Configure flake auto-upgrade

2022-06-07 00:11:57 +02:00 · 2022-06-07 00:11:57 +02:00 · 747b7ce7ca
parent f5966c6271
commit 747b7ce7ca
4 changed files with 44 additions and 6 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -103,12 +103,6 @@ with pkgs;
    interval = "monthly";
  };

-  # Auto-upgrade the system and reboot if needed
-  system.autoUpgrade = {
-    enable = true;
-    allowReboot = true;
-  };
-
  # Run Nix garbage collector, while avoiding recompilation and enable flakes
  nix = {
    settings.auto-optimise-store = true;
@ -166,9 +160,34 @@ with pkgs;
      owner = "miniflux";
      group = "miniflux";
    };
+    secrets.git.file = secrets/git.age;
    identityPaths = [ "/etc/ssh/id_ed25519" ];
  };

+  # Auto-upgrade the system
+  system.autoUpgrade = {
+    enable = true;
+    flake = "/home/coolneng/system";
+    flags = [
+      "--update-input"
+      "agenix"
+      "--update-input"
+      "nixpkgs"
+      "--commit-lock-file"
+    ];
+  };
+
+  # Configure git for auto-upgrade
+  programs.git = {
+    enable = true;
+    config = {
+      user.name = "coolneng";
+      user.email = "akasroua@gmail.com";
+      safe.directory = "/home/coolneng/system";
+      credential.helper = "store --file ${config.age.secrets.git.path}";
+    };
+  };
+
  # Import other configuration modules
  imports = [
    ./modules/hardware-configuration.nix
--- a/modules/periodic.nix
+++ b/modules/periodic.nix
@ -83,4 +83,14 @@ in {
    requires = [ "sata-hat.service" ];
    after = [ "vault.mount" ];
  };
+
+  # Push zion changes to git daily
+  systemd.services.zion-push = {
+    description = "Push zion changes to git";
+    path = with pkgs; [ git ];
+    script = "${pkgs.git}/bin/git -C /home/coolneng/system push";
+    serviceConfig.Type = "oneshot";
+    startAt = "07:00:00";
+    after = [ "network-online.target" ];
+  };
 }
--- a/secrets/git.age
+++ b/secrets/git.age
@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 iUaRGg MMf85MfBRho4AAWRJW6WlGxG4Drnuz9qqBlTzpOKiRc
+tZSl7z0wkSO0K0mJ44q9Ix3yVCMp3LMh/jllNAOK5+E
+-> n5p-grease .1Sb)yr iCEC
+lXYS70Iag6qiAErdO8kSpaTqeBwXTWszUTCT1M3Uy4VxFY17
+--- iWFH19Fd0y8eP9rkWjHt4xqFXqVC/S6dNEfczvRkGwY
+txE	ÍRÍ«$Y¡õ<>×åj`Áný‘jùö“±¬¤ƒRI‚P$$Ag›]ë³·Õ2äÜgF
+t«[uà†ÙóMžÈnGðáßç§qï¶;xa†Å¡<C385>qe
UÃ§ãyT©´˜Þ¼Á$©,6Äœ
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -8,4 +8,5 @@ in {
  "gitea.age".publicKeys = [ zion ];
  "ddclient.age".publicKeys = [ zion ];
  "miniflux.age".publicKeys = [ zion ];
+  "git.age".publicKeys = [ zion ];
 }