Test terraform #56

	name: "CI"
	on:
	push:
	jobs:
	nix-flake-check:
	# TODO idea: instead of using QEMU (which is slow) use the host as remote builder
	strategy:
	matrix:
	system: ["aarch64-linux", "x86_64-linux"]
	runs-on: ubuntu-latest
	name: "Build checks for ${{ matrix.system }}"
	steps:
	- run: \|
	mkdir -p /home/runner/.ssh
	echo "${{ secrets.SSH_KEY }}" > /home/runner/.ssh/id_ed25519
	chmod 600 /home/runner/.ssh/id_ed25519
	- run: "[ '${{ matrix.system }}' == 'aarch64-linux' ] && sudo apt-get install -y qemu-user-static \|\| true"
	- uses: actions/checkout@v4
	- uses: cachix/install-nix-action@v25
	with:
	github_access_token: ${{ secrets.GITHUB_TOKEN }}
	extra_nix_config: \|
	system = ${{ matrix.system }}
	- id: retrieve-cachix-auth-token
	run: \|
	source "$(nix build .#inject-secrets --no-link --print-out-paths)"/bin/install-agenix-shell
	echo "CACHIX_AUTH_TOKEN=$CACHIX_AUTH_TOKEN" > $GITHUB_OUTPUT
	- uses: cachix/cachix-action@v14
	with:
	name: nix-pizza
	authToken: ${{ steps.retrieve-cachix-auth-token.outputs.CACHIX_AUTH_TOKEN }}
	# - run: nix flake check -L
	- run: \|
	source "$(nix build .#inject-secrets --no-link --print-out-paths)"/bin/install-agenix-shell
	TF_VAR_ssh_public_keys="$(cat $(nix build .#ssh-public-keys --no-link --print-out-paths))"
	nix run .#opentofu -- init
	nix run .#opentofu -- apply --auto-approve

Provide feedback