nixfiles/modules/update-nixfiles/default.nix

77 lines
2.3 KiB
Nix
Raw Permalink Normal View History

2024-05-16 17:07:39 +02:00
{ config, lib, pkgs, ... }:
with lib;
let cfg = config.kyouma.update-nixfiles;
in {
options.kyouma.update-nixfiles = {
enable = mkEnableOption "automatically update nixfiles inputs";
privateKey = mkOption {
type = types.str;
default = "";
description = "Private key path";
};
signingKey = mkOption {
type = types.str;
default = "";
description = "Public Key";
};
runFreq = mkOption {
type = types.str;
default = "*-*-* 04:20:00";
description = "How often nixfiles should be updated. See {manpage}`systemd.timer(5)`";
};
};
config = mkIf cfg.enable {
users.groups.update-nixfiles = {};
users.users.update-nixfiles = {
2024-05-16 21:53:17 +02:00
createHome = true;
2024-05-16 17:07:39 +02:00
group = "update-nixfiles";
2024-05-16 21:53:17 +02:00
home = "/var/lib/update-nixfiles";
2024-05-16 17:07:39 +02:00
isSystemUser = true;
useDefaultShell = true;
};
home-manager.users.update-nixfiles = {
home.stateVersion = "23.11";
programs.git = {
enable = true;
signing.key = builtins.toFile "signingKey" cfg.signingKey;
signing.signByDefault = true;
userName = "Update Bot";
userEmail = "update-nixfiles-bot@kyouma.net";
extraConfig = {
gpg.format = "ssh";
};
};
programs.ssh = {
2024-05-16 22:21:01 +02:00
enable = true;
2024-05-16 17:07:39 +02:00
addKeysToAgent = "yes";
2024-06-20 14:18:21 +02:00
matchBlocks."woof.rip".identityFile = cfg.privateKey;
2024-05-16 17:07:39 +02:00
};
services.ssh-agent.enable = true;
};
2024-05-16 22:21:01 +02:00
nix.settings.accept-flake-config = true;
2024-05-16 17:07:39 +02:00
programs.ssh = {
2024-06-20 14:18:21 +02:00
knownHosts."woof.rip".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPeiU8hbOhTuF0Ku8XNIYno3rtxL1CR5gHmZJo4WbLZZ";
2024-05-16 17:07:39 +02:00
};
systemd.services.update-nixfiles = {
requires = [ "network-online.target" ];
after = [ "network-online.target" ];
restartIfChanged = false;
unitConfig.X-StopOnRemoval = false;
serviceConfig = {
ExecStart = "${pkgs.update-nixfiles}/bin/update-nixfiles";
User = "update-nixfiles";
};
};
systemd.timers.update-nixfiles = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = cfg.runFreq;
};
requires = [ "network-online.target" ];
after = [ "network-online.target" ];
};
environment.systemPackages = [ pkgs.update-nixfiles ];
};
}