# Required Gitea Actions secrets:
#   SSH_PRIVATE_KEY - Private key for SSH
#   DEPLOY_HOST     - Target server IP address
#   DEPLOY_USER     - SSH user on the target server
#   FLAKE_TARGET    - NixOS flake target name

name: Deploy NixOS

on:
  push:
    branches:
      - main

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Configure SSH
        run: |
          mkdir -p ~/.ssh
          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519
          cat >> ~/.ssh/config << EOF
          Host deploy-target
            HostName ${{ secrets.DEPLOY_HOST }}
            User ${{ secrets.DEPLOY_USER }}
            StrictHostKeyChecking no
            UserKnownHostsFile /dev/null
            IdentityFile ~/.ssh/id_ed25519
          EOF
          chmod 600 ~/.ssh/config

      - name: Deploy
        run: |
          REPO_URL="${{ github.server_url }}/${{ github.repository }}.git"
          ssh deploy-target "rm -rf /tmp/nixos-config && git clone $REPO_URL /tmp/nixos-config && nixos-rebuild switch --flake /tmp/nixos-config#${{ secrets.FLAKE_TARGET }} && rm -rf /tmp/nixos-config"