refactor: split parts into pkgs, modules and overlays #164
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy | |
| on: | |
| workflow_dispatch: | |
| push: | |
| paths-ignore: | |
| - '.github/**' | |
| branches: | |
| - main | |
| concurrency: | |
| group: deploy | |
| cancel-in-progress: true | |
| jobs: | |
| deploy: | |
| strategy: | |
| matrix: | |
| include: | |
| - server: [email protected] | |
| system: kazuma | |
| sshKey: "kazuma.tie.rip ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDiWJmsj22woegXiWRA7GJ7guA/RHdksA1yBDpkgJ+dp" | |
| name: Deploy ${{ matrix.system }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Install nix | |
| uses: cachix/install-nix-action@V28 | |
| with: | |
| extra_nix_config: "extra-experimental-features = nix-command flakes" | |
| - name: Set up cachix | |
| uses: cachix/cachix-action@v15 | |
| with: | |
| name: tie-infra | |
| authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
| - name: Set up ssh-agent | |
| uses: webfactory/[email protected] | |
| with: | |
| ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} | |
| - name: Set up known hosts | |
| run: | | |
| echo "$sshKnownHostKey" >known_hosts | |
| env: | |
| sshKnownHostKey: ${{ matrix.sshKey }} | |
| - name: Build configuration | |
| run: | | |
| nix run nixpkgs#nixos-rebuild -- build --fast --flake "$installable" | |
| env: | |
| installable: "github:${{ github.repository }}/${{ github.sha }}#${{ matrix.system }}" | |
| # Yikes, GitHub does not support IPv6 in hosted runners. | |
| # See https://github.com/actions/runner-images/issues/668 | |
| - name: Set up IPv6 | |
| run: | | |
| curl https://pkg.cloudflareclient.com/pubkey.gpg | sudo gpg --yes --dearmor --output /usr/share/keyrings/cloudflare-warp-archive-keyring.gpg | |
| sudo tee /etc/apt/sources.list.d/cloudflare-client.list <<EOF | |
| deb [arch=amd64 signed-by=/usr/share/keyrings/cloudflare-warp-archive-keyring.gpg] https://pkg.cloudflareclient.com/ $(lsb_release -cs) main | |
| EOF | |
| sudo apt-get update | |
| sudo apt-get install -y cloudflare-warp | |
| warp-cli --accept-tos register | |
| warp-cli --accept-tos connect | |
| warp-cli --accept-tos enable-always-on | |
| sleep 1 && echo | |
| curl -i https://cloudflare.com/cdn-cgi/trace | |
| - name: Switch configuration | |
| run: | | |
| nix run nixpkgs#nixos-rebuild -- switch --fast --flake "$installable" --target-host "$target" --use-remote-sudo | |
| env: | |
| NIX_SSHOPTS: "-o CheckHostIP=no -o UserKnownHostsFile=known_hosts" | |
| installable: "github:${{ github.repository }}/${{ github.sha }}#${{ matrix.system }}" | |
| target: ${{ matrix.server }} |