diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2eb7688..88eead3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -76,10 +76,17 @@ jobs: trigger-deploy: needs: [build-check, build-server] runs-on: ubuntu-latest + outputs: + previous-sha: ${{ steps.previous-sha.outputs.sha }} permissions: contents: write steps: - uses: actions/checkout@v5 + - name: Get previous deploy SHA + id: previous-sha + run: | + sha=$(git ls-remote origin deploy | cut -f1) + printf "sha=%s" "$sha" >> "$GITHUB_OUTPUT" - name: Push to deploy branch run: git push --force origin HEAD:refs/heads/deploy await-deploy: @@ -110,6 +117,21 @@ jobs: sleep 5 done + rollback-deploy: + if: always() && needs.await-deploy.result == 'failure' + needs: [trigger-deploy, await-deploy] + runs-on: ubuntu-latest + permissions: + contents: write + steps: + - uses: actions/checkout@v5 + with: + fetch-depth: 0 + - name: Rollback deploy branch + run: | + previous_sha="${{ needs.trigger-deploy.outputs.previous-sha }}" + echo "Rolling back deploy branch to $previous_sha" + git push --force origin "$previous_sha:refs/heads/deploy" notify: if: always() needs: [await-deploy] @@ -124,7 +146,7 @@ jobs: -H "Tags: white_check_mark" \ -H "Actions: view, Open workflow run, ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ -H "Markdown: yes" \ - -d $'Commit `'"${GITHUB_SHA::7}"$'` deployed successfully.\n\n> ${{ github.event.head_commit.message }}' \ + -d "Commit \`${GITHUB_SHA::7}\` deployed successfully." \ https://ntfy.sh/splitleaf - name: Notify failure if: needs.await-deploy.result == 'failure' @@ -135,5 +157,5 @@ jobs: -H "Tags: rotating_light" \ -H "Actions: view, Open workflow run, ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ -H "Markdown: yes" \ - -d $'Commit `'"${GITHUB_SHA::7}"$'` failed to deploy.\n\n> ${{ github.event.head_commit.message }}' \ + -d "Commit \`${GITHUB_SHA::7}\` failed to deploy." \ https://ntfy.sh/splitleaf diff --git a/modules/home/programs/noctalia-shell.nix b/modules/home/programs/noctalia-shell.nix index f2ad12f..f5bec77 100644 --- a/modules/home/programs/noctalia-shell.nix +++ b/modules/home/programs/noctalia-shell.nix @@ -18,7 +18,6 @@ general = { animationSpeed = 1.8; enableShadows = false; - dimmerOpacity = 0.1; compactLockScreen = true; clockStyle = "digital"; autoStartAuth = true; @@ -97,7 +96,6 @@ largeButtonsStyle = false; countdownDuration = 3000; }; - idle.enabled = true; audio.mprisBlacklist = "firefox"; location = { firstDayOfWeek = 1; diff --git a/modules/nixos/services/comin.nix b/modules/nixos/services/comin.nix index b5de860..50095ba 100644 --- a/modules/nixos/services/comin.nix +++ b/modules/nixos/services/comin.nix @@ -18,10 +18,10 @@ let exit 0 fi - token=$(cat "${config.sops.secrets."git/push-token".path}") + token=$(cat "''${CREDENTIALS_DIRECTORY}/git-push-token") repo_url="https://x-access-token:$token@github.com/SebastianStork/nixos-config.git" - git -C /var/lib/comin/repository push --force "$repo_url" "$COMIN_GIT_SHA:refs/heads/deployed/$COMIN_HOSTNAME" + git push --force "$repo_url" "$COMIN_GIT_SHA:refs/heads/deployed/$COMIN_HOSTNAME" echo "Updated deployed/$COMIN_HOSTNAME to $COMIN_GIT_SHA" ''; @@ -41,6 +41,9 @@ in config = lib.mkIf cfg.enable { sops.secrets."git/push-token" = { }; + systemd.services.comin.serviceConfig.LoadCredential = "git-push-token:${ + config.sops.secrets."git/push-token".path + }"; services.comin = { enable = true;