name: Terraform Proxmox NixOS VM Deploy

on:
  workflow_dispatch:

jobs:
  deploy-nixos-vm:
    runs-on: nixos-latest
    steps:
      - name: Install nodejs
        run: nix-env -iA nixpkgs.nodejs

      - name: Install terraform
        run: nix-env -iA nixpkgs.terraform

      - name: Install sops
        run: nix-env -iA nixpkgs.sops

      - name: Checkout repo
        uses: actions/checkout@v3

      - name: Decrypt secrets
        env:
          SOPS_AGE_KEY_FILE: ${{ secrets.AGE_KEY_FILE }}
        run: |
          sops --decrypt secrets.yaml.enc > secrets.yaml

      - name: Terraform Init
        run: terraform init

      - name: Terraform Apply
        env:
          PROXMOX_PASSWORD: ${{ secrets.PROXMOX_PASSWORD }}
        run: terraform apply -auto-approve