name: update-steamdeck
run-name: ${{ github.actor }} - update-steamdeck
on:
  schedule:
    - cron: '0 2 * * 1'
    # “At 02:00 Monday"

jobs:
  deploy-rs:
    runs-on: ubuntu
    container: 
      image: ubuntu:23.10
      options: --mount type=bind,src=/dev/net/tun,dst=/dev/net/tun --privileged
    steps:
    - name: "Runner: Info"
      run: |
        set -x
        pwd
        ls -lah 
        id
        uname -a
        hostname
        cat /etc/os-release
        whoami
        id
        cat /etc/resolv.conf

    - name:  "Setup: Runner"
      run: |
        apt update -y
        apt install git nodejs nix-bin sudo sudo curl -y
        git config --global user.email "${{github.actor}}"
        git config --global user.name "Forgejo Runner"
        echo "100.64.0.14 gotify.sysctl.io" >> /etc/hosts

    - name: "Setup:  Tailscale Repo"
      run: | 
        mkdir -p --mode=0755 /usr/share/keyrings
        curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/lunar.noarmor.gpg | sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
        curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/lunar.tailscale-keyring.list | sudo tee /etc/apt/sources.list.d/tailscale.list
        apt update -y
        apt install tailscale -y
   
    - name:  "Setup: SSH"
      run: |
        rm -rf /root/.ssh 
        mkdir /root/.ssh
        echo "${{ secrets.SSH_PUBLIC_KEY }}"  > /root/.ssh/id_ed25519.pub 
        echo "${{ secrets.SSH_PRIVATE_KEY }}" > /root/.ssh/id_ed25519
        chmod 700 /root/.ssh
        chmod 600 /root/.ssh/id_ed25519 
        chmod 644 /root/.ssh/id_ed25519.pub
        echo "Public Key:  "
        cat /root/.ssh/id_ed25519.pub

    - name: "Setup:  Headscale Network"
      run: | 
        echo "tailscaled --cleanup"
        sudo tailscaled --cleanup
        echo ""
        echo "tailscaled --state=mem 2> ~/tailscaled.log &"
        sudo tailscaled --state=mem: 2> ~/tailscaled.log &
        echo ""
        echo "tailscale up"
        sudo tailscale up \
            --login-server=https://headscale.sysctl.io \
            --accept-routes \
            --accept-dns \
            --authkey ${{ secrets.TAILSCALE_KEY }}  \
            --hostname forgejo-runner \
            --advertise-tags "tag:forgejo,tag:container,tag:ephemeral"
        sudo tailscale status 
        sudo tailscale netcheck

    - name: "nixos-version (Pre)"
      run: |  
        ssh -q -A -o StrictHostKeyChecking=no albert@steamdeck \
            "
            nixos-version
            "

    - name: "SSH and Deploy"
      run: |  
        ssh -o StrictHostKeyChecking=no albert@steamdeck \
            "
            set -x 
            source ~/.config/fish/config.fish
            cd /etc/nixos/git
            git pull
            sudo nixos-rebuild switch --flake /etc/nixos/git 
            home-manager switch -b backup --flake /etc/nixos/git
            "

    - name: "nixos-version (Post)"
      run: |  
        ssh -q -A -o StrictHostKeyChecking=no albert@steamdeck \
            "
            nixos-version
            "
        tailscale down

    - if: success()
      uses:  https://git.sysctl.io/actions/gotify-action@master
      with:
        gotify_api_base: '${{ secrets.GOTIFY_URL }}'
        gotify_app_token: '${{ secrets.GOTIFY_TOKEN }}'
        notification_title: '[ ${{ github.repository }}: ${{ github.workflow }} ] Steam Deck Updated'
        notification_message: 'Deployment completed successfully.'
      name:  "Send Notification - Success"
    - if: failure()
      uses:  https://git.sysctl.io/actions/gotify-action@master
      with:
        gotify_api_base: '${{ secrets.GOTIFY_URL }}'
        gotify_app_token: '${{ secrets.GOTIFY_TOKEN }}'
        notification_title: '[ ${{ github.repository }}: ${{ github.workflow }} ] Deployment Failed'
        notification_message: 'Your deployment has failed.  Check Forgejo.'
      name:  "Send Notification - Failure"