37 lines
941 B
Nix
37 lines
941 B
Nix
{
|
|
config,
|
|
lib,
|
|
...
|
|
}: {
|
|
options.mj.services.updaterbot = with lib.types; {
|
|
enable = lib.mkEnableOption "Enable system updater";
|
|
deployDerivations = lib.mkOption {type = listOf str;};
|
|
uidgid = lib.mkOption {type = int;};
|
|
repo = lib.mkOption {type = str;};
|
|
};
|
|
|
|
config = lib.mkIf config.mj.services.updaterbot.enable {
|
|
users = {
|
|
users = {
|
|
# TODO: git config --global user.email updaterbot@jakstys.lt
|
|
# TODO: ssh-keygen -t ed25519
|
|
updaterbot = {
|
|
description = "Dear Updaterbot";
|
|
home = "/var/lib/updaterbot";
|
|
useDefaultShell = true;
|
|
group = "updaterbot";
|
|
isSystemUser = true;
|
|
createHome = true;
|
|
uid = config.mj.services.updaterbot.uidgid;
|
|
};
|
|
};
|
|
|
|
groups = {
|
|
updaterbot.gid = config.mj.services.updaterbot.uidgid;
|
|
};
|
|
};
|
|
|
|
nix.settings.trusted-users = ["updaterbot"];
|
|
};
|
|
}
|