updater: move to it's own service

2023-07-28 14:20:50 +03:00 · 2023-07-28 14:20:50 +03:00 · bddb20cd13
commit bddb20cd13
parent e9c8320f72
4 changed files with 46 additions and 25 deletions
--- a/data.nix
+++ b/data.nix
@ -11,15 +11,15 @@ rec {
  };

  hosts = {
-    "vno1-oh2.servers.jakst" = {
-      extraHostNames = ["dl.jakstys.lt" "vno1-oh2.jakstys.lt"];
+    "vno1-oh2.servers.jakst" = rec {
+      extraHostNames = ["dl.jakstys.lt" "vno1-oh2.jakstys.lt" publicIP jakstIP];
      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHtYsaht57g2sp6UmLHqsCK+fHjiiZ0rmGceFmFt88pY";
      initrdPubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKns3+EIPqKeoB5OIxANIkppb5ICOmkW8X1DOKJPeRWr";
      publicIP = "88.223.107.21";
      jakstIP = "100.89.176.4";
    };
-    "hel1-a.servers.jakst" = {
-      extraHostNames = ["hel1-a.jakstys.lt" "git.jakstys.lt" "vpn.jakstys.lt" "jakstys.lt" "www.jakstys.lt"];
+    "hel1-a.servers.jakst" = rec {
+      extraHostNames = ["hel1-a.jakstys.lt" "git.jakstys.lt" "vpn.jakstys.lt" "jakstys.lt" "www.jakstys.lt" publicIP jakstIP];
      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF6Wd2lKrpP2Gqul10obMo2dc1xKaaLv0I4FAnfIaFKu";
      initrdPubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEzt0eaSRTAfM2295x4vACEd5VFqVeYJPV/N9ZUq+voP";
      publicIP = "65.21.7.119";
--- a/hosts/vno1-oh2/configuration.nix
+++ b/hosts/vno1-oh2/configuration.nix
@ -63,6 +63,11 @@
    };

    services = {
+      updaterbot = {
+        enable = true;
+        uidgid = myData.uidgid.updaterbot;
+      };
+
      postfix = {
        enable = true;
        saslPasswdPath = config.age.secrets.sasl-passwd.path;
@ -88,27 +93,6 @@
    };
  };

-  users = {
-    users = {
-      # TODO: git config --global user.email bot@jakstys.lt
-      updaterbot = {
-        description = "Dear Updater Bot";
-        home = "/var/lib/updaterbot";
-        useDefaultShell = true;
-        group = "updaterbot";
-        isSystemUser = true;
-        createHome = true;
-        uid = myData.uidgid.updaterbot;
-      };
-    };
-
-    groups = {
-      updaterbot.gid = myData.uidgid.updaterbot;
-    };
-  };
-
-  nix.settings.trusted-users = ["updaterbot"];
-
  services = {
    tailscale.enable = true;

--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@ -7,6 +7,7 @@
  imports = [
    ./postfix
    ./syncthing
+    ./updaterbot
    ./zfsunlock
  ];
 }
--- a/modules/services/updaterbot/default.nix
+++ b/modules/services/updaterbot/default.nix
@ -0,0 +1,36 @@
+{
+  config,
+  lib,
+  ...
+}: {
+  options.mj.services.updaterbot = with lib.types; {
+    enable = lib.mkEnableOption "Enable system updater";
+    deployDerivations = lib.mkOption {type = listOf str;};
+    uidgid = lib.mkOption {type = int;};
+    repo = lib.mkOption {type = str;};
+  };
+
+  config = lib.mkIf config.mj.services.updaterbot.enable {
+    users = {
+      users = {
+        # TODO: git config --global user.email updaterbot@jakstys.lt
+        # TODO: ssh-keygen -t ed25519
+        updaterbot = {
+          description = "Dear Updaterbot";
+          home = "/var/lib/updaterbot";
+          useDefaultShell = true;
+          group = "updaterbot";
+          isSystemUser = true;
+          createHome = true;
+          uid = config.mj.services.updaterbot.uidgid;
+        };
+      };
+
+      groups = {
+        updaterbot.gid = config.mj.services.updaterbot.uidgid;
+      };
+    };
+
+    nix.settings.trusted-users = ["updaterbot"];
+  };
+}