From a3751b16cdb03e3bc6e2839ce10bca85f67100a2 Mon Sep 17 00:00:00 2001
From: plasmagoat <david.mikael@proton.me>
Date: Sun, 8 Jun 2025 00:10:17 +0200
Subject: [PATCH] ensure nix never builder locally

---
 .forgejo/workflows/build-image.yml | 26 +++++++++++++++-----------
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/.forgejo/workflows/build-image.yml b/.forgejo/workflows/build-image.yml
index 974f4e7..c1644d0 100644
--- a/.forgejo/workflows/build-image.yml
+++ b/.forgejo/workflows/build-image.yml
@@ -12,6 +12,8 @@ jobs:
     env:
       PROXMOX_HOST: 192.168.1.205
       PROXMOX_USER: forgejo-runner
+      NIXOS_BUILER_HOST: nixos-builder.lab
+      NIXOS_BUILER_USER: root
       TEMPLATE_VMID: 9001
       LATEST_TEMPLATE_VMID: 9000
 
@@ -23,11 +25,12 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Set VERSION from tag or fallback
+        id: version
         run: |
           if [ -n "${CI_COMMIT_TAG}" ]; then
-            echo "VERSION=${CI_COMMIT_TAG}" >> $GITHUB_ENV
+            echo "tag=${CI_COMMIT_TAG}" >> $GITHUB_OUTPUT
           else
-            echo "VERSION=dev-$(date +%s)" >> $GITHUB_ENV
+            echo "tag=dev-$(date +%s)" >> $GITHUB_OUTPUT
           fi
 
       - name: Enable experimental features
@@ -35,23 +38,24 @@ jobs:
           mkdir -p ~/.config/nix
           echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf
 
-      - name: Build NixOS image
-        run: nix build .#base --builders "ssh://root@nixos-builder.lab x86_64-linux"
-
       - name: Prepare SSH
         env:
-          PROXMOX_SSH_KEY: ${{ secrets.PROXMOX_SSH_KEY }}
+          RUNNER_SSH_KEY: ${{ secrets.RUNNER_SSH_KEY }}
         run: |
           mkdir -p ~/.ssh
-          echo "$PROXMOX_SSH_KEY" > ~/.ssh/id_rsa
+          echo "$RUNNER_SSH_KEY" > ~/.ssh/id_rsa
           chmod 600 ~/.ssh/id_rsa
           ssh-keyscan -H $PROXMOX_HOST >> ~/.ssh/known_hosts
+          ssh-keyscan -H $NIXOS_BUILER_HOST >> ~/.ssh/known_hosts
+
+      - name: Build NixOS image
+        run: nix build .#base --builders "ssh://$NIXOS_BUILER_USER@$NIXOS_BUILER_HOST x86_64-linux" --max-jobs 0
 
       # - name: Upload image to Proxmox and manage templates
       #   run: |
       #     set -e
       #     IMAGE="result/vm-image.vma.zst"
-      #     REMOTE_NAME="nixos-base-image-${VERSION}.vma.zst"
+      #     REMOTE_NAME="nixos-base-image-${steps.version.outputs.tag}.vma.zst"
       #     REMOTE_PATH="/var/lib/vz/template/images/$REMOTE_NAME"
 
       #     echo "Uploading $IMAGE to Proxmox as $REMOTE_NAME"
@@ -79,9 +83,9 @@ jobs:
       #   if: ${{ github.ref_type == 'tag' }}
       #   uses: softprops/action-gh-release@v1
       #   with:
-      #     name: "NixOS Base Image ${{ env.VERSION }}"
-      #     tag_name: ${{ env.VERSION }}
+      #     name: "NixOS Base Image ${{ steps.version.outputs.tag }}"
+      #     tag_name: ${{ steps.version.outputs.tag }}
       #     body: |
-      #       This release contains the NixOS base image for Proxmox labeled `${{ env.VERSION }}`.
+      #       This release contains the NixOS base image for Proxmox labeled `${{ steps.version.outputs.tag }}`.
       #     files: |
       #       result/vm-image.vma.zst