From 4f79f48b992dc1a3804499d44af48444755d5776 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Sat, 19 Apr 2025 18:20:49 +0300 Subject: [PATCH 1/4] TMP: Deploy from deploy-vms-branch --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0d886cc..6b0fe23 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -27,7 +27,7 @@ jobs: run: nix-fast-build --no-nom --max-jobs 6 --skip-cached --attic-cache "$CACHE_REPOSITORY" deploy: needs: build - if: success() && github.ref == 'refs/heads/main' + if: success() && github.ref == 'refs/heads/54-deploy-vms-automatically' runs-on: nix env: SSH_DEPLOY_KEY: "${{ secrets.SSH_DEPLOY_KEY }}" From 6a75dfdaa60797a1135c290c13880ea339c18ed5 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Sat, 19 Apr 2025 18:42:34 +0300 Subject: [PATCH 2/4] Add deployment ssh key to all VMs --- nixos-modules/system/virtual-machine.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/nixos-modules/system/virtual-machine.nix b/nixos-modules/system/virtual-machine.nix index 5e5a8ae..776571e 100644 --- a/nixos-modules/system/virtual-machine.nix +++ b/nixos-modules/system/virtual-machine.nix @@ -13,6 +13,10 @@ with lib; config = lib.mkIf cfg.enable { + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBS65v7n5ozOUjYGuO/dgLC9C5MUGL5kTnQnvWAYP5B3 ci@git.qo.is" + ]; # TODO: Move this key to allow CI deployment for all machines. + boot.loader.grub.enable = true; system.autoUpgrade.allowReboot = true; From 99a5abbbfe522e89cc6edd391df707251f9cc95b Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Sat, 19 Apr 2025 18:42:34 +0300 Subject: [PATCH 3/4] Add deployment ssh key to all VMs --- nixos-modules/system/virtual-machine.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/nixos-modules/system/virtual-machine.nix b/nixos-modules/system/virtual-machine.nix index 5e5a8ae..776571e 100644 --- a/nixos-modules/system/virtual-machine.nix +++ b/nixos-modules/system/virtual-machine.nix @@ -13,6 +13,10 @@ with lib; config = lib.mkIf cfg.enable { + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBS65v7n5ozOUjYGuO/dgLC9C5MUGL5kTnQnvWAYP5B3 ci@git.qo.is" + ]; # TODO: Move this key to allow CI deployment for all machines. + boot.loader.grub.enable = true; system.autoUpgrade.allowReboot = true; From 2c679066ef88aabf37df08dca3f1e0bb66898c24 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Sat, 19 Apr 2025 18:57:37 +0300 Subject: [PATCH 4/4] Set rennovate schedule to run automatically daily. --- renovate.json | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/renovate.json b/renovate.json index f710e2d..63404e8 100644 --- a/renovate.json +++ b/renovate.json @@ -3,11 +3,12 @@ "extends": [ "config:recommended" ], + "schedule": [ + "* 18-19 * * *" + ], "lockFileMaintenance": { "enabled": true, - "extends": [ - "schedule:weekly" - ] + "automerge": true }, "cloneSubmodules": true, "nix": {