This repository demonstrates :
- provisioning of a NixOS compute instance on GandiCloud VPS via Terraform
- reading encrypted cloud credentials from terraform with sops
- deploying to the new server via nixos-rebuild
- dynamic creation of github action secrets from terraform deployment outputs
- a github action to deploy NixOS configurations to the server
# 1. Insert secrets (Gandi username/password + GitHub token)
sops secrets.yaml
# 2. Plan terraform deployment
nix run .#plan
# 3. Terraform apply (spin up server)
nix run .#apply
# 4. Deploy NixOS config (via nixos-rebuild / SSH)
nix run .#deploy
# 5. Login via SSH (via mosh)
nix run .#login
# 6. Destroy (spin down server)
nix run .#destroy