Add navi deployment module and integrate SSH inventory for remote management

- Introduced a new `navi` module for managing deployments across multiple hosts. - Enhanced SSH inventory management to support public key application for authorized hosts. - Configured system deployment builder for seamless integration with Navi. - Updated various host configurations to enable deployment capabilities and streamline SSH access.
2026-06-04 16:51:30 -03:00
parent 403cf2fde5
commit 2a911b057b
11 changed files with 585 additions and 44 deletions
@@ -0,0 +1,33 @@
+# Build a raw Navi hive attrset from host specs + deployment targets.
+# Call `inputs.navi.lib.makeHive` on the result to produce `flake.naviHive`.
+{ lib, inputs, ... }: {
+  flake.lib.mkNaviHiveConfig =
+    {
+      metaNixpkgs,
+      hostSpecs,
+      deployments,
+    }:
+    let
+      deployNodes = lib.filterAttrs (name: _: deployments ? ${name}) hostSpecs;
+    in
+    {
+      meta = {
+        nixpkgs = metaNixpkgs;
+        nodeNixpkgs = lib.mapAttrs (
+          name: spec:
+          import inputs.nixpkgs {
+            system = spec.system;
+          }
+        ) deployNodes;
+        nodeSpecialArgs = lib.mapAttrs (_: spec: spec.specialArgs) deployNodes;
+        allowApplyAll = false;
+      };
+    }
+    //     lib.mapAttrs (
+      name: spec:
+      {
+        imports = spec.modules or [ spec.configuration ];
+        deployment = deployments.${name};
+      }
+    ) deployNodes;
+}
@@ -60,10 +60,17 @@
            (builtins.attrNames selectedHosts)
        );

-      # Must come before inventory `Host` blocks and before `Host *`: LAN Gitea SSH is not a catalog PC,
-      # and `Host *` sets `IdentityAgent none` — without this, git@nix-server never sees rbw keys.
+      # Gitea git-over-SSH listens on port 222. System SSH (nix deploy, server@…) uses port 22
+      # via the catalog `nix-server` Host block — never list nix-server or 192.168.2.238 here.
      giteaSshBlock = identityAgent: ''
-        Host git.chiasson.cloud gitea nix-server 192.168.2.238
+        Host git.chiasson.cloud gitea
+          HostName 192.168.2.238
+          Port 222
+          User git
+          IdentityAgent ${identityAgent}
+          IdentitiesOnly no
+
+        Match host nix-server,192.168.2.238 user git
          HostName 192.168.2.238
          Port 222
          User git
@@ -84,11 +91,16 @@
                entry = selectedHosts.${hostName};
                hostPatterns = builtins.concatStringsSep " " (entry.aliases ++ [ entry.hostName ]);
                userLine = if user == null then "" else "  User ${user}\n";
+                portLine =
+                  if hostName == "nix-server" then
+                    "  Port 22\n"
+                  else
+                    "";
              in
              ''
                Host ${hostPatterns}
                  HostName ${entry.hostName}
-${userLine}              IdentityFile ~/${mkIdentityFileName hostName}
+${userLine}${portLine}                  IdentityFile ~/${mkIdentityFileName hostName}
                  IdentityAgent ${identityAgent}
                  IdentitiesOnly yes
              '')