feat: init

.github/pull_request_template.md

@@ -0,0 +1,11 @@
+## What
+
+<!-- Brief description of the change -->
+
+## Why
+
+<!-- Motivation or link to issue -->
+
+## Testing
+
+<!-- How was this tested? -->

.github/workflows/ci.yml

@@ -0,0 +1,61 @@
+name: CI
+
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: cachix/cachix-action@v15
+        with:
+          name: noisebridge-wiki
+          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
+
+      - name: nix flake check
+        run: nix flake check
+
+      - name: Build wiki
+        run: nix build .#nixosConfigurations.wiki.config.system.build.toplevel
+
+      - name: Build wiki-replica
+        run: nix build .#nixosConfigurations.wiki-replica.config.system.build.toplevel
+
+  deploy:
+    needs: check
+    if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+    runs-on: ubuntu-latest
+    concurrency:
+      group: deploy
+      cancel-in-progress: false
+    steps:
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: cachix/cachix-action@v15
+        with:
+          name: noisebridge-wiki
+          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
+
+      - name: Connect to Tailscale
+        uses: tailscale/github-action@v2
+        with:
+          oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
+          oauth-secret: ${{ secrets.TS_OAUTH_SECRET }}
+          tags: tag:ci
+
+      - name: Configure SSH
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.DEPLOY_SSH_KEY }}" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+          ssh-keyscan -t ed25519 wiki wiki-replica >> ~/.ssh/known_hosts 2>/dev/null
+
+      - name: Deploy wiki
+        run: nix run .#deploy -- .#wiki -- --ssh-opts="-o ConnectTimeout=30"
+
+      - name: Deploy wiki-replica
+        run: nix run .#deploy -- .#wiki-replica -- --ssh-opts="-o ConnectTimeout=30"

.github/workflows/update-flake.yml

@@ -0,0 +1,17 @@
+name: Update flake.lock
+
+on:
+  schedule:
+    - cron: "0 6 * * *"  # 6am UTC daily
+  workflow_dispatch:
+
+jobs:
+  update:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: DeterminateSystems/update-flake-lock@main
+        with:
+          pr-title: "chore: update flake.lock"
+          pr-labels: dependencies