default:
  image: nixos/nix:2.16.1

stages:
  - update_flake_lock
  - build
  - apply
  - commit_flake

update_flake_lock:
  stage: update_flake_lock
  script:
    - nix flake update --extra-experimental-features nix-command --extra-experimental-features flakes

build:
  stage: build
  script:
    - nix-env --install colmena
    - colmena build

apply:
  stage: apply
  script:
    - nix-env --install colmena
    - eval $(ssh-agent -s)
    - chmod 600 "$SSH_PRIVATE_KEY"
    - ssh-add "$SSH_PRIVATE_KEY"
    - git clone https://oauth2:${ACCESS_TOKEN_KNOWN_HOSTS}@git.grzb.de/yuri/known_hosts.git /root/.ssh
    - colmena apply --no-keys

commit_flake:
  stage: commit_flake
  variables:
    GIT_AUTHOR_EMAIL: $GIT_AUTHOR_EMAIL
    GIT_AUTHOR_NAME: $GIT_AUTHOR_NAME
    GIT_COMMITTER_EMAIL: $GIT_COMMITTER_EMAIL
    GIT_COMMITTER_NAME: $GIT_COMMITTER_NAME
    ACCESS_TOKEN: $ACCESS_TOKEN
  script:
    - nix-env --install git