coolneng
/
zion
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Configure flake auto-upgrade

This commit is contained in:
coolneng 2022-06-07 00:11:57 +02:00
parent f5966c6271
commit 747b7ce7ca
Signed by: coolneng
GPG Key ID: 9893DA236405AF57
4 changed files with 44 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
configuration.nix
View File

@ -103,12 +103,6 @@ with pkgs;
interval = "monthly"; interval = "monthly";
}; };
# Auto-upgrade the system and reboot if needed
system.autoUpgrade = {
enable = true;
allowReboot = true;
};
# Run Nix garbage collector, while avoiding recompilation and enable flakes # Run Nix garbage collector, while avoiding recompilation and enable flakes
nix = { nix = {
settings.auto-optimise-store = true; settings.auto-optimise-store = true;
@ -166,9 +160,34 @@ with pkgs;
owner = "miniflux"; owner = "miniflux";
group = "miniflux"; group = "miniflux";
}; };
secrets.git.file = secrets/git.age;
identityPaths = [ "/etc/ssh/id_ed25519" ]; identityPaths = [ "/etc/ssh/id_ed25519" ];
}; };
# Auto-upgrade the system
system.autoUpgrade = {
enable = true;
flake = "/home/coolneng/system";
flags = [
"--update-input"
"agenix"
"--update-input"
"nixpkgs"
"--commit-lock-file"
];
};
# Configure git for auto-upgrade
programs.git = {
enable = true;
config = {
user.name = "coolneng";
user.email = "akasroua@gmail.com";
safe.directory = "/home/coolneng/system";
credential.helper = "store --file ${config.age.secrets.git.path}";
};
};
# Import other configuration modules # Import other configuration modules
imports = [ imports = [
./modules/hardware-configuration.nix ./modules/hardware-configuration.nix

10
modules/periodic.nix
View File

@ -83,4 +83,14 @@ in {
requires = [ "sata-hat.service" ]; requires = [ "sata-hat.service" ];
after = [ "vault.mount" ]; after = [ "vault.mount" ];
}; };
# Push zion changes to git daily
systemd.services.zion-push = {
description = "Push zion changes to git";
path = with pkgs; [ git ];
script = "${pkgs.git}/bin/git -C /home/coolneng/system push";
serviceConfig.Type = "oneshot";
startAt = "07:00:00";
after = [ "network-online.target" ];
};
} }

8
secrets/git.age Normal file
View File

@ -0,0 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 iUaRGg MMf85MfBRho4AAWRJW6WlGxG4Drnuz9qqBlTzpOKiRc
tZSl7z0wkSO0K0mJ44q9Ix3yVCMp3LMh/jllNAOK5+E
-> n5p-grease .1Sb)yr iCEC
lXYS70Iag6qiAErdO8kSpaTqeBwXTWszUTCT1M3Uy4VxFY17
--- iWFH19Fd0y8eP9rkWjHt4xqFXqVC/S6dNEfczvRkGwY
txE ÍRÍ«$Y¡õ<>×åj`Ánýjùö“±¬¤ƒRIP$$Ag]ë³·Õ2äÜg F
t«[uà†ÙóMžÈnGðáßç§qï¶;xa†Å¡<C385>qe UçãyT©´˜Þ¼Á$©,6Äœ

1
secrets/secrets.nix
View File

@ -8,4 +8,5 @@ in {
"gitea.age".publicKeys = [ zion ]; "gitea.age".publicKeys = [ zion ];
"ddclient.age".publicKeys = [ zion ]; "ddclient.age".publicKeys = [ zion ];
"miniflux.age".publicKeys = [ zion ]; "miniflux.age".publicKeys = [ zion ];
"git.age".publicKeys = [ zion ];
} }