From 716f22e32d06acbfe397a34f1535dc2f7adbd1ea Mon Sep 17 00:00:00 2001
From: teutat3s <teutates@mailbox.org>
Date: Tue, 7 Mar 2023 17:23:34 +0100
Subject: [PATCH] ci: deploy host_001_momo_koeln on every push to

momo/main

The branch momo/main is now protected from direct pushes and changes
should go through review before getting merged

Fix drone lint errors:
Pipeline stage 'Notification' declares invalid dependency 'Tests'
Pipeline stage 'Publish ISO' declares invalid dependency 'Check'
---
 .drone.yml                  | 26 ++++++++++++++++++--------
 users/barkeeper/default.nix |  7 +++----
 2 files changed, 21 insertions(+), 12 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index 14eb3de5..067b9856 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -1,7 +1,7 @@
 ---
 kind: pipeline
 type: exec
-name: Check
+name: Check and deploy
 node:
   hosttype: baremetal
 
@@ -17,6 +17,22 @@ steps:
       - nix $$NIX_FLAGS develop --command nix flake show
       - nix $$NIX_FLAGS build ".#nixosConfigurations.host_001_momo_koeln.config.system.build.toplevel"
 
+  - name: "Deploy"
+    when:
+      event:
+        - push
+      branch:
+        - momo/main
+    environment:
+      NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
+      PRIVATE_SSH_KEY:
+        from_secret: ci_private_ssh_key
+    commands:
+      - "mkdir ~/.ssh && chmod 700 ~/.ssh"
+      - echo "$$PRIVATE_SSH_KEY" > ~/.ssh/id_ed25519 && chmod 600 ~/.ssh/id_ed25519
+      - 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS'
+      - nix $$NIX_FLAGS develop --command deploy --magic-rollback false --skip-checks --targets '.#host_001_momo_koeln'
+
 ---
 kind: pipeline
 type: exec
@@ -76,9 +92,6 @@ steps:
         from_secret: matrix_password
       template: "Test run triggered by tag: {{ build.tag }}. Test run exit status: {{ build.status }}. Artifacts uploaded to Manta: https://eu-central.manta.greenbaum.cloud/pub_solar/public/ci/{{ repo.Owner }}/{{ repo.Name }}/{{ build.number }}/foot_wayland_info.png"
 
-depends_on:
-  - Tests
-
 trigger:
   ref:
     - refs/tags/v*
@@ -132,9 +145,6 @@ steps:
       unlink_first: true
       strip_components: 3
 
-depends_on:
-  - Check
-
 trigger:
   branch:
     - main
@@ -147,6 +157,6 @@ volumes:
 
 ---
 kind: signature
-hmac: 4eafc30355db63df1c207a267669400120d18a479bf850923cd646f7cb0fabac
+hmac: e50c1347f8645fa2591afa05643eb0c293b70ef1628d157d16d3d819b27f6e7c
 
 ...
diff --git a/users/barkeeper/default.nix b/users/barkeeper/default.nix
index 201d161c..758defdc 100644
--- a/users/barkeeper/default.nix
+++ b/users/barkeeper/default.nix
@@ -12,17 +12,16 @@ in {
 
     security.sudo.extraRules = [
       {
-        users = [ "${psCfg.user.name}" ];
+        users = ["${psCfg.user.name}"];
         commands = [
           {
             command = "ALL";
-            options = [ "NOPASSWD" ];
+            options = ["NOPASSWD"];
           }
         ];
       }
     ];
 
-
     pub-solar = {
       user = {
         name = "barkeeper";
@@ -35,9 +34,9 @@ in {
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work"
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb @hensoko"
           "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFro/k4Mgqyh8yV/7Zwjc0dv60ZM7bROBU9JNd99P/4co6fxPt1pJiU/pEz2Dax/HODxgcO+jFZfvPEuLMCeAl0= YubiKey #10593996 PIV Slot 9a @teutat3s"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP5MvCwNRtCcP1pSDrn0XZTNlpOqYnjHDm9/OI4hECW @ci-drone-runner"
         ];
       };
     };
   };
 }
-