# yamllint disable rule:line-length rule:truthy
---
name: deploy-rs
run-name: ${{ github.actor }} - deploy-rs
on:
workflow_dispatch:
push:
branches:
- main
paths:
- 'flake.lock'
env:
SSH_OPTS: "-q -A -o StrictHostKeyChecking=no"
TS_OPTS: "--login-server=https://headscale.sysctl.io --accept-routes --accept-dns --hostname forgejo-runner"
jobs:
deploy-rs:
runs-on: forgejo
container:
image: git.sysctl.io/albert/actions-images/nixos:latest
options: --mount type=bind,src=/dev/net/tun,dst=/dev/net/tun --privileged
steps:
- name: Add Gotify to Hosts
run: echo "100.64.0.5 gotify.sysctl.io" >> /etc/hosts
- name: Checkout repository
uses: actions/checkout@v4
- name: Install SSH Keys
run: |
echo "${{ secrets.SSH_PRIVATE_KEY }}" > /root/.ssh/id_ed25519
chmod 700 /root/.ssh
chmod 600 /root/.ssh/id_ed25519
- name: Start Tailscale Daemon
run: |
tailscaled --no-logs-no-support --state=mem: &
- name: Connect to Headscale Network
run: |
tailscale up ${{ env.TS_OPTS }} --authkey ${{ secrets.TAILSCALE_KEY }}
tailscale status
- name: Restart Linode DERP Relay - Osaka
run: ssh ${{ env.SSH_OPTS }} albert@osaka-linode-01.linode.hs.net "sudo systemctl restart podman-derp"
- name: Restart Linode DERP Relay - Frankfurt
run: ssh ${{ env.SSH_OPTS }} albert@frankfurt-linode-01.linode.hs.net "sudo systemctl restart podman-derp"
- name: Restart Linode DERP Relay - Milan
run: ssh ${{ env.SSH_OPTS }} albert@milan-linode-01.linode.hs.net "sudo systemctl restart podman-derp"
- name: nixos-version (Pre)
run: ssh ${{ env.SSH_OPTS }} albert@warsaw-ovh-01.servers.hs.net "nixos-version"
- name: deploy-rs
run: deploy -sd ${{github.workspace}}
- name: nixos-version (Post)
run: ssh ${{ env.SSH_OPTS }} lbert@warsaw-ovh-01.servers.hs.net "nixos-version"
- name: Send Notification
uses: actions/gotify-action@master
if: always()
with:
gotify_api_base: ${{ secrets.GOTIFY_URL }}
gotify_app_token: ${{ secrets.GOTIFY_TOKEN }}
notification_title: |
${{ github.workflow }}: ${{ job.status }}
notification_message: |
Repo: ${{ github.repository }}
Status: ${{ job.status }}
Commit: ${{ github.sha }}
steamdeck:
runs-on: forgejo
container:
image: git.sysctl.io/albert/actions-images/nixos:latest
options: --mount type=bind,src=/dev/net/tun,dst=/dev/net/tun --privileged
steps:
- name: Add Gotify to Hosts
run: echo "100.64.0.5 gotify.sysctl.io" >> /etc/hosts
- name: Install SSH Keys
run: |
echo "${{ secrets.SSH_PRIVATE_KEY }}" > /root/.ssh/id_ed25519
chmod 700 /root/.ssh
chmod 600 /root/.ssh/id_ed25519
- name: Start Tailscale Daemon
run: |
tailscaled --no-logs-no-support --state=mem: &
- name: Connect to Headscale Network
run: |
tailscale up ${{ env.TS_OPTS }} --authkey ${{ secrets.TAILSCALE_KEY }}
tailscale status
- name: Update Repository
run: ssh ${{ env.SSH_OPTS }} albert@steamdeck.albert.hs.net "git -C /etc/nixos/git pull"
- name: NixOS Version (Pre)
run: ssh ${{ env.SSH_OPTS }} albert@steamdeck.albert.hs.net "nixos-version"
- name: Update NixOS
run: ssh ${{ env.SSH_OPTS }} albert@steamdeck.albert.hs.net "sudo nixos-rebuild switch --flake /etc/nixos/git"
- name: Update Home Manager
run: ssh ${{ env.SSH_OPTS }} albert@steamdeck.albert.hs.net "home-manager switch -b backup --flake /etc/nixos/git"
- name: NixOS Version (Post)
run: ssh ${{ env.SSH_OPTS }} albert@steamdeck.albert.hs.net "nixos-version"
- name: Send Notification
uses: actions/gotify-action@master
if: always()
with:
gotify_api_base: ${{ secrets.GOTIFY_URL }}
gotify_app_token: ${{ secrets.GOTIFY_TOKEN }}
notification_title: |
${{ github.workflow }}: ${{ job.status }}
notification_message: |
Repo: ${{ github.repository }}
Status: ${{ job.status }}
Commit: ${{ github.sha }}