.woodpecker/deploy.yaml

@@ -7,25 +7,34 @@ variables: &nix-config
     NIXPKGS_ALLOW_INSECURE: "1"
 
 steps:
-  - name: Check Flake
-    image: nixos/nix:latest
-    pull: true
+  - name: Configure Nix Channels
+    image: bash
     commands:
       - nix-channel --add https://nixos.org/channels/nixos-$${NIXOS_VERSION} nixos
       - nix-channel --update
+    environment:
+      *nix-config
+    when:
+      - evaluate: 'CI_PIPELINE_EVENT != "cron" && CI_PIPELINE_EVENT != "schedule"'
+
+  - name: Check Flake
+    image: bash
+    commands:
       - nix flake check
     environment:
       *nix-config
     when:
       - evaluate: 'CI_PIPELINE_EVENT != "cron" && CI_PIPELINE_EVENT != "schedule"'
 
-  - name: Deploy
-    image: nixos/nix:latest
-    pull: true
+  - name: Place SSH Key
+    image: bash
+    commands:
+      - echo $${SSH_PRIVATE_KEY}} > .privkey
+      - chmod 0600 .privkey
+
+  - name: Deploy
+    image: bash
     commands:
-      - nix-env -iA nixos.openssh
-      - eval "$(ssh-agent -s)"
-      - echo $${SSH_PRIVATE_KEY}} | ssh-add -
       - nix develop --command deploy
     environment:
       *nix-config

hosts/kinda.sus.lol/services/transfer-sh.nix

@@ -1,6 +1,6 @@
 { config, pkgs, lib, ... }:
 {
-  networking.firewall.allowedTCPPorts = [ 6080 ];
+  networking.firewall.allowedTCPPorts = [ ];
   services.transfer-sh = {
     enable = true;
     settings = {
@@ -12,5 +12,8 @@
       PURGE_DAYS = "90";
     };
   };
-  systemd.services.transfer-sh.serviceConfig.ReadWritePaths = lib.mkForce "/mnt/data/transfer-sh";
+  systemd.services.transfer-sh.serviceConfig.ReadWritePaths = lib.mkForce [
+    "/mnt/data/transfer-sh/temp"
+    "/mnt/data/transfer-sh/store"
+  ];
 }