "A Terraform deployment by SSH to update a single existing NixOS host.";
+      type = submodule {
+        options = {
+          inherit nixos-configuration;
+          ssh = host-ssh;
+        };
+      };
+    };
   };
 in
 {