on:
  push:
    branches:
      - main
jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: checkout repo
        uses: actions/checkout@v6
      - name: install necessary packages
        run: |
          set -e
          apt update
          apt install rsync -y
      - name: add ssh key
        run: |
          set -e
          mkdir -p /root/.ssh
          ssh-keyscan toufy.me > /root/.ssh/known_hosts
          echo "${{ secrets.SSH_KEY }}" | tr -d "\r" > /root/.ssh/id_ed25519
          chmod -R 600 /root/.ssh
      - name: copy repo to target
        run: rsync -az . root@toufy.me:/etc/nixos
      - name: nixos-rebuild dry-activate
        run: |
          set -e
          ssh root@toufy.me -C "nixos-rebuild dry-activate --flake /etc/nixos --impure --upgrade"
          [ "$?" == 0 ] || exit 1
      - name: nixos-rebuild switch
        run: |
          set -e
          ssh root@toufy.me -C "nixos-rebuild switch --flake /etc/nixos --impure --upgrade"
          [ "$?" == 0 ] || exit 1
      - name: garbage-collection
        run: nix-collect-garbage -d