dump

.forgejo/workflows/deploy-nixos.yaml

@@ -0,0 +1,39 @@
+name: Deploy NixOS VM
+
+on:
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    runs-on: docker
+    container:
+      image: nixos/nix
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+
+      - name: Install Terraform
+        run: nix-env -iA nixpkgs.terraform
+
+      - name: Setup SSH key
+        run: |
+          mkdir -p ~/.ssh
+          echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+        env:
+          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
+
+      - name: Terraform Init & Apply
+        run: |
+          terraform init
+          terraform apply -auto-approve
+        working-directory: ./terraform
+        env:
+          PROXMOX_PASSWORD: ${{ secrets.PROXMOX_PASSWORD }}
+
+      - name: Deploy NixOS via nixos-anywhere
+        run: |
+          nix run github:numtide/nixos-anywhere -- \
+            --build-on-remote \
+            --flake .#new-vm \
+            root@<new-vm-ip>

.forgejo/workflows/proxmox-nixos-deploy.yml

@@ -0,0 +1,34 @@
+name: Terraform Proxmox NixOS VM Deploy
+
+on:
+  workflow_dispatch:
+
+jobs:
+  deploy-nixos-vm:
+    runs-on: nixos-latest
+    steps:
+      - name: Install nodejs
+        run: nix-env -iA nixpkgs.nodejs
+
+      - name: Install terraform
+        run: nix-env -iA nixpkgs.terraform
+
+      - name: Install sops
+        run: nix-env -iA nixpkgs.sops
+
+      - name: Checkout repo
+        uses: actions/checkout@v3
+
+      - name: Decrypt secrets
+        env:
+          SOPS_AGE_KEY_FILE: ${{ secrets.AGE_KEY_FILE }}
+        run: |
+          sops --decrypt secrets.yaml.enc > secrets.yaml
+
+      - name: Terraform Init
+        run: terraform init
+
+      - name: Terraform Apply
+        env:
+          PROXMOX_PASSWORD: ${{ secrets.PROXMOX_PASSWORD }}
+        run: terraform apply -auto-approve