Enable automatic deployment for nki-personal-do (#3)
This commit is contained in:
parent
2e2fb79004
commit
d162925be3
GPG key ID:
7306B3D3C3AD6E51
46
.github/workflows/deploy.yml
vendored
Normal file
46
.github/workflows/deploy.yml
vendored
Normal file
|
|
@ -0,0 +1,46 @@
|
||||||
|
name: "Deploy to nki-personal"
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- master
|
||||||
|
pull_request:
|
||||||
|
branches:
|
||||||
|
- master
|
||||||
|
types:
|
||||||
|
- opened
|
||||||
|
- synchronize
|
||||||
|
- reopened
|
||||||
|
- labeled
|
||||||
|
jobs:
|
||||||
|
deploy:
|
||||||
|
if: "github.event.name == 'push' || contains(github.event.pull_request.labels.*.name, 'Deploy')"
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
name: Deploy
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v2.3.4
|
||||||
|
- name: Add SSH key
|
||||||
|
env:
|
||||||
|
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
|
||||||
|
run: |
|
||||||
|
mkdir -p /home/runner/.ssh
|
||||||
|
echo "${{ secrets.SSH_KEY }}" > /home/runner/.ssh/github_actions
|
||||||
|
echo "${{ secrets.NIX_DEPLOY_SSH_KEY }}" > /home/runner/.ssh/nix_deploy_key
|
||||||
|
chmod 600 /home/runner/.ssh/*
|
||||||
|
ssh-agent -a $SSH_AUTH_SOCK > /dev/null
|
||||||
|
ssh-add /home/runner/.ssh/*
|
||||||
|
ssh-keyscan ${{ secrets.INSTANCE_IP }} >> /home/runner/.ssh/known_hosts
|
||||||
|
- uses: cachix/install-nix-action@v14.1
|
||||||
|
with:
|
||||||
|
extra_nix_config: |
|
||||||
|
experimental-features = nix-command flakes
|
||||||
|
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
|
||||||
|
- uses: actions/cache@v2
|
||||||
|
with:
|
||||||
|
path: |
|
||||||
|
/nix/store
|
||||||
|
key: ${{ runner.os }}-${{ hashFiles('flake.lock') }}
|
||||||
|
- name: Deploy with deploy-rs
|
||||||
|
env:
|
||||||
|
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
|
||||||
|
run: |
|
||||||
|
nix run -L github:Serokell/deploy-rs . -- --hostname ${{ secrets.INSTANCE_IP }} -- -L
|
||||||
16
flake.lock
16
flake.lock
|
|
@ -329,10 +329,26 @@
|
||||||
"nixpkgs-unstable": "nixpkgs-unstable",
|
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||||
"nur": "nur",
|
"nur": "nur",
|
||||||
"rnix-lsp": "rnix-lsp",
|
"rnix-lsp": "rnix-lsp",
|
||||||
|
"secrets": "secrets",
|
||||||
"sops-nix": "sops-nix",
|
"sops-nix": "sops-nix",
|
||||||
"youmubot": "youmubot"
|
"youmubot": "youmubot"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"secrets": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1635971132,
|
||||||
|
"narHash": "sha256-w5QAlp+RmVFh3E9Kb79eX+QvcV/jTGPy/y4REGswzy8=",
|
||||||
|
"ref": "master",
|
||||||
|
"rev": "9183da438dffec97148a1a7e6ec3462fa372ffe8",
|
||||||
|
"revCount": 1,
|
||||||
|
"type": "git",
|
||||||
|
"url": "ssh://git@github.com/natsukagami/nix-deploy-secrets"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"type": "git",
|
||||||
|
"url": "ssh://git@github.com/natsukagami/nix-deploy-secrets"
|
||||||
|
}
|
||||||
|
},
|
||||||
"sops-nix": {
|
"sops-nix": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": "nixpkgs_6"
|
"nixpkgs": "nixpkgs_6"
|
||||||
|
|
|
||||||
|
|
@ -19,6 +19,10 @@
|
||||||
rnix-lsp.inputs.naersk.follows = "naersk";
|
rnix-lsp.inputs.naersk.follows = "naersk";
|
||||||
rnix-lsp.inputs.nixpkgs.follows = "nixpkgs-unstable";
|
rnix-lsp.inputs.nixpkgs.follows = "nixpkgs-unstable";
|
||||||
youmubot.url = "github:natsukagami/youmubot";
|
youmubot.url = "github:natsukagami/youmubot";
|
||||||
|
|
||||||
|
# ---
|
||||||
|
# DEPLOYMENT ONLY! secrets
|
||||||
|
secrets.url = "git+ssh://git@github.com/natsukagami/nix-deploy-secrets";
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = { self, darwin, nixpkgs, nixpkgs-unstable, home-manager-unstable, home-manager-21_05, deploy-rs, sops-nix, nur, ... }@inputs:
|
outputs = { self, darwin, nixpkgs, nixpkgs-unstable, home-manager-unstable, home-manager-21_05, deploy-rs, sops-nix, nur, ... }@inputs:
|
||||||
|
|
@ -66,6 +70,7 @@
|
||||||
inputs.youmubot.nixosModule.x86_64-linux
|
inputs.youmubot.nixosModule.x86_64-linux
|
||||||
sops-nix.nixosModules.sops
|
sops-nix.nixosModules.sops
|
||||||
./nki-personal-do/configuration.nix
|
./nki-personal-do/configuration.nix
|
||||||
|
inputs.secrets.nixosModules.x86_64-linux.nki-personal-do
|
||||||
(overlayForSystem "x86_64-linux")
|
(overlayForSystem "x86_64-linux")
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -19,7 +19,7 @@ let
|
||||||
inherit src;
|
inherit src;
|
||||||
outputHash = (
|
outputHash = (
|
||||||
if pkgs.stdenv.isDarwin
|
if pkgs.stdenv.isDarwin
|
||||||
then "sha256-BStdH1TunzVMOgI1UfhYSfgqPqgqdxpYHtt4DuNXOuY="
|
then "sha256-U5hiEak47Dd/R7II6d+0/n3ZmT1ryDk4S+/lV2cH6HM="
|
||||||
else "0ywb9489jrb5lsycxlxzrj2khkcjhvzxbb0ckbpwwvg11r4ds240"
|
else "0ywb9489jrb5lsycxlxzrj2khkcjhvzxbb0ckbpwwvg11r4ds240"
|
||||||
);
|
);
|
||||||
});
|
});
|
||||||
|
|
|
||||||
|
|
@ -66,7 +66,7 @@ map global normal D ": delete-one<ret>"
|
||||||
hook global InsertChar \t %{ exec -draft -itersel h@ }
|
hook global InsertChar \t %{ exec -draft -itersel h@ }
|
||||||
set global tabstop 4
|
set global tabstop 4
|
||||||
set global indentwidth 4
|
set global indentwidth 4
|
||||||
hook global WinSetOption filetype=(c|cpp|haskell|nix) %{
|
hook global WinSetOption filetype=(c|cpp|haskell|nix|yaml) %{
|
||||||
set global tabstop 2
|
set global tabstop 2
|
||||||
set global indentwidth 2
|
set global indentwidth 2
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,6 @@
|
||||||
{ pkgs, config, ... }: {
|
{ pkgs, config, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
./networking.nix # generated at runtime by nixos-infect
|
|
||||||
|
|
||||||
# Set up cloud
|
# Set up cloud
|
||||||
../modules/cloud/postgresql
|
../modules/cloud/postgresql
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue