all repos — homestead @ dc118296c509bb1e5eb99540bfef37f384e73118

Code for my website

.build.yml (view raw)

image: nixos/unstable
sources:
  - https://git.sr.ht/~alanpearce/website
secrets:
  - ce767f7f-3ac0-43fb-b225-fccbc9cdfaba
  - 5a04c7f9-bba4-40ab-b54c-a2daae2989e8
  - d0a0edd6-1d39-4959-b346-71f64af36a73
environment:
  NIX_CONFIG: |
    experimental-features = nix-command flakes
    max-jobs = 4
    extra-substituters = https://binarycache.alanpearce.eu
    extra-trusted-public-keys = binarycache.alanpearce.eu:ZwqO3XMuajPictjwih8OY2+RXnOKpjZEZFHJjGSxAI4=
  FLY_APP: alanpearce-eu
packages:
  - nixos.just
  - nixos.skopeo
  - nixos.flyctl
  - nixos.sentry-cli
  - nixos.flake-checker
  - nixos.hut
tasks:
  - check: |
      cd website
      flake-checker

  - build: |
      echo "VerifyHostKeyDNS yes" >> ~/.ssh/config
      cd website
      nix flake check
      just docker-image-fly
      nix copy --substitute-on-destination \
        --to ssh://nixremote@linde.alanpearce.eu \
        .#builder .#server $(nix-store --query --requisites )

  - deploy: |
      if [[ "$GIT_REF" != "refs/heads/main" ]]
      then
        exit
      fi
      cd website
      sudo mkdir /etc/containers
      echo '{"default":[{"type":"insecureAcceptAnything"}]}' | sudo tee /etc/containers/policy.json > /dev/null
      fly auth docker
      just docker-image-fly \
        print-docker-tag \
        push-to-registry \
        deploy