diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml new file mode 100644 index 0000000..a4147d8 --- /dev/null +++ b/.gitea/workflows/deploy.yml @@ -0,0 +1,51 @@ +name: Build and Deploy Desktop +on: + push: + branches: [main] + +jobs: + deploy: + runs-on: nix + steps: + - uses: https://github.com/actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Unlock git-crypt + run: | + git-crypt unlock /run/agenix/git-crypt-key-dotfiles + + - name: Build NixOS configuration (yarn) + run: | + nix build .#nixosConfigurations.yarn.config.system.build.toplevel -L + + - name: Deploy to desktop + run: | + eval $(ssh-agent -s) + ssh-add /run/agenix/ci-deploy-key + if ssh -i /run/agenix/ci-deploy-key -o StrictHostKeyChecking=no -o ConnectTimeout=10 root@desktop "echo reachable" 2>/dev/null; then + nix run github:serokell/deploy-rs -- .#yarn --ssh-opts="-o StrictHostKeyChecking=no" + echo "Deploy to desktop succeeded" + else + echo "Desktop unreachable - skipping deploy. Build succeeded." + fi + + - name: Notify success + if: success() + run: | + curl -sf -X POST \ + "https://ntfy.sigkill.computer/deployments" \ + -H "Title: [yarn] Build succeeded" \ + -H "Priority: default" \ + -H "Tags: white_check_mark" \ + -d "dotfiles built from commit ${GITHUB_SHA::8}" + + - name: Notify failure + if: failure() + run: | + curl -sf -X POST \ + "https://ntfy.sigkill.computer/deployments" \ + -H "Title: [yarn] Build FAILED" \ + -H "Priority: urgent" \ + -H "Tags: rotating_light" \ + -d "dotfiles build failed at commit ${GITHUB_SHA::8}" diff --git a/system/system-yarn.nix b/system/system-yarn.nix index 40bbc33..549ddb7 100644 --- a/system/system-yarn.nix +++ b/system/system-yarn.nix @@ -64,6 +64,7 @@ users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4jL6gYOunUlUtPvGdML0cpbKSsPNqQ1jit4E7U1RyH" # laptop + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC5ZYN6idL/w/mUIfPOH1i+Q/SQXuzAMQUEuWpipx1Pc ci-deploy@muffin" ]; programs.steam = {