From 747b7ce7cad7df48049386f30fa85f38e6128fec Mon Sep 17 00:00:00 2001
From: coolneng <akasroua@gmail.com>
Date: Tue, 7 Jun 2022 00:11:57 +0200
Subject: [PATCH] Configure flake auto-upgrade

---
 configuration.nix    | 31 +++++++++++++++++++++++++------
 modules/periodic.nix | 10 ++++++++++
 secrets/git.age      |  8 ++++++++
 secrets/secrets.nix  |  1 +
 4 files changed, 44 insertions(+), 6 deletions(-)
 create mode 100644 secrets/git.age

diff --git a/configuration.nix b/configuration.nix
index 4eea77d..86618b6 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -103,12 +103,6 @@ with pkgs;
     interval = "monthly";
   };
 
-  # Auto-upgrade the system and reboot if needed
-  system.autoUpgrade = {
-    enable = true;
-    allowReboot = true;
-  };
-
   # Run Nix garbage collector, while avoiding recompilation and enable flakes
   nix = {
     settings.auto-optimise-store = true;
@@ -166,9 +160,34 @@ with pkgs;
       owner = "miniflux";
       group = "miniflux";
     };
+    secrets.git.file = secrets/git.age;
     identityPaths = [ "/etc/ssh/id_ed25519" ];
   };
 
+  # Auto-upgrade the system
+  system.autoUpgrade = {
+    enable = true;
+    flake = "/home/coolneng/system";
+    flags = [
+      "--update-input"
+      "agenix"
+      "--update-input"
+      "nixpkgs"
+      "--commit-lock-file"
+    ];
+  };
+
+  # Configure git for auto-upgrade
+  programs.git = {
+    enable = true;
+    config = {
+      user.name = "coolneng";
+      user.email = "akasroua@gmail.com";
+      safe.directory = "/home/coolneng/system";
+      credential.helper = "store --file ${config.age.secrets.git.path}";
+    };
+  };
+
   # Import other configuration modules
   imports = [
     ./modules/hardware-configuration.nix
diff --git a/modules/periodic.nix b/modules/periodic.nix
index eea644d..271497f 100644
--- a/modules/periodic.nix
+++ b/modules/periodic.nix
@@ -83,4 +83,14 @@ in {
     requires = [ "sata-hat.service" ];
     after = [ "vault.mount" ];
   };
+
+  # Push zion changes to git daily
+  systemd.services.zion-push = {
+    description = "Push zion changes to git";
+    path = with pkgs; [ git ];
+    script = "${pkgs.git}/bin/git -C /home/coolneng/system push";
+    serviceConfig.Type = "oneshot";
+    startAt = "07:00:00";
+    after = [ "network-online.target" ];
+  };
 }
diff --git a/secrets/git.age b/secrets/git.age
new file mode 100644
index 0000000..c36f62e
--- /dev/null
+++ b/secrets/git.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 iUaRGg MMf85MfBRho4AAWRJW6WlGxG4Drnuz9qqBlTzpOKiRc
+tZSl7z0wkSO0K0mJ44q9Ix3yVCMp3LMh/jllNAOK5+E
+-> n5p-grease .1Sb)yr iCEC
+lXYS70Iag6qiAErdO8kSpaTqeBwXTWszUTCT1M3Uy4VxFY17
+--- iWFH19Fd0y8eP9rkWjHt4xqFXqVC/S6dNEfczvRkGwY
+txE	�Rͫ$Y�����j`�n��j�������RI�P$$Ag
�]볷�2��gF
+t�[u����M��nG�����q�;xa�š�qe
Uç�yT���޼�$�,6Ĝ
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index ef0c37a..4ff0776 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -8,4 +8,5 @@ in {
   "gitea.age".publicKeys = [ zion ];
   "ddclient.age".publicKeys = [ zion ];
   "miniflux.age".publicKeys = [ zion ];
+  "git.age".publicKeys = [ zion ];
 }