From 19d0371248b0a3771afb06a5507a6cd8f456cad4 Mon Sep 17 00:00:00 2001 From: notohh Date: Fri, 20 Oct 2023 18:31:27 -0400 Subject: [PATCH 01/36] openssh: permit root login --- modules/openssh.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/openssh.nix b/modules/openssh.nix index 749d2ec..14d7c60 100644 --- a/modules/openssh.nix +++ b/modules/openssh.nix @@ -5,7 +5,7 @@ KbdInteractiveAuthentication = false; PasswordAuthentication = lib.mkForce false; PubkeyAuthentication = lib.mkForce true; - PermitRootLogin = lib.mkForce "no"; + PermitRootLogin = lib.mkForce "yes"; StreamLocalBindUnlink = "yes"; GatewayPorts = "clientspecified"; }; From da2caff5178e65f2c0e24ebb4895499452c7c7b6 Mon Sep 17 00:00:00 2001 From: notohh Date: Fri, 20 Oct 2023 18:32:01 -0400 Subject: [PATCH 02/36] fail2ban: bypass tailscale ips --- modules/security.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/security.nix b/modules/security.nix index 5c78728..e904164 100644 --- a/modules/security.nix +++ b/modules/security.nix @@ -55,7 +55,9 @@ "192.168.0.0/16" "172.16.0.0/12" "10.0.0.0/8" - "5.161.181.184" + "5.161.181.184/32" + "100.71.49.65/10" + "100.82.146.40/10" ]; jails.DEFAULT = { settings = { From 96ac8d076e4cf560943c28afb41116b0e634867c Mon Sep 17 00:00:00 2001 From: notohh Date: Fri, 20 Oct 2023 18:32:24 -0400 Subject: [PATCH 03/36] deploy: switch sshUser to root, and enable magicRollback on all systems --- hosts/deploy.nix | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/hosts/deploy.nix b/hosts/deploy.nix index 4a7a35b..abfbdde 100644 --- a/hosts/deploy.nix +++ b/hosts/deploy.nix @@ -6,9 +6,9 @@ inputs: { user = "root"; path = activate.nixos inputs.self.nixosConfigurations.sakura; }; - sshUser = "notoh"; + sshUser = "root"; sshOpts = ["-t" "-i" "~/.ssh/sakura"]; - magicRollback = false; + magicRollback = true; }; kariru = { hostname = "kariru"; @@ -16,9 +16,9 @@ inputs: { user = "root"; path = activate.nixos inputs.self.nixosConfigurations.kariru; }; - sshUser = "notoh"; + sshUser = "root"; sshOpts = ["-t" "-i" "~/.ssh/kariru"]; - magicRollback = false; + magicRollback = true; }; yuki = { hostname = "yuki"; @@ -26,9 +26,9 @@ inputs: { user = "root"; path = activate.nixos inputs.self.nixosConfigurations.yuki; }; - sshUser = "notoh"; + sshUser = "root"; sshOpts = ["-t" "-i" "~/.ssh/yuki"]; - magicRollback = false; + magicRollback = true; }; arashi = { hostname = "arashi"; @@ -36,9 +36,9 @@ inputs: { user = "root"; path = activate.nixos inputs.self.nixosConfigurations.arashi; }; - sshUser = "notoh"; + sshUser = "root"; sshOpts = ["-t" "-i" "~/.ssh/arashi"]; - magicRollback = false; + magicRollback = true; }; sora = { hostname = "sora"; @@ -46,9 +46,19 @@ inputs: { user = "root"; path = activate.nixos inputs.self.nixosConfigurations.sora; }; - sshUser = "notoh"; + sshUser = "root"; sshOpts = ["-t" "-i" "~/.ssh/kumo"]; - magicRollback = false; + magicRollback = true; + }; + tsuru = { + hostname = "tsuru"; + profiles.system = { + user = "root"; + path = activate.nixos inputs.self.nixosConfigurations.tsuru; + }; + sshUser = "root"; + sshOpts = ["-t" "-i" "~/.ssh/tsuru"]; + magicRollback = true; }; }; } From 37a4469a513e2c69ddab3027a32c710c1666db36 Mon Sep 17 00:00:00 2001 From: notohh Date: Fri, 20 Oct 2023 18:49:54 -0400 Subject: [PATCH 04/36] workflows: add top level names --- .forgejo/workflows/check.yml | 2 ++ .forgejo/workflows/fmt.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/.forgejo/workflows/check.yml b/.forgejo/workflows/check.yml index 646fb33..8202017 100644 --- a/.forgejo/workflows/check.yml +++ b/.forgejo/workflows/check.yml @@ -1,3 +1,5 @@ +name: flake check + on: [push] jobs: check: diff --git a/.forgejo/workflows/fmt.yml b/.forgejo/workflows/fmt.yml index c854864..e202ec9 100644 --- a/.forgejo/workflows/fmt.yml +++ b/.forgejo/workflows/fmt.yml @@ -1,3 +1,5 @@ +name: fmt check + on: [push] jobs: check: From 6049d09d6a374ce0c33fd6d28ecce8c78e3b6a2c Mon Sep 17 00:00:00 2001 From: notohh Date: Fri, 20 Oct 2023 19:30:57 -0400 Subject: [PATCH 05/36] ci: add testing deployment workflow --- .forgejo/workflows/deployment/deploy.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 .forgejo/workflows/deployment/deploy.yml diff --git a/.forgejo/workflows/deployment/deploy.yml b/.forgejo/workflows/deployment/deploy.yml new file mode 100644 index 0000000..4770825 --- /dev/null +++ b/.forgejo/workflows/deployment/deploy.yml @@ -0,0 +1,15 @@ +name: deploy systems + +on: [push] +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: install nix action + uses: https://github.com/DeterminateSystems/nix-installer-action@v5 + with: + github-token: ${{ secrets.GH_TOKEN }} + - name: deploy + use: | + ssh -i ${secrets.TSURU_SSH_KEY} root@100.82.146.40 'uname -a' \ No newline at end of file From 678e98328c7c16afe6ec55d2b5367d8ecb9777c0 Mon Sep 17 00:00:00 2001 From: notohh Date: Fri, 20 Oct 2023 19:34:41 -0400 Subject: [PATCH 06/36] ci: rename deploy.yml --- .../workflows/deployment/{deploy.yml => deploy-systems.yml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename .forgejo/workflows/deployment/{deploy.yml => deploy-systems.yml} (98%) diff --git a/.forgejo/workflows/deployment/deploy.yml b/.forgejo/workflows/deployment/deploy-systems.yml similarity index 98% rename from .forgejo/workflows/deployment/deploy.yml rename to .forgejo/workflows/deployment/deploy-systems.yml index 4770825..6af8ee8 100644 --- a/.forgejo/workflows/deployment/deploy.yml +++ b/.forgejo/workflows/deployment/deploy-systems.yml @@ -12,4 +12,4 @@ jobs: github-token: ${{ secrets.GH_TOKEN }} - name: deploy use: | - ssh -i ${secrets.TSURU_SSH_KEY} root@100.82.146.40 'uname -a' \ No newline at end of file + ssh -i ${secrets.TSURU_SSH_KEY} root@100.82.146.40 'uname -a' From 1c2a88276d9eb881252e646898481f4192493234 Mon Sep 17 00:00:00 2001 From: notohh Date: Fri, 20 Oct 2023 19:36:27 -0400 Subject: [PATCH 07/36] ci: fix deploy typo --- .forgejo/workflows/deployment/deploy-systems.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.forgejo/workflows/deployment/deploy-systems.yml b/.forgejo/workflows/deployment/deploy-systems.yml index 6af8ee8..2a31f98 100644 --- a/.forgejo/workflows/deployment/deploy-systems.yml +++ b/.forgejo/workflows/deployment/deploy-systems.yml @@ -11,5 +11,4 @@ jobs: with: github-token: ${{ secrets.GH_TOKEN }} - name: deploy - use: | - ssh -i ${secrets.TSURU_SSH_KEY} root@100.82.146.40 'uname -a' + run: ssh -i ${secrets.TSURU_SSH_KEY} root@100.82.146.40 'uname -a' From 5f64eca21f1619c929b09d4048af7eab2775f37a Mon Sep 17 00:00:00 2001 From: notohh Date: Fri, 20 Oct 2023 19:38:30 -0400 Subject: [PATCH 08/36] ci: add double brackets --- .forgejo/workflows/deployment/deploy-systems.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/deployment/deploy-systems.yml b/.forgejo/workflows/deployment/deploy-systems.yml index 2a31f98..ef75cbf 100644 --- a/.forgejo/workflows/deployment/deploy-systems.yml +++ b/.forgejo/workflows/deployment/deploy-systems.yml @@ -11,4 +11,4 @@ jobs: with: github-token: ${{ secrets.GH_TOKEN }} - name: deploy - run: ssh -i ${secrets.TSURU_SSH_KEY} root@100.82.146.40 'uname -a' + run: ssh -i ${{secrets.TSURU_SSH_KEY}} root@100.82.146.40 'uname -a' From 1a90d94d095c5b957eaf42a757fa2c3243ddb118 Mon Sep 17 00:00:00 2001 From: notohh Date: Fri, 20 Oct 2023 20:26:47 -0400 Subject: [PATCH 09/36] hosts: update keys --- hosts/arashi/default.nix | 5 ++++- hosts/kariru/default.nix | 5 ++++- hosts/sakura/default.nix | 5 ++++- hosts/sora/default.nix | 5 ++++- hosts/tsuru/default.nix | 5 ++++- hosts/yuki/default.nix | 5 ++++- 6 files changed, 24 insertions(+), 6 deletions(-) diff --git a/hosts/arashi/default.nix b/hosts/arashi/default.nix index 7bad61f..dbbabd7 100644 --- a/hosts/arashi/default.nix +++ b/hosts/arashi/default.nix @@ -28,6 +28,9 @@ }; users.users.notoh.openssh.authorizedKeys.keys = [ - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKWRbIwwHuyEOLhA9dKTf4TgFqtPR5MNcJorKm731S7G arashi'' + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKWRbIwwHuyEOLhA9dKTf4TgFqtPR5MNcJorKm731S7G arashi" + ]; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGPcRO9BzKIhAxiyVnRIcByaMTrxeeeJqB8iXcmhrI4 forgejo" ]; } diff --git a/hosts/kariru/default.nix b/hosts/kariru/default.nix index 2ed3b0c..6901a28 100644 --- a/hosts/kariru/default.nix +++ b/hosts/kariru/default.nix @@ -24,6 +24,9 @@ }; users.users.notoh.openssh.authorizedKeys.keys = [ - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPmWafzbhah18nm2z1epc6139XVlcKT0ndAI0wbLj+/6 kariru'' + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPmWafzbhah18nm2z1epc6139XVlcKT0ndAI0wbLj+/6 kariru" + ]; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGPcRO9BzKIhAxiyVnRIcByaMTrxeeeJqB8iXcmhrI4 forgejo" ]; } diff --git a/hosts/sakura/default.nix b/hosts/sakura/default.nix index 7c218a0..9bad1ce 100644 --- a/hosts/sakura/default.nix +++ b/hosts/sakura/default.nix @@ -26,6 +26,9 @@ }; users.users.notoh.openssh.authorizedKeys.keys = [ - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICqAjaV2D2J8ln4n39ZvszCF5Jql+0IaSpFCJlzDSLv6 sakura'' + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICqAjaV2D2J8ln4n39ZvszCF5Jql+0IaSpFCJlzDSLv6 sakura" + ]; + users.users.root.openssh.authorizedKeys.keys = [ + " ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGPcRO9BzKIhAxiyVnRIcByaMTrxeeeJqB8iXcmhrI4 forgejo" ]; } diff --git a/hosts/sora/default.nix b/hosts/sora/default.nix index 00f4165..27569b6 100644 --- a/hosts/sora/default.nix +++ b/hosts/sora/default.nix @@ -10,6 +10,9 @@ _: { zramSwap.enable = true; networking.hostName = "sora"; users.users.notoh.openssh.authorizedKeys.keys = [ - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmI3hRDFjxLjrM3pE471e4jxSlcqeizh3iNVVdaMHeN sora'' + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmI3hRDFjxLjrM3pE471e4jxSlcqeizh3iNVVdaMHeN sora" + ]; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGPcRO9BzKIhAxiyVnRIcByaMTrxeeeJqB8iXcmhrI4 forgejo" ]; } diff --git a/hosts/tsuru/default.nix b/hosts/tsuru/default.nix index 69468b3..033e6fa 100644 --- a/hosts/tsuru/default.nix +++ b/hosts/tsuru/default.nix @@ -24,6 +24,9 @@ }; users.users.notoh.openssh.authorizedKeys.keys = [ - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKwby2FLCKFZZlOLDRhsm9GckyYAuyk0mq28jRD02tdv tsuru'' + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKwby2FLCKFZZlOLDRhsm9GckyYAuyk0mq28jRD02tdv tsuru" + ]; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGPcRO9BzKIhAxiyVnRIcByaMTrxeeeJqB8iXcmhrI4 forgejo" ]; } diff --git a/hosts/yuki/default.nix b/hosts/yuki/default.nix index fca7feb..8edc031 100644 --- a/hosts/yuki/default.nix +++ b/hosts/yuki/default.nix @@ -24,6 +24,9 @@ }; users.users.notoh.openssh.authorizedKeys.keys = [ - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINoLDqOjZIQQ+YYir9MQnlh8wgqI1dz5nYL054OnIgDa yuki'' + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINoLDqOjZIQQ+YYir9MQnlh8wgqI1dz5nYL054OnIgDa yuki" + ]; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGPcRO9BzKIhAxiyVnRIcByaMTrxeeeJqB8iXcmhrI4 forgejo" ]; } From 6ec9d1f241ecf659a3c3da594cd60c5e053768fb Mon Sep 17 00:00:00 2001 From: notohh Date: Fri, 20 Oct 2023 20:27:01 -0400 Subject: [PATCH 10/36] deploy: update nodes --- hosts/deploy.nix | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/hosts/deploy.nix b/hosts/deploy.nix index abfbdde..7e786c3 100644 --- a/hosts/deploy.nix +++ b/hosts/deploy.nix @@ -1,63 +1,63 @@ inputs: { nodes = with inputs.deploy-rs.lib.x86_64-linux; { sakura = { - hostname = "sakura"; + hostname = "100.121.201.47"; profiles.system = { user = "root"; path = activate.nixos inputs.self.nixosConfigurations.sakura; }; sshUser = "root"; - sshOpts = ["-t" "-i" "~/.ssh/sakura"]; + sshOpts = ["-t" "-i" "~/.ssh/forgejo"]; magicRollback = true; }; kariru = { - hostname = "kariru"; + hostname = "100.126.229.95"; profiles.system = { user = "root"; path = activate.nixos inputs.self.nixosConfigurations.kariru; }; sshUser = "root"; - sshOpts = ["-t" "-i" "~/.ssh/kariru"]; + sshOpts = ["-t" "-i" ''~/.ssh/forgejo'']; magicRollback = true; }; yuki = { - hostname = "yuki"; + hostname = "100.110.140.130"; profiles.system = { user = "root"; path = activate.nixos inputs.self.nixosConfigurations.yuki; }; sshUser = "root"; - sshOpts = ["-t" "-i" "~/.ssh/yuki"]; + sshOpts = ["-t" "-i" "~/.ssh/forgejo"]; magicRollback = true; }; arashi = { - hostname = "arashi"; + hostname = "100.94.214.100"; profiles.system = { user = "root"; path = activate.nixos inputs.self.nixosConfigurations.arashi; }; sshUser = "root"; - sshOpts = ["-t" "-i" "~/.ssh/arashi"]; + sshOpts = ["-t" "-i" "~/.ssh/forgejo"]; magicRollback = true; }; sora = { - hostname = "sora"; + hostname = "100.87.54.48"; profiles.system = { user = "root"; path = activate.nixos inputs.self.nixosConfigurations.sora; }; sshUser = "root"; - sshOpts = ["-t" "-i" "~/.ssh/kumo"]; + sshOpts = ["-t" "-i" "~/.ssh/forgejo"]; magicRollback = true; }; tsuru = { - hostname = "tsuru"; + hostname = "100.82.146.40"; profiles.system = { user = "root"; path = activate.nixos inputs.self.nixosConfigurations.tsuru; }; sshUser = "root"; - sshOpts = ["-t" "-i" "~/.ssh/tsuru"]; + sshOpts = ["-t" "-i" "~/.ssh/forgejo"]; magicRollback = true; }; }; From aef0f1e9c60fe62185cb6cb9fffba4750fefa150 Mon Sep 17 00:00:00 2001 From: notohh Date: Fri, 20 Oct 2023 20:27:14 -0400 Subject: [PATCH 11/36] ci: update deployment.yml --- .forgejo/workflows/deployment/deploy-systems.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.forgejo/workflows/deployment/deploy-systems.yml b/.forgejo/workflows/deployment/deploy-systems.yml index ef75cbf..3dac994 100644 --- a/.forgejo/workflows/deployment/deploy-systems.yml +++ b/.forgejo/workflows/deployment/deploy-systems.yml @@ -11,4 +11,9 @@ jobs: with: github-token: ${{ secrets.GH_TOKEN }} - name: deploy - run: ssh -i ${{secrets.TSURU_SSH_KEY}} root@100.82.146.40 'uname -a' + uses: https://github.com/appleboy/ssh-action@v1.0.0 + with: + host: "100.121.201.47" + key_path: ${{secrets.DEPLOY_SSH}} + script: | + uname -a From 83e7aa902600a39b89949bb4002b7030d8f4b565 Mon Sep 17 00:00:00 2001 From: notohh Date: Fri, 20 Oct 2023 20:28:38 -0400 Subject: [PATCH 12/36] deployment: remove keypath --- .forgejo/workflows/deployment/deploy-systems.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.forgejo/workflows/deployment/deploy-systems.yml b/.forgejo/workflows/deployment/deploy-systems.yml index 3dac994..5813243 100644 --- a/.forgejo/workflows/deployment/deploy-systems.yml +++ b/.forgejo/workflows/deployment/deploy-systems.yml @@ -14,6 +14,5 @@ jobs: uses: https://github.com/appleboy/ssh-action@v1.0.0 with: host: "100.121.201.47" - key_path: ${{secrets.DEPLOY_SSH}} script: | uname -a From 7624d672cd97b76974bb0b4b3b075ac96153724b Mon Sep 17 00:00:00 2001 From: notohh Date: Fri, 20 Oct 2023 20:35:12 -0400 Subject: [PATCH 13/36] deploy: use key instead of key_path --- .forgejo/workflows/deployment/deploy-systems.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.forgejo/workflows/deployment/deploy-systems.yml b/.forgejo/workflows/deployment/deploy-systems.yml index 5813243..d7aeb6b 100644 --- a/.forgejo/workflows/deployment/deploy-systems.yml +++ b/.forgejo/workflows/deployment/deploy-systems.yml @@ -14,5 +14,6 @@ jobs: uses: https://github.com/appleboy/ssh-action@v1.0.0 with: host: "100.121.201.47" + key: ${{secrets.DEPLOY_SSH}} script: | uname -a From 649883b5dfb9f1126a59c11bc9b0a939395d49ef Mon Sep 17 00:00:00 2001 From: notohh Date: Fri, 20 Oct 2023 20:37:23 -0400 Subject: [PATCH 14/36] deploy: specify username --- .forgejo/workflows/deployment/deploy-systems.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.forgejo/workflows/deployment/deploy-systems.yml b/.forgejo/workflows/deployment/deploy-systems.yml index d7aeb6b..315405f 100644 --- a/.forgejo/workflows/deployment/deploy-systems.yml +++ b/.forgejo/workflows/deployment/deploy-systems.yml @@ -14,6 +14,7 @@ jobs: uses: https://github.com/appleboy/ssh-action@v1.0.0 with: host: "100.121.201.47" + username: root key: ${{secrets.DEPLOY_SSH}} script: | uname -a From 7337bd2a40484ae0fd06078d63d3b211742ecc0b Mon Sep 17 00:00:00 2001 From: notohh Date: Fri, 20 Oct 2023 20:53:40 -0400 Subject: [PATCH 15/36] hosts: rotate public keys --- hosts/arashi/default.nix | 2 +- hosts/kariru/default.nix | 2 +- hosts/sakura/default.nix | 2 +- hosts/sora/default.nix | 2 +- hosts/tsuru/default.nix | 2 +- hosts/yuki/default.nix | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/hosts/arashi/default.nix b/hosts/arashi/default.nix index dbbabd7..079c367 100644 --- a/hosts/arashi/default.nix +++ b/hosts/arashi/default.nix @@ -31,6 +31,6 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKWRbIwwHuyEOLhA9dKTf4TgFqtPR5MNcJorKm731S7G arashi" ]; users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGPcRO9BzKIhAxiyVnRIcByaMTrxeeeJqB8iXcmhrI4 forgejo" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo" ]; } diff --git a/hosts/kariru/default.nix b/hosts/kariru/default.nix index 6901a28..a78f0ea 100644 --- a/hosts/kariru/default.nix +++ b/hosts/kariru/default.nix @@ -27,6 +27,6 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPmWafzbhah18nm2z1epc6139XVlcKT0ndAI0wbLj+/6 kariru" ]; users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGPcRO9BzKIhAxiyVnRIcByaMTrxeeeJqB8iXcmhrI4 forgejo" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo" ]; } diff --git a/hosts/sakura/default.nix b/hosts/sakura/default.nix index 9bad1ce..bc4c32c 100644 --- a/hosts/sakura/default.nix +++ b/hosts/sakura/default.nix @@ -29,6 +29,6 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICqAjaV2D2J8ln4n39ZvszCF5Jql+0IaSpFCJlzDSLv6 sakura" ]; users.users.root.openssh.authorizedKeys.keys = [ - " ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGPcRO9BzKIhAxiyVnRIcByaMTrxeeeJqB8iXcmhrI4 forgejo" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo" ]; } diff --git a/hosts/sora/default.nix b/hosts/sora/default.nix index 27569b6..06ffeef 100644 --- a/hosts/sora/default.nix +++ b/hosts/sora/default.nix @@ -13,6 +13,6 @@ _: { "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmI3hRDFjxLjrM3pE471e4jxSlcqeizh3iNVVdaMHeN sora" ]; users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGPcRO9BzKIhAxiyVnRIcByaMTrxeeeJqB8iXcmhrI4 forgejo" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo" ]; } diff --git a/hosts/tsuru/default.nix b/hosts/tsuru/default.nix index 033e6fa..8f257ed 100644 --- a/hosts/tsuru/default.nix +++ b/hosts/tsuru/default.nix @@ -27,6 +27,6 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKwby2FLCKFZZlOLDRhsm9GckyYAuyk0mq28jRD02tdv tsuru" ]; users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGPcRO9BzKIhAxiyVnRIcByaMTrxeeeJqB8iXcmhrI4 forgejo" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo" ]; } diff --git a/hosts/yuki/default.nix b/hosts/yuki/default.nix index 8edc031..28da01a 100644 --- a/hosts/yuki/default.nix +++ b/hosts/yuki/default.nix @@ -27,6 +27,6 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINoLDqOjZIQQ+YYir9MQnlh8wgqI1dz5nYL054OnIgDa yuki" ]; users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGPcRO9BzKIhAxiyVnRIcByaMTrxeeeJqB8iXcmhrI4 forgejo" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo" ]; } From 5fa9dcab2dd9b7e4ad9ed2b59586f83b02c8f95f Mon Sep 17 00:00:00 2001 From: notohh Date: Fri, 20 Oct 2023 20:53:51 -0400 Subject: [PATCH 16/36] deployment: rename secret --- .forgejo/workflows/deployment/deploy-systems.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/deployment/deploy-systems.yml b/.forgejo/workflows/deployment/deploy-systems.yml index 315405f..1cecfb0 100644 --- a/.forgejo/workflows/deployment/deploy-systems.yml +++ b/.forgejo/workflows/deployment/deploy-systems.yml @@ -15,6 +15,6 @@ jobs: with: host: "100.121.201.47" username: root - key: ${{secrets.DEPLOY_SSH}} + key: ${{secrets.SSH_DEPLOY_KEY}} script: | uname -a From 6cd17ea1ecd202b658b2bd1a7a1d3fbb7e669b96 Mon Sep 17 00:00:00 2001 From: notohh Date: Sat, 21 Oct 2023 00:04:27 -0400 Subject: [PATCH 17/36] deploy: deploy-rs implementation first pass --- .forgejo/workflows/deployment/deploy-systems.yml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/.forgejo/workflows/deployment/deploy-systems.yml b/.forgejo/workflows/deployment/deploy-systems.yml index 1cecfb0..e0ad4b0 100644 --- a/.forgejo/workflows/deployment/deploy-systems.yml +++ b/.forgejo/workflows/deployment/deploy-systems.yml @@ -11,10 +11,7 @@ jobs: with: github-token: ${{ secrets.GH_TOKEN }} - name: deploy - uses: https://github.com/appleboy/ssh-action@v1.0.0 - with: - host: "100.121.201.47" - username: root - key: ${{secrets.SSH_DEPLOY_KEY}} - script: | - uname -a + run: | + mkdir .ssh + cat {{secrets.TEST_SSH_DEPLOY_KEY}} >> forgejo && cd .ssh + nix run github:serokell/deploy-rs -- --ssh-opts="-i ./forgejo" --targets .#sakura .#yuki .#arashi .#kariru .#sora From 6c30cd85a7edada97a55d23abe5564fcdd718fb0 Mon Sep 17 00:00:00 2001 From: notohh Date: Sat, 21 Oct 2023 00:05:55 -0400 Subject: [PATCH 18/36] deploy: add missing $ --- .forgejo/workflows/deployment/deploy-systems.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/deployment/deploy-systems.yml b/.forgejo/workflows/deployment/deploy-systems.yml index e0ad4b0..0d3c728 100644 --- a/.forgejo/workflows/deployment/deploy-systems.yml +++ b/.forgejo/workflows/deployment/deploy-systems.yml @@ -13,5 +13,5 @@ jobs: - name: deploy run: | mkdir .ssh - cat {{secrets.TEST_SSH_DEPLOY_KEY}} >> forgejo && cd .ssh + cat ${{secrets.TEST_SSH_DEPLOY_KEY}} >> forgejo && cd .ssh nix run github:serokell/deploy-rs -- --ssh-opts="-i ./forgejo" --targets .#sakura .#yuki .#arashi .#kariru .#sora From fa3e9e705867836ac2ef5c33b11a33c32d2194f6 Mon Sep 17 00:00:00 2001 From: notohh Date: Sat, 21 Oct 2023 00:25:34 -0400 Subject: [PATCH 19/36] deploy: try calling the secret --- .forgejo/workflows/deployment/deploy-systems.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.forgejo/workflows/deployment/deploy-systems.yml b/.forgejo/workflows/deployment/deploy-systems.yml index 0d3c728..ce4aede 100644 --- a/.forgejo/workflows/deployment/deploy-systems.yml +++ b/.forgejo/workflows/deployment/deploy-systems.yml @@ -12,6 +12,4 @@ jobs: github-token: ${{ secrets.GH_TOKEN }} - name: deploy run: | - mkdir .ssh - cat ${{secrets.TEST_SSH_DEPLOY_KEY}} >> forgejo && cd .ssh - nix run github:serokell/deploy-rs -- --ssh-opts="-i ./forgejo" --targets .#sakura .#yuki .#arashi .#kariru .#sora + nix run github:serokell/deploy-rs -- --ssh-opts="-i ${{secrets.TEST_SSH_DEPLOY_KEY}}" --targets .#sakura .#yuki .#arashi .#kariru .#sora From 71e74662d917d4d09c6abb6b080ac202cb635e3e Mon Sep 17 00:00:00 2001 From: notohh Date: Sat, 21 Oct 2023 00:58:54 -0400 Subject: [PATCH 20/36] deploy: rewrite --- .forgejo/workflows/deployment/deploy-systems.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.forgejo/workflows/deployment/deploy-systems.yml b/.forgejo/workflows/deployment/deploy-systems.yml index ce4aede..165a500 100644 --- a/.forgejo/workflows/deployment/deploy-systems.yml +++ b/.forgejo/workflows/deployment/deploy-systems.yml @@ -10,6 +10,13 @@ jobs: uses: https://github.com/DeterminateSystems/nix-installer-action@v5 with: github-token: ${{ secrets.GH_TOKEN }} + - name: write private key + run: | + mkdir -p .ssh && cd .ssh + echo "$SSH_KEY" > forgejo + shell: bash + env: + SSH_KEY: ${{secrets.TEST_SSH_DEPLOY_KEY}} - name: deploy run: | - nix run github:serokell/deploy-rs -- --ssh-opts="-i ${{secrets.TEST_SSH_DEPLOY_KEY}}" --targets .#sakura .#yuki .#arashi .#kariru .#sora + nix run github:serokell/deploy-rs -- --ssh-opts="-i forgejo" --skip-checks --targets .#sakura From db2ca7eeeb6888ef17a7d4bff709a59e3fc80a61 Mon Sep 17 00:00:00 2001 From: notohh Date: Sat, 21 Oct 2023 01:10:11 -0400 Subject: [PATCH 21/36] deploy: test deployment --- .forgejo/workflows/deployment/deploy-systems.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.forgejo/workflows/deployment/deploy-systems.yml b/.forgejo/workflows/deployment/deploy-systems.yml index 165a500..3143f70 100644 --- a/.forgejo/workflows/deployment/deploy-systems.yml +++ b/.forgejo/workflows/deployment/deploy-systems.yml @@ -19,4 +19,5 @@ jobs: SSH_KEY: ${{secrets.TEST_SSH_DEPLOY_KEY}} - name: deploy run: | - nix run github:serokell/deploy-rs -- --ssh-opts="-i forgejo" --skip-checks --targets .#sakura + cd .ssh + cat forgejo From b3c0ba463326b47cf84b414ec47b1ec326014c7e Mon Sep 17 00:00:00 2001 From: notohh Date: Sat, 21 Oct 2023 01:11:22 -0400 Subject: [PATCH 22/36] deploy: rollback test --- .forgejo/workflows/nix-flake-update.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 .forgejo/workflows/nix-flake-update.yml diff --git a/.forgejo/workflows/nix-flake-update.yml b/.forgejo/workflows/nix-flake-update.yml new file mode 100644 index 0000000..20dd112 --- /dev/null +++ b/.forgejo/workflows/nix-flake-update.yml @@ -0,0 +1,24 @@ +name: nix flake update + +on: + schedule: + - cron: "0 4 1 * *" +jobs: + update: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: install nix action + uses: https://github.com/DeterminateSystems/nix-installer-action@v5 + with: + github-token: ${{ secrets.GH_TOKEN }} + - name: create branch + run: | + git branch update-flake-lock + git checkout update-flake-lock + - name: update flake.lock + run: nix flake update + - name: commit changes + run: git + + From ea5da5a9064c79d926acda943eebe5ad87662138 Mon Sep 17 00:00:00 2001 From: notohh Date: Sat, 21 Oct 2023 01:13:25 -0400 Subject: [PATCH 23/36] deploy: rollback test --- .forgejo/workflows/deployment/deploy-systems.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/deployment/deploy-systems.yml b/.forgejo/workflows/deployment/deploy-systems.yml index 3143f70..e08528c 100644 --- a/.forgejo/workflows/deployment/deploy-systems.yml +++ b/.forgejo/workflows/deployment/deploy-systems.yml @@ -20,4 +20,4 @@ jobs: - name: deploy run: | cd .ssh - cat forgejo + nix run github:serokell/deploy-rs -- --ssh-opts="-i forgejo" --skip-checks --targets .#sakura From 365eb1b59c831593932338154847168344f9d3cd Mon Sep 17 00:00:00 2001 From: notohh Date: Sat, 21 Oct 2023 01:23:14 -0400 Subject: [PATCH 24/36] deploy: switch to real ssh key --- .forgejo/workflows/deployment/deploy-systems.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/deployment/deploy-systems.yml b/.forgejo/workflows/deployment/deploy-systems.yml index e08528c..6d7c6a2 100644 --- a/.forgejo/workflows/deployment/deploy-systems.yml +++ b/.forgejo/workflows/deployment/deploy-systems.yml @@ -16,7 +16,7 @@ jobs: echo "$SSH_KEY" > forgejo shell: bash env: - SSH_KEY: ${{secrets.TEST_SSH_DEPLOY_KEY}} + SSH_KEY: ${{secrets.SSH_DEPLOY_KEY}} - name: deploy run: | cd .ssh From 83a17b59e1601dee25f5078801d28c974c68f167 Mon Sep 17 00:00:00 2001 From: notohh Date: Sat, 21 Oct 2023 01:23:48 -0400 Subject: [PATCH 25/36] chore: didnt mean to commit this yet --- .forgejo/workflows/nix-flake-update.yml | 24 ------------------------ 1 file changed, 24 deletions(-) delete mode 100644 .forgejo/workflows/nix-flake-update.yml diff --git a/.forgejo/workflows/nix-flake-update.yml b/.forgejo/workflows/nix-flake-update.yml deleted file mode 100644 index 20dd112..0000000 --- a/.forgejo/workflows/nix-flake-update.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: nix flake update - -on: - schedule: - - cron: "0 4 1 * *" -jobs: - update: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: install nix action - uses: https://github.com/DeterminateSystems/nix-installer-action@v5 - with: - github-token: ${{ secrets.GH_TOKEN }} - - name: create branch - run: | - git branch update-flake-lock - git checkout update-flake-lock - - name: update flake.lock - run: nix flake update - - name: commit changes - run: git - - From b4ffe56ccf0026c62a4788728daf0083a08e5a0c Mon Sep 17 00:00:00 2001 From: notohh Date: Sat, 21 Oct 2023 01:46:18 -0400 Subject: [PATCH 26/36] deploy: add known_hosts --- .forgejo/workflows/deployment/deploy-systems.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.forgejo/workflows/deployment/deploy-systems.yml b/.forgejo/workflows/deployment/deploy-systems.yml index 6d7c6a2..aa437fd 100644 --- a/.forgejo/workflows/deployment/deploy-systems.yml +++ b/.forgejo/workflows/deployment/deploy-systems.yml @@ -14,9 +14,11 @@ jobs: run: | mkdir -p .ssh && cd .ssh echo "$SSH_KEY" > forgejo + echo "$SSH_KNOWN_HOSTS" > known_hosts shell: bash env: SSH_KEY: ${{secrets.SSH_DEPLOY_KEY}} + SSH_KNOWN_HOSTS: ${{secrets.SSH_KNOWN_HOSTS}} - name: deploy run: | cd .ssh From ab31386bfa42fba99b6e0fb755700d9320281d06 Mon Sep 17 00:00:00 2001 From: notohh Date: Sat, 21 Oct 2023 01:56:03 -0400 Subject: [PATCH 27/36] deploy: switch sakura to lan --- hosts/deploy.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/deploy.nix b/hosts/deploy.nix index 7e786c3..5d9c861 100644 --- a/hosts/deploy.nix +++ b/hosts/deploy.nix @@ -1,7 +1,7 @@ inputs: { nodes = with inputs.deploy-rs.lib.x86_64-linux; { sakura = { - hostname = "100.121.201.47"; + hostname = "192.168.1.25"; profiles.system = { user = "root"; path = activate.nixos inputs.self.nixosConfigurations.sakura; From dbe1f963763e4dd4c21865b818b1be0ccf24a3c6 Mon Sep 17 00:00:00 2001 From: notohh Date: Sat, 21 Oct 2023 02:07:24 -0400 Subject: [PATCH 28/36] deploy: add extra ssh opts --- .forgejo/workflows/deployment/deploy-systems.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/deployment/deploy-systems.yml b/.forgejo/workflows/deployment/deploy-systems.yml index aa437fd..fae2d25 100644 --- a/.forgejo/workflows/deployment/deploy-systems.yml +++ b/.forgejo/workflows/deployment/deploy-systems.yml @@ -22,4 +22,4 @@ jobs: - name: deploy run: | cd .ssh - nix run github:serokell/deploy-rs -- --ssh-opts="-i forgejo" --skip-checks --targets .#sakura + nix run github:serokell/deploy-rs -- --ssh-opts="-i forgejo -o StrictHostKeyChecking=no UserKnownHostsFile=/dev/null" --skip-checks --targets .#sakura From 6ad184b3b3c839150519cca0a19ccdf83d28e376 Mon Sep 17 00:00:00 2001 From: notohh Date: Sat, 21 Oct 2023 02:20:28 -0400 Subject: [PATCH 29/36] deploy: change forgejo perms --- .forgejo/workflows/deployment/deploy-systems.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.forgejo/workflows/deployment/deploy-systems.yml b/.forgejo/workflows/deployment/deploy-systems.yml index fae2d25..47023f5 100644 --- a/.forgejo/workflows/deployment/deploy-systems.yml +++ b/.forgejo/workflows/deployment/deploy-systems.yml @@ -15,6 +15,7 @@ jobs: mkdir -p .ssh && cd .ssh echo "$SSH_KEY" > forgejo echo "$SSH_KNOWN_HOSTS" > known_hosts + chmod 400 forgejo shell: bash env: SSH_KEY: ${{secrets.SSH_DEPLOY_KEY}} From ccb33cb1f85e7b0edb92ef5cb4a4ab20439ad3b9 Mon Sep 17 00:00:00 2001 From: notohh Date: Sat, 21 Oct 2023 02:31:20 -0400 Subject: [PATCH 30/36] deploy: use bash over nushell --- .forgejo/workflows/deployment/deploy-systems.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.forgejo/workflows/deployment/deploy-systems.yml b/.forgejo/workflows/deployment/deploy-systems.yml index 47023f5..b4495a6 100644 --- a/.forgejo/workflows/deployment/deploy-systems.yml +++ b/.forgejo/workflows/deployment/deploy-systems.yml @@ -24,3 +24,4 @@ jobs: run: | cd .ssh nix run github:serokell/deploy-rs -- --ssh-opts="-i forgejo -o StrictHostKeyChecking=no UserKnownHostsFile=/dev/null" --skip-checks --targets .#sakura + shell: bash From cdfbf13fcd1a3dec3651f46c4983eda50ec19783 Mon Sep 17 00:00:00 2001 From: notohh Date: Sat, 21 Oct 2023 02:41:33 -0400 Subject: [PATCH 31/36] try this --- .forgejo/workflows/deployment/deploy-systems.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.forgejo/workflows/deployment/deploy-systems.yml b/.forgejo/workflows/deployment/deploy-systems.yml index b4495a6..68a912e 100644 --- a/.forgejo/workflows/deployment/deploy-systems.yml +++ b/.forgejo/workflows/deployment/deploy-systems.yml @@ -14,14 +14,12 @@ jobs: run: | mkdir -p .ssh && cd .ssh echo "$SSH_KEY" > forgejo - echo "$SSH_KNOWN_HOSTS" > known_hosts chmod 400 forgejo shell: bash env: SSH_KEY: ${{secrets.SSH_DEPLOY_KEY}} - SSH_KNOWN_HOSTS: ${{secrets.SSH_KNOWN_HOSTS}} - name: deploy run: | + bash cd .ssh nix run github:serokell/deploy-rs -- --ssh-opts="-i forgejo -o StrictHostKeyChecking=no UserKnownHostsFile=/dev/null" --skip-checks --targets .#sakura - shell: bash From 503388ff9fc38f8dc2e466b45b3f00749910bbc2 Mon Sep 17 00:00:00 2001 From: notohh Date: Sat, 21 Oct 2023 03:10:09 -0400 Subject: [PATCH 32/36] deploy: this should fix deploys --- .forgejo/workflows/deployment/deploy-systems.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.forgejo/workflows/deployment/deploy-systems.yml b/.forgejo/workflows/deployment/deploy-systems.yml index 68a912e..af1b6d3 100644 --- a/.forgejo/workflows/deployment/deploy-systems.yml +++ b/.forgejo/workflows/deployment/deploy-systems.yml @@ -20,6 +20,5 @@ jobs: SSH_KEY: ${{secrets.SSH_DEPLOY_KEY}} - name: deploy run: | - bash cd .ssh - nix run github:serokell/deploy-rs -- --ssh-opts="-i forgejo -o StrictHostKeyChecking=no UserKnownHostsFile=/dev/null" --skip-checks --targets .#sakura + nix run github:serokell/deploy-rs -- --ssh-opts="-i forgejo -o StrictHostKeyChecking=no" --skip-checks --targets .#sakura From 84920a102b163de1b95bf7ebdeb9be346238e75f Mon Sep 17 00:00:00 2001 From: notohh Date: Sat, 21 Oct 2023 03:24:20 -0400 Subject: [PATCH 33/36] deploy: test multi host deployment --- .forgejo/workflows/deployment/deploy-systems.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/deployment/deploy-systems.yml b/.forgejo/workflows/deployment/deploy-systems.yml index af1b6d3..faea4a3 100644 --- a/.forgejo/workflows/deployment/deploy-systems.yml +++ b/.forgejo/workflows/deployment/deploy-systems.yml @@ -21,4 +21,4 @@ jobs: - name: deploy run: | cd .ssh - nix run github:serokell/deploy-rs -- --ssh-opts="-i forgejo -o StrictHostKeyChecking=no" --skip-checks --targets .#sakura + nix run github:serokell/deploy-rs -- --ssh-opts="-i forgejo -o StrictHostKeyChecking=no" --skip-checks --targets .#arashi .#kariru .#sakura .#sora .#yuki From 935d8098115d2fe953f4860f2529466eba09f7a4 Mon Sep 17 00:00:00 2001 From: notohh Date: Sat, 21 Oct 2023 03:39:31 -0400 Subject: [PATCH 34/36] deploy: switch sakura back to tailscale --- hosts/deploy.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/deploy.nix b/hosts/deploy.nix index 5d9c861..cf82c55 100644 --- a/hosts/deploy.nix +++ b/hosts/deploy.nix @@ -1,7 +1,7 @@ inputs: { nodes = with inputs.deploy-rs.lib.x86_64-linux; { sakura = { - hostname = "192.168.1.25"; + hostname = "100.121.201.47"; profiles.system = { user = "root"; path = activate.nixos inputs.self.nixosConfigurations.sakura; @@ -17,7 +17,7 @@ inputs: { path = activate.nixos inputs.self.nixosConfigurations.kariru; }; sshUser = "root"; - sshOpts = ["-t" "-i" ''~/.ssh/forgejo'']; + sshOpts = ["-t" "-i" "~/.ssh/forgejo"]; magicRollback = true; }; yuki = { From b2b87a6b4cf5c5aaf8b5c03732ec2bfb7e1383ce Mon Sep 17 00:00:00 2001 From: notohh Date: Sat, 21 Oct 2023 03:43:21 -0400 Subject: [PATCH 35/36] sakura: add package to test deployment --- hosts/sakura/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hosts/sakura/default.nix b/hosts/sakura/default.nix index bc4c32c..b72db52 100644 --- a/hosts/sakura/default.nix +++ b/hosts/sakura/default.nix @@ -1,4 +1,4 @@ -{...}: { +{pkgs, ...}: { imports = [ ./hardware-configuration.nix ./services @@ -31,4 +31,6 @@ users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo" ]; + + environment.systemPackages = [pkgs.cowsay]; } From d9ccd196d035ae4b433edf7ddfdf10c6bcf848ac Mon Sep 17 00:00:00 2001 From: notohh Date: Sat, 21 Oct 2023 04:04:17 -0400 Subject: [PATCH 36/36] deploy: run deployment when flake.lock is updated --- .forgejo/workflows/deployment/deploy-systems.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.forgejo/workflows/deployment/deploy-systems.yml b/.forgejo/workflows/deployment/deploy-systems.yml index faea4a3..396d9a0 100644 --- a/.forgejo/workflows/deployment/deploy-systems.yml +++ b/.forgejo/workflows/deployment/deploy-systems.yml @@ -1,6 +1,9 @@ name: deploy systems -on: [push] +on: + push: + paths: + - "**.lock" jobs: deploy: runs-on: ubuntu-latest