name: Deploy NixOS VM

on:
  workflow_dispatch:

jobs:
  deploy:
    runs-on: docker
    container:
      image: nixos/nix
    steps:
      - name: Checkout repo
        uses: actions/checkout@v4

      - name: Install Terraform
        run: nix-env -iA nixpkgs.terraform

      - name: Setup SSH key
        run: |
          mkdir -p ~/.ssh
          echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519
        env:
          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}

      - name: Terraform Init & Apply
        run: |
          terraform init
          terraform apply -auto-approve
        working-directory: ./terraform
        env:
          PROXMOX_PASSWORD: ${{ secrets.PROXMOX_PASSWORD }}

      - name: Deploy NixOS via nixos-anywhere
        run: |
          nix run github:numtide/nixos-anywhere -- \
            --build-on-remote \
            --flake .#new-vm \
            root@<new-vm-ip>