mariuskimmina.com
+38
.github/workflows/deploy.yaml
+38
.github/workflows/deploy.yaml
···
···
1
+
name: Deploy
2
+
3
+
on:
4
+
workflow_dispatch:
5
+
6
+
jobs:
7
+
deploy:
8
+
runs-on: ubuntu-latest
9
+
permissions:
10
+
contents: write
11
+
steps:
12
+
- uses: actions/checkout@v4
13
+
14
+
- uses: DeterminateSystems/nix-installer-action@main
15
+
- uses: DeterminateSystems/magic-nix-cache-action@main
16
+
17
+
- name: Update flake
18
+
run: |
19
+
nix flake update homepage
20
+
git config user.name "github-actions[bot]"
21
+
git config user.email "github-actions[bot]@users.noreply.github.com"
22
+
git add flake.lock
23
+
if git diff --staged --quiet; then
24
+
echo "No changes to flake.lock"
25
+
else
26
+
git commit -m "flake: update homepage"
27
+
git push
28
+
fi
29
+
30
+
- name: Deploy
31
+
run: |
32
+
mkdir -p ~/.ssh
33
+
echo "${{ secrets.DEPLOY_SSH_KEY }}" > ~/.ssh/id_ed25519
34
+
chmod 600 ~/.ssh/id_ed25519
35
+
ssh-keyscan ${{ secrets.SERVER_IP }} >> ~/.ssh/known_hosts
36
+
nix run nixpkgs#nixos-rebuild -- switch \
37
+
--flake .#hetzner-lab \
38
+
--target-host root@${{ secrets.SERVER_IP }}
+6
README.md
+6
README.md
+52
-9
configuration.nix
+52
-9
configuration.nix
···
2
modulesPath,
3
lib,
4
pkgs,
5
...
6
-
} @ args:
7
{
8
imports = [
9
(modulesPath + "/installer/scan/not-detected.nix")
10
(modulesPath + "/profiles/qemu-guest.nix")
11
./disk-config.nix
12
];
13
boot.loader.grub = {
14
-
# no need to set devices, disko will add all devices that have a EF02 partition to the list already
15
-
# devices = [ ];
16
efiSupport = true;
17
efiInstallAsRemovable = true;
18
};
19
services.openssh.enable = true;
20
21
virtualisation = {
···
23
podman = {
24
enable = true;
25
dockerCompat = true;
26
-
defaultNetwork.settings.dns_enabled = true; # Required for containers under podman-compose to be able to talk to each other.
27
};
28
};
29
···
33
pkgs.wget
34
];
35
36
-
users.users.root.openssh.authorizedKeys.keys =
37
-
[
38
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFuC5sHe8hegmrgEKntLTArMn/O6m8IOKHxtgAsHHcF1 mar.kimmina@gmail.com"
39
];
40
41
users.users.root = {
42
-
extraGroups = [
43
-
"podman"
44
-
];
45
};
46
47
system.stateVersion = "24.05";
48
}
···
2
modulesPath,
3
lib,
4
pkgs,
5
+
homepage,
6
...
7
+
}:
8
{
9
imports = [
10
(modulesPath + "/installer/scan/not-detected.nix")
11
(modulesPath + "/profiles/qemu-guest.nix")
12
./disk-config.nix
13
];
14
+
15
boot.loader.grub = {
16
efiSupport = true;
17
efiInstallAsRemovable = true;
18
};
19
+
20
services.openssh.enable = true;
21
22
virtualisation = {
···
24
podman = {
25
enable = true;
26
dockerCompat = true;
27
+
defaultNetwork.settings.dns_enabled = true;
28
};
29
};
30
···
34
pkgs.wget
35
];
36
37
+
users.users.root.openssh.authorizedKeys.keys = [
38
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFuC5sHe8hegmrgEKntLTArMn/O6m8IOKHxtgAsHHcF1 mar.kimmina@gmail.com"
39
];
40
41
users.users.root = {
42
+
extraGroups = [ "podman" ];
43
+
};
44
+
45
+
# Build hugo site as a derivation
46
+
systemd.services.homepage-build = {
47
+
description = "Build homepage";
48
+
wantedBy = [ "multi-user.target" ];
49
+
50
+
serviceConfig = {
51
+
Type = "oneshot";
52
+
RemainAfterExit = true;
53
+
};
54
+
55
+
script = ''
56
+
set -ex
57
+
WORK_DIR=$(mktemp -d)
58
+
OUT_DIR=/var/www/homepage
59
+
60
+
cp -r ${homepage}/. $WORK_DIR/
61
+
chmod -R u+w $WORK_DIR
62
+
cd $WORK_DIR
63
+
64
+
${pkgs.hugo}/bin/hugo --minify --destination $OUT_DIR
65
+
66
+
rm -rf $WORK_DIR
67
+
'';
68
};
69
+
70
+
systemd.tmpfiles.rules = [
71
+
"d /var/www/homepage 0755 root root -"
72
+
];
73
+
74
+
services.nginx = {
75
+
enable = true;
76
+
virtualHosts."mariuskimmina.com" = {
77
+
root = "/var/www/homepage";
78
+
forceSSL = true;
79
+
enableACME = true;
80
+
};
81
+
};
82
+
83
+
security.acme = {
84
+
acceptTerms = true;
85
+
defaults.email = "mar.kimmina@gmail.com";
86
+
};
87
+
88
+
networking.firewall.allowedTCPPorts = [ 80 443 ];
89
90
system.stateVersion = "24.05";
91
}
+17
flake.lock
+17
flake.lock
···
20
"type": "github"
21
}
22
},
23
+
"homepage": {
24
+
"flake": false,
25
+
"locked": {
26
+
"lastModified": 1768043002,
27
+
"narHash": "sha256-ERRYBsT8mpj2jdbajxtDM+eRGE7VJNmjYefTSNuztik=",
28
+
"owner": "mariuskimmina",
29
+
"repo": "homepage",
30
+
"rev": "2ed2764c247fe47a3731dd714d080a0e8c44640a",
31
+
"type": "github"
32
+
},
33
+
"original": {
34
+
"owner": "mariuskimmina",
35
+
"repo": "homepage",
36
+
"type": "github"
37
+
}
38
+
},
39
"nixpkgs": {
40
"locked": {
41
"lastModified": 1748662220,
···
55
"root": {
56
"inputs": {
57
"disko": "disko",
58
+
"homepage": "homepage",
59
"nixpkgs": "nixpkgs"
60
}
61
}
+7
flake.nix
+7
flake.nix
···
2
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
3
inputs.disko.url = "github:nix-community/disko";
4
inputs.disko.inputs.nixpkgs.follows = "nixpkgs";
5
6
outputs =
7
{
8
nixpkgs,
9
disko,
10
...
11
}:
12
{
13
nixosConfigurations.hetzner-lab = nixpkgs.lib.nixosSystem {
14
system = "x86_64-linux";
15
modules = [
16
disko.nixosModules.disko
17
./configuration.nix
···
2
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
3
inputs.disko.url = "github:nix-community/disko";
4
inputs.disko.inputs.nixpkgs.follows = "nixpkgs";
5
+
6
+
inputs.homepage = {
7
+
url = "github:mariuskimmina/homepage";
8
+
flake = false;
9
+
};
10
11
outputs =
12
{
13
nixpkgs,
14
disko,
15
+
homepage,
16
...
17
}:
18
{
19
nixosConfigurations.hetzner-lab = nixpkgs.lib.nixosSystem {
20
system = "x86_64-linux";
21
+
specialArgs = { inherit homepage; };
22
modules = [
23
disko.nixosModules.disko
24
./configuration.nix
+1
result
+1
result
···
···
1
+
/nix/store/286x6h9n5bjhhav12lhpr2jl7zj2w680-nixos-system-nixos-25.11.20250531.59138c7