commit 8829dfbf9b9ccf0ddf21a1e73b4b457945bef398 · mariuskimmina.com/nix-hetzner-lab

+38

.github/workflows/deploy.yaml

··· 1 + name: Deploy 2 + 3 + on: 4 + workflow_dispatch: 5 + 6 + jobs: 7 + deploy: 8 + runs-on: ubuntu-latest 9 + permissions: 10 + contents: write 11 + steps: 12 + - uses: actions/checkout@v4 13 + 14 + - uses: DeterminateSystems/nix-installer-action@main 15 + - uses: DeterminateSystems/magic-nix-cache-action@main 16 + 17 + - name: Update flake 18 + run: | 19 + nix flake update homepage 20 + git config user.name "github-actions[bot]" 21 + git config user.email "github-actions[bot]@users.noreply.github.com" 22 + git add flake.lock 23 + if git diff --staged --quiet; then 24 + echo "No changes to flake.lock" 25 + else 26 + git commit -m "flake: update homepage" 27 + git push 28 + fi 29 + 30 + - name: Deploy 31 + run: | 32 + mkdir -p ~/.ssh 33 + echo "${{ secrets.DEPLOY_SSH_KEY }}" > ~/.ssh/id_ed25519 34 + chmod 600 ~/.ssh/id_ed25519 35 + ssh-keyscan ${{ secrets.SERVER_IP }} >> ~/.ssh/known_hosts 36 + nix run nixpkgs#nixos-rebuild -- switch \ 37 + --flake .#hetzner-lab \ 38 + --target-host root@${{ secrets.SERVER_IP }}

+5 -21

configuration.nix

··· 3 3 lib, 4 4 pkgs, 5 5 homepage, 6 - leaflet-hugo-sync, 7 6 ... 8 7 }: 9 - let 10 - leaflet-sync-bin = leaflet-hugo-sync.packages.x86_64-linux.default; 11 - in 12 8 { 13 9 imports = [ 14 10 (modulesPath + "/installer/scan/not-detected.nix") ··· 46 42 extraGroups = [ "podman" ]; 47 43 }; 48 44 49 - # Homepage build service 45 + # Build hugo site as a derivation 50 46 systemd.services.homepage-build = { 51 - description = "Build homepage with leaflet-sync"; 52 - after = [ "network-online.target" ]; 53 - wants = [ "network-online.target" ]; 47 + description = "Build homepage"; 54 48 wantedBy = [ "multi-user.target" ]; 55 49 56 50 serviceConfig = { 57 51 Type = "oneshot"; 58 52 RemainAfterExit = true; 59 - StateDirectory = "homepage"; 60 53 }; 61 - 62 - path = [ pkgs.hugo leaflet-sync-bin ]; 63 54 64 55 script = '' 65 56 set -ex 66 - 67 - WORK_DIR=/var/lib/homepage 57 + WORK_DIR=$(mktemp -d) 68 58 OUT_DIR=/var/www/homepage 69 59 70 - # Copy source from nix store to writable directory (including hidden files) 71 - rm -rf $WORK_DIR/* 72 - rm -rf $WORK_DIR/.* 2>/dev/null || true 73 60 cp -r ${homepage}/. $WORK_DIR/ 74 61 chmod -R u+w $WORK_DIR 75 62 cd $WORK_DIR 76 63 77 - # Run leaflet-sync (fetches from network) 78 - leaflet-hugo-sync 64 + ${pkgs.hugo}/bin/hugo --minify --destination $OUT_DIR 79 65 80 - # Build hugo site 81 - mkdir -p $OUT_DIR 82 - hugo --minify --destination $OUT_DIR 66 + rm -rf $WORK_DIR 83 67 ''; 84 68 }; 85 69

+4 -73

flake.lock

··· 20 20 "type": "github" 21 21 } 22 22 }, 23 - "flake-utils": { 24 - "inputs": { 25 - "systems": "systems" 26 - }, 27 - "locked": { 28 - "lastModified": 1731533236, 29 - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", 30 - "owner": "numtide", 31 - "repo": "flake-utils", 32 - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", 33 - "type": "github" 34 - }, 35 - "original": { 36 - "owner": "numtide", 37 - "repo": "flake-utils", 38 - "type": "github" 39 - } 40 - }, 41 23 "homepage": { 42 24 "flake": false, 43 25 "locked": { 44 - "lastModified": 1767818156, 45 - "narHash": "sha256-9ltov+4zOT6Q51hgMadrhuRo6K7SFNCD2S+Wb2X/n1w=", 26 + "lastModified": 1767825440, 27 + "narHash": "sha256-O5rP/5dTaal5rXEQVjm9q2s/5K0xjV8/uSouBs8m+Vo=", 46 28 "owner": "mariuskimmina", 47 29 "repo": "homepage", 48 - "rev": "c64738ff24ac5ed934783d20e4b53d7e8c16b6bc", 30 + "rev": "8553534308051495d3b724894f92ead8aa118e18", 49 31 "type": "github" 50 32 }, 51 33 "original": { ··· 54 36 "type": "github" 55 37 } 56 38 }, 57 - "leaflet-hugo-sync": { 58 - "inputs": { 59 - "flake-utils": "flake-utils", 60 - "nixpkgs": "nixpkgs" 61 - }, 62 - "locked": { 63 - "lastModified": 1767737144, 64 - "narHash": "sha256-RQah7klbquu7TG7xib3+ljZPsPv2Vzqq/TzsSUuYuOY=", 65 - "owner": "mariuskimmina", 66 - "repo": "leaflet-hugo-sync", 67 - "rev": "40e20a13254913ce48dfe8bbfc4125399dc21575", 68 - "type": "github" 69 - }, 70 - "original": { 71 - "owner": "mariuskimmina", 72 - "repo": "leaflet-hugo-sync", 73 - "type": "github" 74 - } 75 - }, 76 39 "nixpkgs": { 77 40 "locked": { 78 - "lastModified": 1767379071, 79 - "narHash": "sha256-EgE0pxsrW9jp9YFMkHL9JMXxcqi/OoumPJYwf+Okucw=", 80 - "owner": "NixOS", 81 - "repo": "nixpkgs", 82 - "rev": "fb7944c166a3b630f177938e478f0378e64ce108", 83 - "type": "github" 84 - }, 85 - "original": { 86 - "owner": "NixOS", 87 - "ref": "nixos-unstable", 88 - "repo": "nixpkgs", 89 - "type": "github" 90 - } 91 - }, 92 - "nixpkgs_2": { 93 - "locked": { 94 41 "lastModified": 1748662220, 95 42 "narHash": "sha256-7gGa49iB9nCnFk4h/g9zwjlQAyjtpgcFkODjcOQS0Es=", 96 43 "owner": "NixOS", ··· 109 56 "inputs": { 110 57 "disko": "disko", 111 58 "homepage": "homepage", 112 - "leaflet-hugo-sync": "leaflet-hugo-sync", 113 - "nixpkgs": "nixpkgs_2" 114 - } 115 - }, 116 - "systems": { 117 - "locked": { 118 - "lastModified": 1681028828, 119 - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 120 - "owner": "nix-systems", 121 - "repo": "default", 122 - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 123 - "type": "github" 124 - }, 125 - "original": { 126 - "owner": "nix-systems", 127 - "repo": "default", 128 - "type": "github" 59 + "nixpkgs": "nixpkgs" 129 60 } 130 61 } 131 62 },

+1 -3

flake.nix

··· 7 7 url = "github:mariuskimmina/homepage"; 8 8 flake = false; 9 9 }; 10 - inputs.leaflet-hugo-sync.url = "github:mariuskimmina/leaflet-hugo-sync"; 11 10 12 11 outputs = 13 12 { 14 13 nixpkgs, 15 14 disko, 16 15 homepage, 17 - leaflet-hugo-sync, 18 16 ... 19 17 }: 20 18 { 21 19 nixosConfigurations.hetzner-lab = nixpkgs.lib.nixosSystem { 22 20 system = "x86_64-linux"; 23 - specialArgs = { inherit homepage leaflet-hugo-sync; }; 21 + specialArgs = { inherit homepage; }; 24 22 modules = [ 25 23 disko.nixosModules.disko 26 24 ./configuration.nix