From bddb20cd1321aded46b46863ffd817908707c8c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= Date: Fri, 28 Jul 2023 14:20:50 +0300 Subject: [PATCH] updater: move to it's own service --- data.nix | 8 +++--- hosts/vno1-oh2/configuration.nix | 26 ++++-------------- modules/services/default.nix | 1 + modules/services/updaterbot/default.nix | 36 +++++++++++++++++++++++++ 4 files changed, 46 insertions(+), 25 deletions(-) create mode 100644 modules/services/updaterbot/default.nix diff --git a/data.nix b/data.nix index 6b124fb..6de0878 100644 --- a/data.nix +++ b/data.nix @@ -11,15 +11,15 @@ rec { }; hosts = { - "vno1-oh2.servers.jakst" = { - extraHostNames = ["dl.jakstys.lt" "vno1-oh2.jakstys.lt"]; + "vno1-oh2.servers.jakst" = rec { + extraHostNames = ["dl.jakstys.lt" "vno1-oh2.jakstys.lt" publicIP jakstIP]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHtYsaht57g2sp6UmLHqsCK+fHjiiZ0rmGceFmFt88pY"; initrdPubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKns3+EIPqKeoB5OIxANIkppb5ICOmkW8X1DOKJPeRWr"; publicIP = "88.223.107.21"; jakstIP = "100.89.176.4"; }; - "hel1-a.servers.jakst" = { - extraHostNames = ["hel1-a.jakstys.lt" "git.jakstys.lt" "vpn.jakstys.lt" "jakstys.lt" "www.jakstys.lt"]; + "hel1-a.servers.jakst" = rec { + extraHostNames = ["hel1-a.jakstys.lt" "git.jakstys.lt" "vpn.jakstys.lt" "jakstys.lt" "www.jakstys.lt" publicIP jakstIP]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF6Wd2lKrpP2Gqul10obMo2dc1xKaaLv0I4FAnfIaFKu"; initrdPubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEzt0eaSRTAfM2295x4vACEd5VFqVeYJPV/N9ZUq+voP"; publicIP = "65.21.7.119"; diff --git a/hosts/vno1-oh2/configuration.nix b/hosts/vno1-oh2/configuration.nix index d83689f..e828e7f 100644 --- a/hosts/vno1-oh2/configuration.nix +++ b/hosts/vno1-oh2/configuration.nix @@ -63,6 +63,11 @@ }; services = { + updaterbot = { + enable = true; + uidgid = myData.uidgid.updaterbot; + }; + postfix = { enable = true; saslPasswdPath = config.age.secrets.sasl-passwd.path; @@ -88,27 +93,6 @@ }; }; - users = { - users = { - # TODO: git config --global user.email bot@jakstys.lt - updaterbot = { - description = "Dear Updater Bot"; - home = "/var/lib/updaterbot"; - useDefaultShell = true; - group = "updaterbot"; - isSystemUser = true; - createHome = true; - uid = myData.uidgid.updaterbot; - }; - }; - - groups = { - updaterbot.gid = myData.uidgid.updaterbot; - }; - }; - - nix.settings.trusted-users = ["updaterbot"]; - services = { tailscale.enable = true; diff --git a/modules/services/default.nix b/modules/services/default.nix index c6796d2..630f1f6 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -7,6 +7,7 @@ imports = [ ./postfix ./syncthing + ./updaterbot ./zfsunlock ]; } diff --git a/modules/services/updaterbot/default.nix b/modules/services/updaterbot/default.nix new file mode 100644 index 0000000..845d4c3 --- /dev/null +++ b/modules/services/updaterbot/default.nix @@ -0,0 +1,36 @@ +{ + config, + lib, + ... +}: { + options.mj.services.updaterbot = with lib.types; { + enable = lib.mkEnableOption "Enable system updater"; + deployDerivations = lib.mkOption {type = listOf str;}; + uidgid = lib.mkOption {type = int;}; + repo = lib.mkOption {type = str;}; + }; + + config = lib.mkIf config.mj.services.updaterbot.enable { + users = { + users = { + # TODO: git config --global user.email updaterbot@jakstys.lt + # TODO: ssh-keygen -t ed25519 + updaterbot = { + description = "Dear Updaterbot"; + home = "/var/lib/updaterbot"; + useDefaultShell = true; + group = "updaterbot"; + isSystemUser = true; + createHome = true; + uid = config.mj.services.updaterbot.uidgid; + }; + }; + + groups = { + updaterbot.gid = config.mj.services.updaterbot.uidgid; + }; + }; + + nix.settings.trusted-users = ["updaterbot"]; + }; +}