name: Deploy VyOS config.boot to Wizard on: push: branches: [ main ] paths: [ 'homelab/vyos/config.boot' ] jobs: deploy: defaults: run: working-directory: homelab/vyos runs-on: ubuntu-latest steps: - name: Checkout Jafner.net repo uses: actions/checkout@v4 - name: Check network connectivity to host run: | sudo apt-get update &&\ sudo apt-get install -y iputils-ping ping -c 1 -t 5 -q 192.168.1.1 - name: Configure SSH run: | echo -e "${{ secrets.RUNNER_SSH_PRIVATEKEY }}" > /tmp/key chmod 600 /tmp/key ssh-keygen -y -f /tmp/key > /tmp/key.pub mkdir -p ~/.ssh && touch ~/.ssh/known_hosts && chmod 600 ~/.ssh/known_hosts ssh-keyscan -t ed25519 192.168.1.1 >> ~/.ssh/known_hosts - name: Connect to VyOS run: | ssh -i /tmp/key vyos@192.168.1.1 'whoami' - name: Install SOPS run: | curl -o sops -L https://github.com/getsops/sops/releases/download/v3.9.1/sops-v3.9.1.linux.amd64 chmod +x sops; mv sops /usr/local/bin/sops sops --version - name: Decrypt config.boot run: | echo -e "$(ssh -i /tmp/key vyos@192.168.1.1 'cat /config/wizard.host.key')\n${{ secrets.AGE_DEPLOY_KEY }}" > /tmp/combined.key export SOPS_AGE_KEY_FILE=/tmp/combined.key sops decrypt -i --input-type json config.boot 2>/dev/null && echo "Decrypted config.boot" - name: Push config to VyOS run: | SSH_CMD="ssh -i /tmp/key" SCP_CMD="scp -i /tmp/key -q" ./vyos.sh push