name: deploy systems

on:
  #check_suite:
  #  types: [completed]
  workflow_dispatch:

jobs:
  deploy:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - name: install nix
        uses: nixbuild/nix-quick-install-action@v26

      - name: connect to tailscale
        uses: tailscale/github-action@v2
        with:
            oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
            oauth-secret: ${{ secrets.TS_OAUTH_SECRET }}
            tags: tag:gha

      - name: disable host key verification for ssh
        run: |
          set -eux

          [ ! -d ~/.ssh ] && mkdir -p ~/.ssh
          cat >> ~/.ssh/config << EOF
          Host *
              StrictHostKeyChecking no
              UserKnownHostsFile=/dev/null
          EOF

      - name: deploy all systems
        run: nix run nixpkgs#just deploy-all