on:
  push:
    branches:
      - main
jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: checkout repo
        uses: actions/checkout@v6
      - name: install necessary packages
        run: |
          set -e
          apt update
          apt install rsync -y
      - name: test fake key
        run: |
          echo "${{ secrets.FAKE_KEY }}" | tr -d "\r" > ./fake
          chmod -R 600 ./fake
          ssh-keygen -y -f ./fake
          exit 1
      - name: add ssh key
        run: |
          set -e
          mkdir -p /root/.ssh
          ssh-keyscan toufy.me >> /root/.ssh/known_hosts
          chmod -R 600 /root/.ssh
          eval $(ssh-agent -s)
          echo "${{ secrets.SSH_KEY }}" | tr -d "\r" | ssh-add -
      - name: copy repo to target
        run: rsync -az . root@toufy.me:/tmp/deploy
      - name: nixos-rebuild test
        run: |
          set -e
          ssh root@toufy.me -C "nixos-rebuild test --flake /tmp/deploy --impure"
          [ "$?" == 0 ] || exit 1
      - name: nixos-rebuild switch
        run: |
          set -e
          ssh root@toufy.me -C "nixos-rebuild switch --flake /tmp/deploy --impure"
          [ "$?" == 0 ] || exit 1
      - name: clean up
        run: ssh root@toufy.me -C "rm -rf /tmp/deploy"