Does anybody have a NixOS module for a GitHub hook? I’d like to automatically update my website when I push to master.
I’m presuming the safest way is host some URL that github calls when master is updated, and then do a git fetch + reset + possibly reload some service? Or are there better ways?
Did you find a solution for this? I’d like to do something similar, and am uncomfortable giving github blanket ssh root access.
An alternative to a NixOS module for receiving webhook calls might be a NixOS module that sets up a restricted user that’s only allowed to call a deploy script.
An advantage to deploying via ssh from a Github action is that deployment failures and output shows up in the Github UI.
Good point, I wrote this before GH Actions were available 
So indeed good idea, nowadays I would put an SSH key on github that can only run a deploy script, and it would show up in the action log.