image: nixos/nix variables: NIXOS_VERSION: "unstable" NIXPKGS_ALLOW_UNFREE: "1" NIXPKGS_ALLOW_INSECURE: "1" stages: - test - deploy before_script: - mv .gitlab/passwd /etc/passwd - mv .gitlab/group /etc/group - mv nix.conf /etc/nix/nix.conf - nix-channel --add https://nixos.org/channels/nixos-${NIXOS_VERSION} nixos - nix-channel --update test: stage: test script: - nix flake check rules: - if: $CI_PIPELINE_SOURCE == "schedule" when: never - if: $CI_PIPELINE_SOURCE == 'merge_request_event' when: never - when: always deploy: stage: deploy script: # Init OpenSSH - nix-env -iA nixos.openssh - eval "$(ssh-agent -s)" - chmod 0600 $SSH_PRIVATE_KEY - ssh-add $SSH_PRIVATE_KEY # Deploy everything - nix develop --command deploy rules: - if: $CI_PIPELINE_SOURCE == "schedule" when: never - if: $CI_COMMIT_BRANCH == "master" check updates: stage: test script: # Prepare git access - nix-env -iA nixos.openssh - eval "$(ssh-agent -s)" - chmod 0600 $SSH_UPDATE_KEY - ssh-add $SSH_UPDATE_KEY - git config --global user.name "NixOS Flake Update" - git config --global user.email "git@lewd.wtf" - git remote rm origin && git remote add origin "git@git.lewd.wtf:${CI_PROJECT_PATH}.git" # Update flakes - nix flake update # Push changes - git branch -D flakes_update || true - git checkout -b flakes_update - git add flake.lock - git commit -m 'Update NixOS Flakes' - GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" git push -f --set-upstream origin flakes_update -o merge_request.create rules: - if: $CI_PIPELINE_SOURCE == "schedule"