image: nixos/nix

variables:
  NIXOS_VERSION: "unstable"
  NIXPKGS_ALLOW_UNFREE: "1"
  NIXPKGS_ALLOW_INSECURE: "1"

stages:
  - test
  - deploy

before_script:
  - mv .gitlab/passwd /etc/passwd
  - mv .gitlab/group /etc/group
  - mv nix.conf /etc/nix/nix.conf
  - nix-channel --add https://nixos.org/channels/nixos-${NIXOS_VERSION} nixos
  - nix-channel --update

test:
  stage: test
  script:
    - nix flake check

deploy:
  stage: deploy
  script:
    # Init OpenSSH
    - nix-env -iA nixos.openssh
    - eval "$(ssh-agent -s)"
    - chmod 0600 $SSH_PRIVATE_KEY
    - ssh-add $SSH_PRIVATE_KEY
    # Deploy everything
    - nix develop --command deploy
  rules:
    - if: $CI_COMMIT_BRANCH == "master"