Skip to content

Commit

Permalink
infra: Automatically deploy makemake
Browse files Browse the repository at this point in the history
  • Loading branch information
@lorenzleutgeb
lorenzleutgeb committed May 24, 2024
1 parent 00c95b9 commit aa1cb13
Show file tree
Hide file tree
Showing 4 changed files with 68 additions and 1 deletion.
36 changes: 36 additions & 0 deletions .github/workflows/makemake.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
name: makemake

on:
push:
branches:
- main
- makemake

jobs:
deploy:
environment: makemake
runs-on: ubuntu-latest
env:
SSH_KEY: ${{ secrets.SSH_KEY }}
steps:
- { uses: 'actions/checkout@v4', name: 'Checkout' }
- uses: 'DeterminateSystems/nix-installer-action@main'
name: 'Install Nix'
with: { extra-conf: 'experimental-features = no-url-literals' }

- name: Prepare SSH
run: |
mkdir -p ~/.ssh
printenv SSH_KEY > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
echo "makemake.ngi.nixos.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID4ejRuAQPx6AbuS1u+Q7UUi1TIwkY2S//kjgpBxYNfU" \
> ~/.ssh/known_hosts
- name: Deploy
run: |
HOST="root@makemake.ngi.nixos.org"
nix run nixpkgs#nixos-rebuild -- switch \
--flake github:${{ github.repository }}/${{ github.sha }}#makemake \
--build-host ${HOST} \
--target-host ${HOST}
1 change: 1 addition & 0 deletions CODEOWNERS
View file
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
/infra/ @Erethon @Ericson2314 @fricklerhandwerk @Janik-Haag @lorenzleutgeb
/.github/workflows/makemake.yaml @Erethon @fricklerhandwerk @Janik-Haag @lorenzleutgeb
28 changes: 28 additions & 0 deletions infra/makemake/secrets/ssh_deploy_ed25519_key
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
{
"data": "ENC[AES256_GCM,data:ibbHFcBzDb5In9P/DdL1foLJ1g65LJhki0xhE0U4MhZQbzQZChITBd93AnNIBEHoK5UghIyRlXEYSXspmpymBDVHBhwbPNHSKHcUfccEyhauR4EAqCZapPihFjoJam8Zp00o7ZGgfHREjjT5CllyaH4DaUWoyt+HsqtoKhGF+SkrjfUuIdAX4GHeznopPW/PFPbU7rBjSLBmbGHm+u1h2CNLQpCZcUhiDVUNVzz/VOAo5Bl8CqWUrbATrVjuPuNVKLIXEt0cCNfvwKhwYURcjz/xBiWnh+Wo2QJKMUPTNvIjOuird/xdeLRP1VLV0HHvY+UIMPdpneLp+c6m9RctuJuOI9jFvxln/VviMKaA/8keTw53S5frKWfekcVIEfMaWFEWU7hOTNQLL+hTEY0y/Ts3p0/v/jzj1hXSi1ESTrQq7SJZEQS4NLMf3Jwow8EWKesxnaF16Sqycb5Un6gsa+7fVq020SJ0AE6SNfkPD9y4LpfQYlR1tbEPmhU5HOJff9O8Z/ZXWqFUCeiFwv00FhcDzYDr2Q7VttoER/kM/dQ3L6D2r4tITa+Fv4e2z7jyIUarO42dFgskzQoQYPzlfp+voduBEPgJtS6XLBLunZc=,iv:d1A47osoo7ZV1GiiCG/+k1014da/KX9M5VSNf2A3LsM=,tag:2shHbmpxG4D4p4sfBmsI0Q==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age187upwqdte7t0hkyec22jhac357m9y4fkcdvpg9sj5q9mekjupfnqg9a077",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxaS83SFlCMGZxV1NxTmRj\nQUNtMFRKTEg3Ti81YkltSVRFVVh0eTgzWlNFClVtaU01SkZwTHFpT0JGMnJmMnR4\nMytVR0VwSFBjN09qM2VEdzlUMHNWaFUKLS0tIFBQcHNwaTEvZUljWHpSWTBERUdP\nenpKWDZwQ0dWaDNZM1pzcVczSmVVVncKRaINui5wY7V2pQ6HFI7qjTKUeLASvLMJ\nviUI7FKi2DsmHGsG7VJOGNSuDw/LKxl4h/KIfdADyTIa7JFbUJPn8g==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1c0g6s6daxy79dlm9uqczwlkh0hvjpghw5h8zzljc3vs275rvvqus30hv9l",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOSWxNN3NTVVVwVjF3ZGJ0\nSkxjczc1SUxrNnRuMnhiUExSTFQ0a1JqU0c0ClhZbjFqUXRWSmx1c2txSURqWlQ4\nZHpSdllWRnpLbTZBaXBRclVyN3JMUUEKLS0tIDhyMWprek5yeVRUK3BLWGkyQ1NF\ndTgyTThtU3B0Rm8ra2Z1VGtyTHV5VkEKPVmkgp04DZ8hEFseHg6APLoZKKVxDvNM\n/r/IK4/eB6oJtASv1zWVDbx4v+4YXhbTM0TX38Fz2blb2qQGIv3Wmg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1ewus3xraznqv6xc2ptua2qjqrjyhfd8uugu08wjduushj3uhgqwsqd6vkk",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBndmpnaEpHRlBZQ1FDcTJj\nOXMzeHZQMG14eTYydHRVRDRuQi9VWXNaa0VzCmlEM3B3STMra3QrcnR3dDZ0eHQr\nd2xLaTVFcXpvcXdJQUJib2w1K0phYWsKLS0tIFlGTzQwNWZIVFdIdEd0RThTVlJY\nSCtLNk5ZMW5KV1hCUEJkUkVvNDBTaEUK0Afa+mXYtDL/ClFLrjaF8CbG4BZ4cZbD\nkoMcIjj1TVpfXflkiLdvS7W4AzIPqFYtpg4VZHCsKMLqipKeFPOLpA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-05-24T18:16:03Z",
"mac": "ENC[AES256_GCM,data:71LTSRMv//AQysQeJvVS2sBaSCiZPfSoBVLyo/ceiURWMx/3AYVqkqMS4T5e8rvl77U1ZRINTBLFnpOqXq1c/f7oSXu0Eny8zCRxEb2F74A0IdJ9ZOeeMBD1T10GOgarqWEDfJuUwXMG05rlhfJtFl8HxWWYpvXrWzeu+NZXHY8=,iv:Vo/6Kzv2Fmzg9E1uONM4DEKaeonfo62jBG1kDbrXQW0=,tag:GSmU9dbKQ/0igS2gbpxgRg==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}
4 changes: 3 additions & 1 deletion infra/ssh-keys.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@ let

erethon = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPb9z1U7Sti2lls0mlcmyPwmwD91amKwVlLZHYclSoULAAAABHNzaDo=";

deploy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF0avMIgFAj/8xzr2+3aXn7a0odDKIpwj90n5inhoQ4S";

infra = [
delroth
hexa-gaia
Expand All @@ -37,4 +39,4 @@ let
erethon
];
in
infra ++ ngi
infra ++ ngi ++ [deploy]

0 comments on commit aa1cb13

Please sign in to comment.