name: NixOS Rebuild

on:
  workflow_dispatch:
  push:
    branches: [ main ]

env:
  PATH: /run/current-system/sw/bin:/run/wrappers/bin

jobs:
  rebuild:
    runs-on: self-hosted
    steps:
      - name: Setup SSH key
        run: |
          mkdir -p ./ssh
          echo "${{ secrets.DEPLOY_SSH_KEY }}" > ./ssh/deploy_key
          chmod 600 ./ssh/deploy_key
          
      - name: Rebuild
        run: |
          ssh -i ./ssh/deploy_key \
            -o PasswordAuthentication=no \
            -o StrictHostKeyChecking=no \
            -o UserKnownHostsFile=/dev/null \
            root@localhost \
            "bash -lc 'nixos-rebuild switch --flake git+http://localhost:5080/satr14/nix-flake#homelab -L'"

      - name: Show generation
        if: always()
        run: |
          ssh -i ./ssh/deploy_key \
            -o PasswordAuthentication=no \
            -o StrictHostKeyChecking=no \
            -o UserKnownHostsFile=/dev/null \
            root@localhost "bash -lc 'nixos-version'"

      - name: Clean Up
        if: always()
        run: rm -f ./ssh/deploy_key