37 lines
1.1 KiB
YAML
37 lines
1.1 KiB
YAML
# Required Gitea Actions secrets:
|
|
# SSH_PRIVATE_KEY - Private key for SSH
|
|
# DEPLOY_HOST - Target server IP address
|
|
# DEPLOY_USER - SSH user on the target server
|
|
# FLAKE_TARGET - NixOS flake target name
|
|
|
|
name: Deploy NixOS
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
|
|
jobs:
|
|
deploy:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Configure SSH
|
|
run: |
|
|
mkdir -p ~/.ssh
|
|
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
|
|
chmod 600 ~/.ssh/id_ed25519
|
|
cat >> ~/.ssh/config << EOF
|
|
Host deploy-target
|
|
HostName ${{ secrets.DEPLOY_HOST }}
|
|
User ${{ secrets.DEPLOY_USER }}
|
|
StrictHostKeyChecking no
|
|
UserKnownHostsFile /dev/null
|
|
IdentityFile ~/.ssh/id_ed25519
|
|
EOF
|
|
chmod 600 ~/.ssh/config
|
|
|
|
- name: Deploy
|
|
run: |
|
|
REPO_URL="${{ github.server_url }}/${{ github.repository }}.git"
|
|
ssh deploy-target "rm -rf /tmp/nixos-config && git clone $REPO_URL /tmp/nixos-config && nixos-rebuild switch --flake /tmp/nixos-config#${{ secrets.FLAKE_TARGET }} && rm -rf /tmp/nixos-config"
|