Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 DerGrumpf
|
5222077eac |
@@ -1,67 +0,0 @@
|
||||
name: Deploy
|
||||
|
||||
on:
|
||||
workflow_run:
|
||||
workflows: ["CI"]
|
||||
types:
|
||||
- completed
|
||||
branches: ["main"]
|
||||
|
||||
jobs:
|
||||
deploy:
|
||||
runs-on: nix
|
||||
if: ${{ github.event.workflow_run.conclusion == 'success' }}
|
||||
env:
|
||||
NIXPKGS_ALLOW_UNFREE: "1"
|
||||
steps:
|
||||
- name: Checkout
|
||||
run: git clone https://git.cyperpunk.de/DerGrumpf/cyper-nix.git .
|
||||
|
||||
- name: Setup SSH key
|
||||
run: |
|
||||
mkdir -p ~/.ssh
|
||||
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
|
||||
chmod 600 ~/.ssh/id_ed25519
|
||||
echo "StrictHostKeyChecking no" >> ~/.ssh/config
|
||||
ssh-keyscan -H 192.168.2.2 192.168.2.40 192.168.2.30 192.168.2.31 localhost >> ~/.ssh/known_hosts
|
||||
ssh-keyscan -H proxy.cyperpunk.de >> ~/.ssh/known_hosts
|
||||
|
||||
- name: Deploy cyper-controller
|
||||
continue-on-error: true
|
||||
run: |
|
||||
nixos-rebuild switch --flake .#cyper-controller \
|
||||
--target-host phil@192.168.2.2 \
|
||||
--build-host localhost \
|
||||
--elevate=sudo
|
||||
|
||||
- name: Deploy cyper-desktop
|
||||
continue-on-error: true
|
||||
run: |
|
||||
nixos-rebuild switch --flake .#cyper-desktop \
|
||||
--target-host phil@192.168.2.40 \
|
||||
--build-host localhost \
|
||||
--elevate=sudo
|
||||
|
||||
- name: Deploy cyper-proxy
|
||||
continue-on-error: true
|
||||
run: |
|
||||
nixos-rebuild switch --flake .#cyper-proxy \
|
||||
--target-host phil@proxy.cyperpunk.de \
|
||||
--build-host localhost \
|
||||
--elevate=sudo
|
||||
|
||||
- name: Deploy cyper-node-1
|
||||
continue-on-error: true
|
||||
run: |
|
||||
nixos-rebuild switch --flake .#cyper-node-1 \
|
||||
--target-host phil@192.168.2.30 \
|
||||
--build-host localhost \
|
||||
--elevate=sudo
|
||||
|
||||
- name: Deploy cyper-node-2
|
||||
continue-on-error: true
|
||||
run: |
|
||||
nixos-rebuild switch --flake .#cyper-node-2 \
|
||||
--target-host phil@192.168.2.31 \
|
||||
--build-host localhost \
|
||||
--elevate=sudo
|
||||
@@ -38,7 +38,7 @@ jobs:
|
||||
RELEASE_ID=$(echo $RELEASE | grep -o '"id":[0-9]*' | head -1 | cut -d: -f2)
|
||||
|
||||
for result in result-desktop result-controller result-proxy result-node-1 result-node-2; do
|
||||
iso=$(find $result/iso -name "*.iso" | head -1)
|
||||
iso=$(readlink -f $(find $result -name "*.iso" | head -1))
|
||||
curl -s -X POST \
|
||||
-H "Authorization: token ${{ secrets.CI_TOKEN }}" \
|
||||
-F "attachment=@${iso};filename=${result}.iso" \
|
||||
|
||||
@@ -22,11 +22,6 @@
|
||||
./catppuccin.nix
|
||||
];
|
||||
|
||||
sops.secrets."nix_cache_priv_key" = {
|
||||
|
||||
mode = "0400";
|
||||
};
|
||||
|
||||
nix = {
|
||||
settings = {
|
||||
trusted-users = [
|
||||
@@ -47,13 +42,11 @@
|
||||
"https://nix-community.cachix.org"
|
||||
"https://cyper-cache.cachix.org"
|
||||
];
|
||||
secret-key-files = [ config.sops.secrets."nix_cache_priv_key".path ];
|
||||
trusted-public-keys = [
|
||||
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
||||
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
"cyper-cache.cachix.org-1:pOpeWFEjGHg9XvqRg+DQpYnGRQNp+z+QEF8Ev2mbSoM="
|
||||
"cyper-nix:+YuG586UwrtNkXeGiivcr5GTCbZK70ILU2YqOxUoIWw="
|
||||
];
|
||||
auto-optimise-store = true;
|
||||
};
|
||||
|
||||
@@ -221,15 +221,7 @@ in
|
||||
nodejs
|
||||
wget
|
||||
nix
|
||||
openssh
|
||||
nixos-rebuild
|
||||
];
|
||||
|
||||
settings = {
|
||||
runner.env_vars = {
|
||||
PATH = "/run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
@@ -64,7 +64,7 @@ in
|
||||
# controller services (proxied to upstream tailscale node)
|
||||
"git.cyperpunk.de" = (mkProxy 9000) // {
|
||||
extraConfig = ''
|
||||
client_max_body_size 8192m;
|
||||
client_max_body_size 500m;
|
||||
'';
|
||||
};
|
||||
"search.cyperpunk.de" = mkProxy 11080;
|
||||
|
||||
+1
-7
@@ -10,14 +10,8 @@
|
||||
};
|
||||
users.users.${primaryUser}.openssh.authorizedKeys.keyFiles = [ ../secrets/ssh-key ];
|
||||
programs.ssh.startAgent = true;
|
||||
security = {
|
||||
sudo = {
|
||||
security.doas = {
|
||||
enable = true;
|
||||
wheelNeedsPassword = false;
|
||||
};
|
||||
doas = {
|
||||
enable = true;
|
||||
wheelNeedsPassword = false;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -33,7 +33,6 @@ gitea:
|
||||
runnerToken: ENC[AES256_GCM,data:giY3e3oHqWytgIWfnuKxOfrp8R+u7I0lMzEGnLWXnZWL9aQkVsM1kiF1FNKn/A==,iv:YsQrAKU8pncPeSSosOFn9BjU676KCh956FGC2hnCuac=,tag:+eZ1y6P/85XNPD9gVVNMgA==,type:str]
|
||||
ssh_private_key: ENC[AES256_GCM,data:R511mVFVk1ogAd5CKk/2P6rtT4NnHIFfKyqeCen545QgcvDqDFmW0rFBmPJyipaya2srJNoWvKJbnvxWtTYeJh2tPAybRMoUicStIFMUn3FPNfjx/WuQFLhKLoU3UOHHPJnkFqkQ9MBqLq2k5K7MVsNNFTxIDCKS1jPgkTmAWjRZ0EFiRXLa+Gvnz3GP5ltgfjDwdPeb5xp0/AqKPD8jea9w5ClR6ckrRHCLsfXhL2e9IaF4B96JlIv4rICLX3HmeIgM2PKl2MnSt8we5z39bBoLSA0yWG6BvpiMBaFqbo7jeHf1SxI6R404/emHhwW3pwSCDrq2ZE1ATG2UmA5NssFcVuaBPBoQer+n5haVYMNpNUp6rtKZeAIbf5JEOXJ6CJqiInfnnzOMNGhGFkGUYkhsy3p6Ti/lmNMPX/xtY+8ZqMwXf5drssm5KgnQ5nDbVqnTWAhoT/D3t+cJVAaXGTGw88fU0X95dZr8vaL/5nBCj1uUdv5cRBJ8PGhqbBX8PoiXrtGooBGhxf6nHbxIneSzG1++MZGo3e1G,iv:D1lgCnZKm3Gyv6cZpQ7zGW7JXN5RCwoaas+LroTkhPc=,tag:WI6Nr1cX8gm5pjFpu/Ok0w==,type:str]
|
||||
ssh_github_key: ENC[AES256_GCM,data:vZAH4cRDsgGXLAppQKOyUPOvmBJZ27bujMGz4hQ8tt0xhGFUP28llwGZz/VRuU02Yv4alLgVWBAIPuyhZT9f35KnjIR1Mmb7HXk/6oaNM59/lBiISLrnOpC10WmJ9O5krKdxwP8ZDvHA34B0s+oYNkTNXiU0S8AVg3icploax7ylKH5Dorj53kjdYSTjd8KN6ZsgCKmcz97+GnP0IgdmauyNL7e+kv9WIfE8Xx1kGvC8WVnidX2YhSxm6vt8l60eUj9etRigU88oFYTDZ+mIf4lucSpzaLZutz2fM/16D/o9SS7mmTrEllj2S+IXc9ZZTRKKDLbW+yv0XUi0XZi+OHAdZScjS54NZKyT9uWrc/IDJHammGsoHRQpHZtbGhkeFi/KdJsYBsWItslXjM0xJVtFIM2tMnd10kv9UGuXsSl9J4NC0rpz3aXnQqG4ZAhMjN9D/DTJpB4K0pcFyd2FDWdrbKq5iPfnU/V6ecnHPML6wCt6gua/LdK1MWoG3l2SqwMLYj1r7UW5fQZqSw1EK0BAtp9cQMLBL/2w8ykMfWpLekE=,iv:gcinU7xOoXQkFVkLNB3sQYHAcZy3pZN+bDRIq4sspys=,tag:yawgAHBKIkGpnKPHsRId4g==,type:str]
|
||||
nix_cache_priv_key: ENC[AES256_GCM,data:FbRHM4n7BDMDgZYtTOdpS0SQx80afxMC3uw6PtdKb1zcAjyQRYwJe0esTDLklLDh8Kx6dgZOJbrf2sYIzF5xVv09U1Uz0C1UnF4M6yhbg+Nqg0HfVj55L3Z6ulrxNlgq7gY=,iv:F9DZUsyzZocKoB0yByeBcrCw9Ytcp+Xk6y8+ZH4OV7k=,tag:mSf1zVciPkifzr3kVFAt0g==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- enc: |
|
||||
@@ -45,7 +44,7 @@ sops:
|
||||
6fuez+zApathZfl14w41kAUojPWBznnxDqYtNvzVVLXwnpp3BMx+7w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
recipient: age10pyhca0jy75wtqv5hrn0gf0jcam5272zx9h73a8xwwaxyfq89c0qs5dr9t
|
||||
lastmodified: "2026-06-23T07:50:18Z"
|
||||
mac: ENC[AES256_GCM,data:KlPMGQNnGdXGfUhuGviQ/lvDBOfjy9IiTFhLaJEwafJfAQmyYe+VclRV2kKK1A98rvZqhey/pvXyrpU1FQNbrvTVCgPMKiX8ggSmF62Ocz2ljj/tQqQhyZbtPM229k69FXdoDFjl0vg9T8nrYtNh+S8Xy17yw5CA1gI7GYILCF0=,iv:Km4NRYjTsZO3NYoWCUdQrmeXUPdbN+cI4CqJFkH70ww=,tag:TTCA8X2jAO1x20NILNyngg==,type:str]
|
||||
lastmodified: "2026-06-22T18:17:22Z"
|
||||
mac: ENC[AES256_GCM,data:nIGjfBCia9y1+f0dE6TRK6pBLo3B+vqmK88t5xrCY9j+SIzPvCc2Iv6h8AXSfunvIZpxODhn+PmX2FBwa9TtNVePi/Iywu43fRGHz67gSVYTyTBoLRAxqW/7hEvRMXu0ECUfAPzQCq3rd4iWjMXyIYU/FsX9g4NlIno0zcCV5cs=,iv:M4FBoxzojH01hScrRoET3AwmG3qevhkxiET+W94drh0=,tag:rHf7wbkp64FKybjZL0EDDQ==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.13.1
|
||||
|
||||
Reference in New Issue
Block a user