73 lines
2.1 KiB
Nix
73 lines
2.1 KiB
Nix
|
{ config, lib, pkgs, ... }:
|
||
|
with lib;
|
||
|
let cfg = config.kyouma.update-nixfiles;
|
||
|
in {
|
||
|
options.kyouma.update-nixfiles = {
|
||
|
enable = mkEnableOption "automatically update nixfiles inputs";
|
||
|
privateKey = mkOption {
|
||
|
type = types.str;
|
||
|
default = "";
|
||
|
description = "Private key path";
|
||
|
};
|
||
|
signingKey = mkOption {
|
||
|
type = types.str;
|
||
|
default = "";
|
||
|
description = "Public Key";
|
||
|
};
|
||
|
runFreq = mkOption {
|
||
|
type = types.str;
|
||
|
default = "*-*-* 04:20:00";
|
||
|
description = "How often nixfiles should be updated. See {manpage}`systemd.timer(5)`";
|
||
|
};
|
||
|
};
|
||
|
config = mkIf cfg.enable {
|
||
|
users.groups.update-nixfiles = {};
|
||
|
users.users.update-nixfiles = {
|
||
|
group = "update-nixfiles";
|
||
|
isSystemUser = true;
|
||
|
useDefaultShell = true;
|
||
|
};
|
||
|
home-manager.users.update-nixfiles = {
|
||
|
home.stateVersion = "23.11";
|
||
|
programs.git = {
|
||
|
enable = true;
|
||
|
signing.key = builtins.toFile "signingKey" cfg.signingKey;
|
||
|
signing.signByDefault = true;
|
||
|
userName = "Update Bot";
|
||
|
userEmail = "update-nixfiles-bot@kyouma.net";
|
||
|
extraConfig = {
|
||
|
gpg.format = "ssh";
|
||
|
};
|
||
|
};
|
||
|
programs.ssh = {
|
||
|
addKeysToAgent = "yes";
|
||
|
matchBlocks."git.bsd.gay".indentityFile = cfg.privateKey;
|
||
|
};
|
||
|
services.ssh-agent.enable = true;
|
||
|
};
|
||
|
programs.ssh = {
|
||
|
knownHosts."git.bsd.gay".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHd48YPVXBWVdQwVAF16Ihs7FNTPmD1kMUnOfQttc1bA";
|
||
|
};
|
||
|
systemd.services.update-nixfiles = {
|
||
|
requires = [ "network-online.target" ];
|
||
|
after = [ "network-online.target" ];
|
||
|
restartIfChanged = false;
|
||
|
unitConfig.X-StopOnRemoval = false;
|
||
|
|
||
|
serviceConfig = {
|
||
|
ExecStart = "${pkgs.update-nixfiles}/bin/update-nixfiles";
|
||
|
User = "update-nixfiles";
|
||
|
};
|
||
|
};
|
||
|
systemd.timers.update-nixfiles = {
|
||
|
wantedBy = [ "timers.target" ];
|
||
|
timerConfig = {
|
||
|
OnCalendar = cfg.runFreq;
|
||
|
};
|
||
|
requires = [ "network-online.target" ];
|
||
|
after = [ "network-online.target" ];
|
||
|
};
|
||
|
environment.systemPackages = [ pkgs.update-nixfiles ];
|
||
|
};
|
||
|
}
|