diff --git a/nixbld-etc-nixos/configuration.nix b/nixbld-etc-nixos/configuration.nix
index c54b90c..c58fb02 100644
--- a/nixbld-etc-nixos/configuration.nix
+++ b/nixbld-etc-nixos/configuration.nix
@@ -642,7 +642,19 @@ in
notificationSender = "hydra@m-labs.hk";
minimumDiskFree = 15; # in GB
minimumDiskFreeEvaluator = 1;
- extraConfig =
+ extraConfig = let
+ deployWebIntl = pkgs.writeShellScript "deployWebIntl"
+ ''
+ #!${pkgs.bash}/bin/bash
+ [ $(jq '.buildStatus' < $HYDRA_JSON) = 0 ]
+ export "TMPSSH=`mktemp -d`"
+ trap "rm -rf '$TMPSSH'" EXIT
+ cp --preserve=mode /opt/hydra_id_ed25519 "$TMPSSH/id_ed25519"
+ cp --preserve=mode /opt/hydra_id_ed25519.pub "$TMPSSH/id_ed25519.pub"
+ echo "5.78.86.156 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEMbV69aqkHdQ1T5lMuALyHjNowU1rottZtEV4OhKQ6Y" > "$TMPSSH/known_hosts"
+ ${pkgs.rsync}/bin/rsync -r -e "${pkgs.openssh}/bin/ssh -i '$TMPSSH/id_ed25519' -o 'UserKnownHostsFile=$TMPSSH/known_hosts' -o IdentitiesOnly=yes" -c $(jq -r '.outputs[0].path' < $HYDRA_JSON)/ zolaupd@5.78.86.156:/var/www/m-labs-intl.com/html/
+ '';
+ in
''
binary_cache_secret_key_file = /etc/nixos/secret/nixbld.m-labs.hk-1
max_output_size = 10000000000
@@ -653,13 +665,7 @@ in
job = web:web:web-intl
- command = [ $(jq '.buildStatus' < $HYDRA_JSON) = 0 ] && export HOME=`mktemp -d` && \
- mkdir $HOME/.ssh && \
- cp /opt/hydra_id_ed25519 $HOME/.ssh/id_ed25519 && \
- cp /opt/hydra_id_ed25519.pub $HOME/.ssh/id_ed25519.pub && \
- echo "5.78.86.156 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEMbV69aqkHdQ1T5lMuALyHjNowU1rottZtEV4OhKQ6Y" > $HOME/.ssh/known_hosts && \
- chmod 600 $HOME/.ssh/id_ed25519 && \
- ${pkgs.rsync}/bin/rsync -r -c $(jq -r '.outputs[0].path' < $HYDRA_JSON) zolaupd@5.78.86.156:/var/www/m-labs-intl.com/html/
+ command = ${deployWebIntl}
job = web:web:nmigen-docs