blob: 1ec05b11381c2517bf3476e92864fd6f1c85bc8c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
image: nixos/unstable
sources:
- https://git.sr.ht/~alanpearce/website
secrets:
- ce767f7f-3ac0-43fb-b225-fccbc9cdfaba
- 5a04c7f9-bba4-40ab-b54c-a2daae2989e8
- d0a0edd6-1d39-4959-b346-71f64af36a73
environment:
NIX_CONFIG: |
experimental-features = nix-command flakes
max-jobs = 4
extra-substituters = https://binarycache.alanpearce.eu
extra-trusted-public-keys = binarycache.alanpearce.eu:ZwqO3XMuajPictjwih8OY2+RXnOKpjZEZFHJjGSxAI4=
FLY_APP: alanpearce-eu
packages:
- nixos.just
- nixos.skopeo
- nixos.flyctl
- nixos.sentry-cli
- nixos.flake-checker
- nixos.hut
tasks:
- check: |
cd website
flake-checker
- build: |
echo "VerifyHostKeyDNS yes" >> ~/.ssh/config
cd website
nix flake check
just docker-image-fly
nix copy --substitute-on-destination \
--to ssh://nixremote@linde.alanpearce.eu \
.
- deploy: |
if [[ "$GIT_REF" != "refs/heads/main" ]]
then
exit
fi
cd website
sudo mkdir /etc/containers
echo '{"default":[{"type":"insecureAcceptAnything"}]}' | sudo tee /etc/containers/policy.json > /dev/null
fly auth docker
just docker-image-fly \
print-docker-tag \
push-to-registry \
deploy
|