From b2d1876d7ea964ebf81e9513a5d80d608b4d5883 Mon Sep 17 00:00:00 2001 From: DerGrumpf Date: Tue, 23 Jun 2026 11:15:29 +0200 Subject: [PATCH 1/9] Added deploy workflow --- .gitea/workflows/deploy.yml | 66 +++++++++++++++++++++++++++++++++++++ home/packages.nix | 2 ++ 2 files changed, 68 insertions(+) create mode 100644 .gitea/workflows/deploy.yml diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml new file mode 100644 index 0000000..4ef4198 --- /dev/null +++ b/.gitea/workflows/deploy.yml @@ -0,0 +1,66 @@ +name: Deploy + +on: + workflow_run: + workflows: ["CI"] + types: + - completed + branches: ["main"] + +jobs: + deploy: + runs-on: nix + if: ${{ github.event.workflow_run.conclusion == 'success' }} + env: + NIXPKGS_ALLOW_UNFREE: "1" + steps: + - name: Checkout + run: git clone https://git.cyperpunk.de/DerGrumpf/cyper-nix.git . + + - name: Setup SSH key + run: | + mkdir -p ~/.ssh + echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519 + chmod 600 ~/.ssh/id_ed25519 + ssh-keyscan -H 192.168.2.2 192.168.2.40 192.168.2.30 192.168.2.31 >> ~/.ssh/known_hosts + ssh-keyscan -H proxy.cyperpunk.de >> ~/.ssh/known_hosts + + - name: Deploy cyper-controller + continue-on-error: true + run: | + nixos-rebuild switch --flake .#cyper-controller \ + --target-host phil@192.168.2.2 \ + --build-host localhost \ + --elevate=sudo + + - name: Deploy cyper-desktop + continue-on-error: true + run: | + nixos-rebuild switch --flake .#cyper-desktop \ + --target-host phil@192.168.2.40 \ + --build-host localhost \ + --elevate=sudo + + - name: Deploy cyper-proxy + continue-on-error: true + run: | + nixos-rebuild switch --flake .#cyper-proxy \ + --target-host phil@proxy.cyperpunk.de \ + --build-host localhost \ + --elevate=sudo + + - name: Deploy cyper-node-1 + continue-on-error: true + run: | + nixos-rebuild switch --flake .#cyper-node-1 \ + --target-host phil@192.168.2.30 \ + --build-host localhost \ + --elevate=sudo + + - name: Deploy cyper-node-2 + continue-on-error: true + run: | + nixos-rebuild switch --flake .#cyper-node-2 \ + --target-host phil@192.168.2.31 \ + --build-host localhost \ + --elevate=sudo diff --git a/home/packages.nix b/home/packages.nix index 3b65c80..929b10a 100644 --- a/home/packages.nix +++ b/home/packages.nix @@ -38,6 +38,8 @@ nix-index ncdu tty-solitaire + + cowsay ] ++ lib.optionals (!pkgs.stdenv.isDarwin) [ # dev tools From b4ee759957f45073d2ad0c12242ae0ca87c388ee Mon Sep 17 00:00:00 2001 From: DerGrumpf Date: Tue, 23 Jun 2026 11:22:28 +0200 Subject: [PATCH 2/9] Added openssh for deploy --- home/packages.nix | 2 -- nixos/roles/gitea.nix | 1 + 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/home/packages.nix b/home/packages.nix index 929b10a..3b65c80 100644 --- a/home/packages.nix +++ b/home/packages.nix @@ -38,8 +38,6 @@ nix-index ncdu tty-solitaire - - cowsay ] ++ lib.optionals (!pkgs.stdenv.isDarwin) [ # dev tools diff --git a/nixos/roles/gitea.nix b/nixos/roles/gitea.nix index 0849ae6..78867a2 100644 --- a/nixos/roles/gitea.nix +++ b/nixos/roles/gitea.nix @@ -221,6 +221,7 @@ in nodejs wget nix + openssh ]; }; }; From fc4fba565d67d695c3be6641b860d79a4ad058cd Mon Sep 17 00:00:00 2001 From: DerGrumpf Date: Tue, 23 Jun 2026 11:54:44 +0200 Subject: [PATCH 3/9] Fix Deploy workflow --- .gitea/workflows/deploy.yml | 3 ++- nixos/roles/gitea.nix | 7 +++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index 4ef4198..f4e6a30 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -22,7 +22,8 @@ jobs: mkdir -p ~/.ssh echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519 chmod 600 ~/.ssh/id_ed25519 - ssh-keyscan -H 192.168.2.2 192.168.2.40 192.168.2.30 192.168.2.31 >> ~/.ssh/known_hosts + echo "StrictHostKeyChecking no" >> ~/.ssh/config + ssh-keyscan -H 192.168.2.2 192.168.2.40 192.168.2.30 192.168.2.31 localhost >> ~/.ssh/known_hosts ssh-keyscan -H proxy.cyperpunk.de >> ~/.ssh/known_hosts - name: Deploy cyper-controller diff --git a/nixos/roles/gitea.nix b/nixos/roles/gitea.nix index 78867a2..dcef99e 100644 --- a/nixos/roles/gitea.nix +++ b/nixos/roles/gitea.nix @@ -222,7 +222,14 @@ in wget nix openssh + nixos-rebuild ]; + + settings = { + runner.env_vars = { + PATH = "/run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin"; + }; + }; }; }; From cf0364d37e10a1adc539618caa4623a56f1365b3 Mon Sep 17 00:00:00 2001 From: DerGrumpf Date: Tue, 23 Jun 2026 12:03:24 +0200 Subject: [PATCH 4/9] Fix Deploy workflow --- .gitea/workflows/deploy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index f4e6a30..f4bbe16 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -13,6 +13,7 @@ jobs: if: ${{ github.event.workflow_run.conclusion == 'success' }} env: NIXPKGS_ALLOW_UNFREE: "1" + HOME: /var/lib/gitea-runner steps: - name: Checkout run: git clone https://git.cyperpunk.de/DerGrumpf/cyper-nix.git . From fd6e4e37e15e8ab258a00bd054e861eef124c276 Mon Sep 17 00:00:00 2001 From: DerGrumpf Date: Tue, 23 Jun 2026 12:13:24 +0200 Subject: [PATCH 5/9] Fix Deploy workflow --- .gitea/workflows/deploy.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index f4bbe16..07580a3 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -14,6 +14,7 @@ jobs: env: NIXPKGS_ALLOW_UNFREE: "1" HOME: /var/lib/gitea-runner + NIX_SSHOPTS: "-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i /var/lib/gitea-runner/.ssh/id_ed25519" steps: - name: Checkout run: git clone https://git.cyperpunk.de/DerGrumpf/cyper-nix.git . @@ -23,12 +24,8 @@ jobs: mkdir -p ~/.ssh echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519 chmod 600 ~/.ssh/id_ed25519 - echo "StrictHostKeyChecking no" >> ~/.ssh/config - ssh-keyscan -H 192.168.2.2 192.168.2.40 192.168.2.30 192.168.2.31 localhost >> ~/.ssh/known_hosts - ssh-keyscan -H proxy.cyperpunk.de >> ~/.ssh/known_hosts - name: Deploy cyper-controller - continue-on-error: true run: | nixos-rebuild switch --flake .#cyper-controller \ --target-host phil@192.168.2.2 \ @@ -44,7 +41,6 @@ jobs: --elevate=sudo - name: Deploy cyper-proxy - continue-on-error: true run: | nixos-rebuild switch --flake .#cyper-proxy \ --target-host phil@proxy.cyperpunk.de \ From 46c32ada335166f686840fc51bd88ba6bc42ec2a Mon Sep 17 00:00:00 2001 From: DerGrumpf Date: Tue, 23 Jun 2026 12:22:19 +0200 Subject: [PATCH 6/9] Fix Deploy workflow --- .gitea/workflows/deploy.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index 07580a3..302efb7 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -29,7 +29,6 @@ jobs: run: | nixos-rebuild switch --flake .#cyper-controller \ --target-host phil@192.168.2.2 \ - --build-host localhost \ --elevate=sudo - name: Deploy cyper-desktop @@ -37,14 +36,12 @@ jobs: run: | nixos-rebuild switch --flake .#cyper-desktop \ --target-host phil@192.168.2.40 \ - --build-host localhost \ --elevate=sudo - name: Deploy cyper-proxy run: | nixos-rebuild switch --flake .#cyper-proxy \ --target-host phil@proxy.cyperpunk.de \ - --build-host localhost \ --elevate=sudo - name: Deploy cyper-node-1 @@ -52,7 +49,6 @@ jobs: run: | nixos-rebuild switch --flake .#cyper-node-1 \ --target-host phil@192.168.2.30 \ - --build-host localhost \ --elevate=sudo - name: Deploy cyper-node-2 @@ -60,5 +56,4 @@ jobs: run: | nixos-rebuild switch --flake .#cyper-node-2 \ --target-host phil@192.168.2.31 \ - --build-host localhost \ --elevate=sudo From ecfccf757e01d8b32b7a7ef21e015efd879ee320 Mon Sep 17 00:00:00 2001 From: DerGrumpf Date: Tue, 23 Jun 2026 12:29:46 +0200 Subject: [PATCH 7/9] Add cowsay to test deploy --- home/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/packages.nix b/home/packages.nix index 3b65c80..672e374 100644 --- a/home/packages.nix +++ b/home/packages.nix @@ -38,6 +38,7 @@ nix-index ncdu tty-solitaire + cowsay ] ++ lib.optionals (!pkgs.stdenv.isDarwin) [ # dev tools From 82e7a5bf943ab6696c7f05f5cc26c3726e6a4d99 Mon Sep 17 00:00:00 2001 From: DerGrumpf Date: Tue, 23 Jun 2026 16:00:20 +0200 Subject: [PATCH 8/9] Removed cowsay to test deploy --- home/packages.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/home/packages.nix b/home/packages.nix index 672e374..3b65c80 100644 --- a/home/packages.nix +++ b/home/packages.nix @@ -38,7 +38,6 @@ nix-index ncdu tty-solitaire - cowsay ] ++ lib.optionals (!pkgs.stdenv.isDarwin) [ # dev tools From 8e6aca0b89393e4143062c5d06fd4f26ce63edcc Mon Sep 17 00:00:00 2001 From: DerGrumpf Date: Tue, 23 Jun 2026 16:38:28 +0200 Subject: [PATCH 9/9] Enchaned Release --- .gitea/workflows/release.yml | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml index 2f08b36..c0166f4 100644 --- a/.gitea/workflows/release.yml +++ b/.gitea/workflows/release.yml @@ -16,13 +16,20 @@ jobs: - name: Checkout run: git clone https://git.cyperpunk.de/DerGrumpf/cyper-nix.git . - - name: Build ISOs - run: | - nix build .#packages.x86_64-linux.cyper-desktop-iso --out-link result-desktop - nix build .#packages.x86_64-linux.cyper-controller-iso --out-link result-controller - nix build .#packages.x86_64-linux.cyper-proxy-iso --out-link result-proxy - nix build .#packages.x86_64-linux.cyper-node-1-iso --out-link result-node-1 - nix build .#packages.x86_64-linux.cyper-node-2-iso --out-link result-node-2 + - name: Build Cyper-Desktop + run: nix build .#packages.x86_64-linux.cyper-desktop-iso --out-link result-desktop + + - name: Build Cyper-Controller + run: nix build .#packages.x86_64-linux.cyper-controller-iso --out-link result-controller + + - name: Build Cyper-Proxy + run: nix build .#packages.x86_64-linux.cyper-proxy-iso --out-link result-proxy + + - name: Build Cyper-Node-1 + run: nix build .#packages.x86_64-linux.cyper-node-1-iso --out-link result-node-1 + + - name: Build Cyper-Node-2 + run: nix build .#packages.x86_64-linux.cyper-node-2-iso --out-link result-node-2 - name: Create release and upload ISOs run: |