pipeline:
  build-and-deploy:
    image: nixos/nix:latest
    environment: 
      - HOST=weirdnatto.in
      - PORT=22001
    commands:
      - nix-env -iA nixpkgs.cachix nixpkgs.rsync nixpkgs.jq
      - cachix use $CACHIX_NAME
      - nix --extra-experimental-features "nix-command flakes" -L build -o site
       | jq -r '.[].outputs | to_entries[].value'
       | cachix push $CACHIX_NAME
      - eval `ssh-agent -s`
      - mkdir -p ~/.ssh
      - ssh-keyscan -p $PORT $HOST >> ~/.ssh/known_hosts
      - echo "$REMOTE_KEY" | ssh-add -
      - rsync --checksum -ave 'ssh -p $PORT' 
        site/* root@$HOST:/var/lib/site

    secrets: [ cachix_auth_token, cachix_name, remote_key ]