image: nixos/unstable sources: - https://git.sr.ht/~alanpearce/website secrets: - ce767f7f-3ac0-43fb-b225-fccbc9cdfaba - 5a04c7f9-bba4-40ab-b54c-a2daae2989e8 - d0a0edd6-1d39-4959-b346-71f64af36a73 environment: NIX_CONFIG: | experimental-features = nix-command flakes max-jobs = 4 extra-substituters = https://binarycache.alanpearce.eu extra-trusted-public-keys = binarycache.alanpearce.eu:ZwqO3XMuajPictjwih8OY2+RXnOKpjZEZFHJjGSxAI4= FLY_APP: alanpearce-eu packages: - nixos.just - nixos.skopeo - nixos.flyctl - nixos.sentry-cli - nixos.flake-checker - nixos.hut tasks: - check: | cd website flake-checker - build: | echo "VerifyHostKeyDNS yes" >> ~/.ssh/config cd website nix flake check just docker-image-fly nix copy --substitute-on-destination \ --to ssh://nixremote@linde.alanpearce.eu \ .#builder .#server $(nix-store --query --requisites ) - deploy: | if [[ "$GIT_REF" != "refs/heads/main" ]] then exit fi cd website sudo mkdir /etc/containers echo '{"default":[{"type":"insecureAcceptAnything"}]}' | sudo tee /etc/containers/policy.json > /dev/null fly auth docker just docker-image-fly \ print-docker-tag \ push-to-registry \ deploy