67 lines
1.6 KiB
YAML
67 lines
1.6 KiB
YAML
image: nixos/nix
|
|
|
|
variables:
|
|
NIXOS_VERSION: "unstable"
|
|
NIXPKGS_ALLOW_UNFREE: "1"
|
|
NIXPKGS_ALLOW_INSECURE: "1"
|
|
|
|
stages:
|
|
- test
|
|
- deploy
|
|
|
|
before_script:
|
|
- mv .gitlab/passwd /etc/passwd
|
|
- mv .gitlab/group /etc/group
|
|
- mv nix.conf /etc/nix/nix.conf
|
|
- nix-channel --add https://nixos.org/channels/nixos-${NIXOS_VERSION} nixos
|
|
- nix-channel --update
|
|
|
|
test:
|
|
stage: test
|
|
script:
|
|
- nix flake check
|
|
rules:
|
|
- if: $CI_PIPELINE_SOURCE == "schedule"
|
|
when: never
|
|
- when: always
|
|
|
|
deploy:
|
|
stage: deploy
|
|
script:
|
|
# Init OpenSSH
|
|
- nix-env -iA nixos.openssh
|
|
- eval "$(ssh-agent -s)"
|
|
- chmod 0600 $SSH_PRIVATE_KEY
|
|
- ssh-add $SSH_PRIVATE_KEY
|
|
# Deploy everything
|
|
- nix develop --command deploy
|
|
rules:
|
|
- if: $CI_PIPELINE_SOURCE == "schedule"
|
|
when: never
|
|
- if: $CI_COMMIT_BRANCH == "master"
|
|
|
|
|
|
check updates:
|
|
stage: test
|
|
script:
|
|
# Prepare git access
|
|
- nix-env -iA nixos.openssh
|
|
- eval "$(ssh-agent -s)"
|
|
- chmod 0600 $SSH_UPDATE_KEY
|
|
- ssh-add $SSH_UPDATE_KEY
|
|
- mkdir -p ~/.ssh && touch ~/.ssh/known_hosts
|
|
- ssh-keyscan git.lewd.wtf >> ~/.ssh/known_hosts
|
|
- git config --global user.name "NixOS Flake Update"
|
|
- git config --global user.email "git@lewd.wtf"
|
|
- git remote rm origin && git remote add origin "git@git.lewd.wtf:${CI_PROJECT_PATH}.git"
|
|
# Update flakes
|
|
- nix flake update
|
|
# Push changes
|
|
- git checkout -b flakes_update
|
|
- git add flake.lock
|
|
- git commit -m 'Update NixOS Flakes'
|
|
- git push --set-upstream origin flakes_update -o merge_request.create
|
|
rules:
|
|
- if: $CI_PIPELINE_SOURCE == "schedule"
|
|
|