[nixos/server] enable reverse proxy for wanderer #47

	name: Deploy Server

	on:
	push:
	branches:
	- master
	paths:
	- 'nixos/server/**'

	workflow_dispatch:
	workflow_call:
	secrets:
	SSH_PRIVATE_KEY:
	required: true
	SSH_CONFIG:
	required: true
	KNOWN_HOSTS:
	required: true

	jobs:
	deploy-server:
	runs-on: ubuntu-latest

	steps:
	- name: Setup ssh-agent
	uses: webfactory/[email protected]
	with:
	ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}

	- name: Install SSH key
	uses: shimataro/ssh-key-action@v2
	with:
	key: ${{ secrets.SSH_PRIVATE_KEY }}
	name: id_rsa # optional
	known_hosts: ${{ secrets.KNOWN_HOSTS }}
	config: ${{ secrets.SSH_CONFIG }} # ssh_config; optional
	if_key_exists: fail

	- name: Checkout repository
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Install nix
	uses: cachix/install-nix-action@v26
	with:
	nix_path: nixpkgs=channel:nixos-23.11

	- name: Use magix nix cache
	uses: DeterminateSystems/magic-nix-cache-action@v4

	- name: Check flake lock file
	uses: DeterminateSystems/flake-checker-action@v5
	with:
	flake-lock-path: nixos/server/flake.lock

	- name: Run nixos-rebuild
	uses: workflow/[email protected]
	with:
	packages: nixos-rebuild
	working-directory: nixos/server
	script: \|
	sudo cp -r $HOME/.ssh /root
	nixos-rebuild switch --fast --flake ".#nixos" --use-remote-sudo --target-host "[email protected]" --build-host "[email protected]" --builders "ssh://[email protected] aarch64-linux" \|\| true
	nixos-rebuild switch --fast --flake ".#nixos" --use-remote-sudo --target-host "[email protected]" --build-host "[email protected]" --builders '"ssh://[email protected] aarch64-linux"'

Provide feedback