2023-09-01 16:38:34 +02:00
|
|
|
{ config, pkgs, ... }:
|
|
|
|
|
|
|
|
{
|
2024-03-17 16:14:54 +01:00
|
|
|
systemd.services.clerie-update-nixfiles = {
|
2023-09-01 16:38:34 +02:00
|
|
|
environment = {
|
2024-03-17 16:14:54 +01:00
|
|
|
GIT_SSH_COMMAND = "ssh -o UserKnownHostsFile=${pkgs.writeText "known_hosts" "git.clerie.de ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIHQDwfRlw6L+pkLjXDgW2BUWlY1zNEDtVhNEsClgqaL"} -i %d/clerie-update-nixfiles-ssh";
|
2023-09-01 16:38:34 +02:00
|
|
|
# nix likes a home directory to place the cache there
|
2024-03-17 16:14:54 +01:00
|
|
|
HOME = "/var/lib/clerie-update-nixfiles";
|
2023-09-01 16:38:34 +02:00
|
|
|
};
|
|
|
|
serviceConfig = {
|
|
|
|
Type = "oneshot";
|
2024-03-17 16:14:54 +01:00
|
|
|
ExecStart = pkgs.clerie-update-nixfiles + "/bin/clerie-update-nixfiles";
|
|
|
|
StateDirectory = "clerie-update-nixfiles";
|
|
|
|
WorkingDirectory = "/var/lib/clerie-update-nixfiles";
|
2023-09-01 16:38:34 +02:00
|
|
|
DynamicUser = true;
|
|
|
|
# this sets the correct file permissions for the ssh key because we use DynamicUser
|
2024-04-28 10:57:03 +02:00
|
|
|
LoadCredential = "clerie-update-nixfiles-ssh:${config.sops.secrets."clerie-update-nixfiles-ssh".path}";
|
2023-09-01 16:38:34 +02:00
|
|
|
};
|
|
|
|
startAt = "*-*-* 03:03:00";
|
|
|
|
};
|
|
|
|
}
|