commit 1ec3cbe44d262e0d441bcac27bb221b6c6a2a72f
Author: Atridad Lahiji <me@atri.dad>
Date:   Wed Feb 11 23:03:20 2026 -0700

    Add nix.yml

diff --git a/nix.yml b/nix.yml
new file mode 100644
index 0000000..4d7b164
--- /dev/null
+++ b/nix.yml
@@ -0,0 +1,35 @@
+# Required Gitea Actions secrets:
+#   SSH_PRIVATE_KEY - Private key for SSH authentication
+#   DEPLOY_HOST     - Target server IP address (e.g. 144.217.160.198)
+#   DEPLOY_USER     - SSH user on the target server (e.g. root)
+
+name: Deploy Haschel
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Configure SSH
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+          cat >> ~/.ssh/config << EOF
+          Host haschel
+            HostName ${{ secrets.DEPLOY_HOST }}
+            User ${{ secrets.DEPLOY_USER }}
+            StrictHostKeyChecking no
+            UserKnownHostsFile /dev/null
+            IdentityFile ~/.ssh/id_ed25519
+          EOF
+          chmod 600 ~/.ssh/config
+
+      - name: Deploy
+        run: |
+          REPO_URL="${{ github.server_url }}/${{ github.repository }}.git"
+          ssh haschel "rm -rf /tmp/nixos-config && git clone $REPO_URL /tmp/nixos-config && nixos-rebuild switch --flake /tmp/nixos-config#haschel && rm -rf /tmp/nixos-config"