clerie/nixfiles
1
0
Fork 0
Code Activity

hosts/osmium: deploy nixfiles inputs update script

Browse Source
This commit is contained in:
clerie
2023-09-01 16:38:34 +02:00
parent b83055e0af
commit 553542071d
5 changed files with 36 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/osmium/configuration.nix
View File

@@ -5,6 +5,8 @@
[
./hardware-configuration.nix
../../configuration/proxmox-vm
./nixfiles-updated-inputs.nix
];
boot.loader.grub.enable = true;

21
hosts/osmium/nixfiles-updated-inputs.nix Normal file
View File

@@ -0,0 +1,21 @@
{ config, pkgs, ... }:
{
systemd.services.nixfiles-updated-inputs = {
environment = {
GIT_SSH_COMMAND = "ssh -o UserKnownHostsFile=${pkgs.writeText "known_hosts" "git.clerie.de ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIHQDwfRlw6L+pkLjXDgW2BUWlY1zNEDtVhNEsClgqaL"} -i %d/nixfiles-updated-inputs-ssh";
# nix likes a home directory to place the cache there
HOME = "/var/lib/nixfiles-updated-inputs";
};
serviceConfig = {
Type = "oneshot";
ExecStart = pkgs.nixfiles-updated-inputs + "/bin/nixfiles-updated-inputs";
StateDirectory = "nixfiles-updated-inputs";
WorkingDirectory = "/var/lib/nixfiles-updated-inputs";
DynamicUser = true;
# this sets the correct file permissions for the ssh key because we use DynamicUser
LoadCredential = "nixfiles-updated-inputs-ssh:${config.age.secrets."nixfiles-updated-inputs-ssh".path}";
};
startAt = "*-*-* 03:03:00";
};
}

BIN
hosts/osmium/secrets/nixfiles-updated-inputs-ssh.age Normal file
View File

Binary file not shown.