motiejus/config
1
Fork 0
Code Packages Releases Activity

updater: move to it's own service

Browse Source
This commit is contained in:
Motiejus Jakštys 2023-07-28 14:20:50 +03:00
parent e9c8320f72
commit bddb20cd13
4 changed files with 46 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
data.nix
View File

@ -11,15 +11,15 @@ rec {
}; };
hosts = { hosts = {
"vno1-oh2.servers.jakst" = { "vno1-oh2.servers.jakst" = rec {
extraHostNames = ["dl.jakstys.lt" "vno1-oh2.jakstys.lt"]; extraHostNames = ["dl.jakstys.lt" "vno1-oh2.jakstys.lt" publicIP jakstIP];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHtYsaht57g2sp6UmLHqsCK+fHjiiZ0rmGceFmFt88pY"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHtYsaht57g2sp6UmLHqsCK+fHjiiZ0rmGceFmFt88pY";
initrdPubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKns3+EIPqKeoB5OIxANIkppb5ICOmkW8X1DOKJPeRWr"; initrdPubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKns3+EIPqKeoB5OIxANIkppb5ICOmkW8X1DOKJPeRWr";
publicIP = "88.223.107.21"; publicIP = "88.223.107.21";
jakstIP = "100.89.176.4"; jakstIP = "100.89.176.4";
}; };
"hel1-a.servers.jakst" = { "hel1-a.servers.jakst" = rec {
extraHostNames = ["hel1-a.jakstys.lt" "git.jakstys.lt" "vpn.jakstys.lt" "jakstys.lt" "www.jakstys.lt"]; extraHostNames = ["hel1-a.jakstys.lt" "git.jakstys.lt" "vpn.jakstys.lt" "jakstys.lt" "www.jakstys.lt" publicIP jakstIP];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF6Wd2lKrpP2Gqul10obMo2dc1xKaaLv0I4FAnfIaFKu"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF6Wd2lKrpP2Gqul10obMo2dc1xKaaLv0I4FAnfIaFKu";
initrdPubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEzt0eaSRTAfM2295x4vACEd5VFqVeYJPV/N9ZUq+voP"; initrdPubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEzt0eaSRTAfM2295x4vACEd5VFqVeYJPV/N9ZUq+voP";
publicIP = "65.21.7.119"; publicIP = "65.21.7.119";

26
hosts/vno1-oh2/configuration.nix
View File

@ -63,6 +63,11 @@
}; };
services = { services = {
updaterbot = {
enable = true;
uidgid = myData.uidgid.updaterbot;
};
postfix = { postfix = {
enable = true; enable = true;
saslPasswdPath = config.age.secrets.sasl-passwd.path; saslPasswdPath = config.age.secrets.sasl-passwd.path;
@ -88,27 +93,6 @@
}; };
}; };
users = {
users = {
# TODO: git config --global user.email bot@jakstys.lt
updaterbot = {
description = "Dear Updater Bot";
home = "/var/lib/updaterbot";
useDefaultShell = true;
group = "updaterbot";
isSystemUser = true;
createHome = true;
uid = myData.uidgid.updaterbot;
};
};
groups = {
updaterbot.gid = myData.uidgid.updaterbot;
};
};
nix.settings.trusted-users = ["updaterbot"];
services = { services = {
tailscale.enable = true; tailscale.enable = true;

1
modules/services/default.nix
View File

@ -7,6 +7,7 @@
imports = [ imports = [
./postfix ./postfix
./syncthing ./syncthing
./updaterbot
./zfsunlock ./zfsunlock
]; ];
} }

36
modules/services/updaterbot/default.nix Normal file
View File

@ -0,0 +1,36 @@
{
config,
lib,
...
}: {
options.mj.services.updaterbot = with lib.types; {
enable = lib.mkEnableOption "Enable system updater";
deployDerivations = lib.mkOption {type = listOf str;};
uidgid = lib.mkOption {type = int;};
repo = lib.mkOption {type = str;};
};
config = lib.mkIf config.mj.services.updaterbot.enable {
users = {
users = {
# TODO: git config --global user.email updaterbot@jakstys.lt
# TODO: ssh-keygen -t ed25519
updaterbot = {
description = "Dear Updaterbot";
home = "/var/lib/updaterbot";
useDefaultShell = true;
group = "updaterbot";
isSystemUser = true;
createHome = true;
uid = config.mj.services.updaterbot.uidgid;
};
};
groups = {
updaterbot.gid = config.mj.services.updaterbot.uidgid;
};
};
nix.settings.trusted-users = ["updaterbot"];
};
}