motiejus
/
config
1
Fork 0
Code Packages Releases Activity
config/modules/services/updaterbot/default.nix

74 lines
2.1 KiB
Nix
Raw Blame History

{
config,
lib,
pkgs,
...
}: {
options.mj.services.updaterbot = with lib.types; {
enable = lib.mkEnableOption "Enable system updater";
deployDerivations = lib.mkOption {type = listOf str;};
uidgid = lib.mkOption {type = int;};
repo = lib.mkOption {type = str;};
};
config = lib.mkIf config.mj.services.updaterbot.enable {
users = {
users = {
# TODO: git config --global user.email updaterbot@jakstys.lt
# TODO: ssh-keygen -t ed25519
updaterbot = {
description = "Dear Updaterbot";
home = "/var/lib/updaterbot";
useDefaultShell = true;
group = "updaterbot";
isSystemUser = true;
createHome = true;
uid = config.mj.services.updaterbot.uidgid;
};
};
groups = {
updaterbot.gid = config.mj.services.updaterbot.uidgid;
};
};
systemd.services.updaterbot = {
description = "Update all known systems";
preStart = ''
if [[ -f .ssh/id_ed25519 ]]; then exit; fi
${pkgs.openssh}/bin/ssh-keygen -N "" -t ed25519 -f .ssh/id_ed25519
'';
serviceConfig = {
Type = "oneshot";
User = "updaterbot";
WorkingDirectory = config.users.users.updaterbot.home;
};
script = let
deployDerivations = builtins.concatStringsSep " " config.mj.services.updaterbot.deployDerivations;
in ''
set -x
export GIT_SSH_COMMAND="${pkgs.openssh}/bin/ssh -i $HOME/.ssh/id_ed25519"
if [[ ! -d config ]]; then
${pkgs.git}/bin/git clone ${config.mj.services.updaterbot.repo} config
cd config
else
cd config
${pkgs.git}/bin/git fetch origin
${pkgs.git}/bin/git reset --hard origin/main
fi
export PATH=$PATH:${pkgs.git}/bin
${pkgs.nix}/bin/nix flake update --accept-flake-config --commit-lock-file
${pkgs.git}/bin/git push origin main
exec ${pkgs.nix}/bin/nix run .#deploy-rs ${deployDerivations}
'';
};
mj.base.unitstatus.units = ["updaterbot"];
nix.settings.trusted-users = ["updaterbot"];
};
}
View Git Blame Copy Permalink