.github/workflows/ci.yml

@@ -76,10 +76,17 @@ jobs:
   trigger-deploy:
     needs: [build-check, build-server]
     runs-on: ubuntu-latest
+    outputs:
+      previous-sha: ${{ steps.previous-sha.outputs.sha }}
     permissions:
       contents: write
     steps:
       - uses: actions/checkout@v5
+      - name: Get previous deploy SHA
+        id: previous-sha
+        run: |
+          sha=$(git ls-remote origin deploy | cut -f1)
+          printf "sha=%s" "$sha" >> "$GITHUB_OUTPUT"
       - name: Push to deploy branch
         run: git push --force origin HEAD:refs/heads/deploy
   await-deploy:
@@ -110,6 +117,20 @@ jobs:
 
             sleep 5
           done
+  rollback-deploy:
+    if: always() && needs.await-deploy.result == 'failure'
+    needs: [trigger-deploy, await-deploy]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.PAT }}
+      - name: Rollback deploy branch
+        run: |
+          previous_sha="${{ needs.trigger-deploy.outputs.previous-sha }}"
+          echo "Rolling back deploy branch to $previous_sha"
+          git push --force origin "$previous_sha:refs/heads/deploy"
   notify:
     if: always()
     needs: [await-deploy]
@@ -124,7 +145,7 @@ jobs:
             -H "Tags: white_check_mark" \
             -H "Actions: view, Open workflow run, ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
             -H "Markdown: yes" \
-            -d $'Commit `'"${GITHUB_SHA::7}"$'` deployed successfully.\n\n> ${{ github.event.head_commit.message }}' \
+            -d "Commit \`${GITHUB_SHA::7}\` deployed successfully." \
             https://ntfy.sh/splitleaf
       - name: Notify failure
         if: needs.await-deploy.result == 'failure'
@@ -135,5 +156,5 @@ jobs:
             -H "Tags: rotating_light" \
             -H "Actions: view, Open workflow run, ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
             -H "Markdown: yes" \
-            -d $'Commit `'"${GITHUB_SHA::7}"$'` failed to deploy.\n\n> ${{ github.event.head_commit.message }}' \
+            -d "Commit \`${GITHUB_SHA::7}\` failed to deploy." \
             https://ntfy.sh/splitleaf

modules/home/programs/noctalia-shell.nix

@@ -18,7 +18,6 @@
         general = {
           animationSpeed = 1.8;
           enableShadows = false;
-          dimmerOpacity = 0.1;
           compactLockScreen = true;
           clockStyle = "digital";
           autoStartAuth = true;
@@ -97,7 +96,6 @@
           largeButtonsStyle = false;
           countdownDuration = 3000;
         };
-        idle.enabled = true;
         audio.mprisBlacklist = "firefox";
         location = {
           firstDayOfWeek = 1;

modules/nixos/services/comin.nix

@@ -18,10 +18,10 @@ let
           exit 0
         fi
 
-        token=$(cat "${config.sops.secrets."git/push-token".path}")
+        token=$(cat "''${CREDENTIALS_DIRECTORY}/git-push-token")
         repo_url="https://x-access-token:$token@github.com/SebastianStork/nixos-config.git"
 
-        git -C /var/lib/comin/repository push --force "$repo_url" "$COMIN_GIT_SHA:refs/heads/deployed/$COMIN_HOSTNAME"
+        git push --force "$repo_url" "$COMIN_GIT_SHA:refs/heads/deployed/$COMIN_HOSTNAME"
 
         echo "Updated deployed/$COMIN_HOSTNAME to $COMIN_GIT_SHA"
       '';
@@ -41,6 +41,9 @@ in
 
   config = lib.mkIf cfg.enable {
     sops.secrets."git/push-token" = { };
+    systemd.services.comin.serviceConfig.LoadCredential = "git-push-token:${
+      config.sops.secrets."git/push-token".path
+    }";
 
     services.comin = {
       enable = true;