Added openssh for deploy

Added deploy workflow
Merge branch 'main' of ssh://git.cyperpunk.de:12222/DerGrumpf/cyper-nix
2026-06-23 11:22:28 +02:00 · 2026-06-23 11:15:29 +02:00 · 2026-06-23 10:33:24 +02:00 · 2026-06-23 10:33:18 +02:00 · 2026-06-23 10:32:52 +02:00
4 changed files with 77 additions and 4 deletions
@@ -0,0 +1,66 @@
+name: Deploy
+
+on:
+  workflow_run:
+    workflows: ["CI"]
+    types:
+      - completed
+    branches: ["main"]
+
+jobs:
+  deploy:
+    runs-on: nix
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    env:
+      NIXPKGS_ALLOW_UNFREE: "1"
+    steps:
+      - name: Checkout
+        run: git clone https://git.cyperpunk.de/DerGrumpf/cyper-nix.git .
+
+      - name: Setup SSH key
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+          ssh-keyscan -H 192.168.2.2 192.168.2.40 192.168.2.30 192.168.2.31 >> ~/.ssh/known_hosts
+          ssh-keyscan -H proxy.cyperpunk.de >> ~/.ssh/known_hosts
+
+      - name: Deploy cyper-controller
+        continue-on-error: true
+        run: |
+          nixos-rebuild switch --flake .#cyper-controller \
+            --target-host phil@192.168.2.2 \
+            --build-host localhost \
+            --elevate=sudo
+
+      - name: Deploy cyper-desktop
+        continue-on-error: true
+        run: |
+          nixos-rebuild switch --flake .#cyper-desktop \
+            --target-host phil@192.168.2.40 \
+            --build-host localhost \
+            --elevate=sudo
+
+      - name: Deploy cyper-proxy
+        continue-on-error: true
+        run: |
+          nixos-rebuild switch --flake .#cyper-proxy \
+            --target-host phil@proxy.cyperpunk.de \
+            --build-host localhost \
+            --elevate=sudo
+
+      - name: Deploy cyper-node-1
+        continue-on-error: true
+        run: |
+          nixos-rebuild switch --flake .#cyper-node-1 \
+            --target-host phil@192.168.2.30 \
+            --build-host localhost \
+            --elevate=sudo
+
+      - name: Deploy cyper-node-2
+        continue-on-error: true
+        run: |
+          nixos-rebuild switch --flake .#cyper-node-2 \
+            --target-host phil@192.168.2.31 \
+            --build-host localhost \
+            --elevate=sudo
@@ -221,6 +221,7 @@ in
        nodejs
        wget
        nix
+        openssh
      ];
    };
  };
@@ -64,7 +64,7 @@ in
      # controller services (proxied to upstream tailscale node)
      "git.cyperpunk.de" = (mkProxy 9000) // {
        extraConfig = ''
-          client_max_body_size 500m;
+          client_max_body_size 8192m;
        '';
      };
      "search.cyperpunk.de" = mkProxy 11080;
@@ -10,8 +10,14 @@
  };
  users.users.${primaryUser}.openssh.authorizedKeys.keyFiles = [ ../secrets/ssh-key ];
  programs.ssh.startAgent = true;
-  security.doas = {
-    enable = true;
-    wheelNeedsPassword = false;
+  security = {
+    sudo = {
+      enable = true;
+      wheelNeedsPassword = false;
+    };
+    doas = {
+      enable = true;
+      wheelNeedsPassword = false;
+    };
  };
 }
Author	SHA1	Message	Date
DerGrumpf	b4ee759957	Added openssh for deploy CI / check (push) Successful in 3m53s Details	2026-06-23 11:22:28 +02:00
DerGrumpf	b2d1876d7e	Added deploy workflow CI / check (push) Successful in 4m25s Details	2026-06-23 11:15:29 +02:00
DerGrumpf	72235282af	Merge branch 'main' of ssh://git.cyperpunk.de:12222/DerGrumpf/cyper-nix CI / check (push) Successful in 3m58s Details	2026-06-23 10:33:24 +02:00
DerGrumpf	065567d44a	Enabled doas	2026-06-23 10:33:18 +02:00
DerGrumpf	811546a64c	Increased Nginx upload limit CI / check (push) Successful in 4m1s Details	2026-06-23 10:32:52 +02:00