hosts/osmium: deploy nixfiles inputs update script
This commit is contained in:
parent
b83055e0af
commit
553542071d
@ -5,6 +5,8 @@
|
|||||||
[
|
[
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
../../configuration/proxmox-vm
|
../../configuration/proxmox-vm
|
||||||
|
|
||||||
|
./nixfiles-updated-inputs.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.loader.grub.enable = true;
|
boot.loader.grub.enable = true;
|
||||||
|
21
hosts/osmium/nixfiles-updated-inputs.nix
Normal file
21
hosts/osmium/nixfiles-updated-inputs.nix
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
systemd.services.nixfiles-updated-inputs = {
|
||||||
|
environment = {
|
||||||
|
GIT_SSH_COMMAND = "ssh -o UserKnownHostsFile=${pkgs.writeText "known_hosts" "git.clerie.de ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIHQDwfRlw6L+pkLjXDgW2BUWlY1zNEDtVhNEsClgqaL"} -i %d/nixfiles-updated-inputs-ssh";
|
||||||
|
# nix likes a home directory to place the cache there
|
||||||
|
HOME = "/var/lib/nixfiles-updated-inputs";
|
||||||
|
};
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
ExecStart = pkgs.nixfiles-updated-inputs + "/bin/nixfiles-updated-inputs";
|
||||||
|
StateDirectory = "nixfiles-updated-inputs";
|
||||||
|
WorkingDirectory = "/var/lib/nixfiles-updated-inputs";
|
||||||
|
DynamicUser = true;
|
||||||
|
# this sets the correct file permissions for the ssh key because we use DynamicUser
|
||||||
|
LoadCredential = "nixfiles-updated-inputs-ssh:${config.age.secrets."nixfiles-updated-inputs-ssh".path}";
|
||||||
|
};
|
||||||
|
startAt = "*-*-* 03:03:00";
|
||||||
|
};
|
||||||
|
}
|
BIN
hosts/osmium/secrets/nixfiles-updated-inputs-ssh.age
Normal file
BIN
hosts/osmium/secrets/nixfiles-updated-inputs-ssh.age
Normal file
Binary file not shown.
@ -1,10 +1,12 @@
|
|||||||
{ pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
|
|
||||||
pkgs.writeShellApplication {
|
pkgs.writeShellApplication {
|
||||||
name = "nixfiles-updated-inputs.sh";
|
name = "nixfiles-updated-inputs";
|
||||||
text = builtins.readFile ./nixfiles-updated-inputs.sh;
|
text = builtins.readFile ./nixfiles-updated-inputs.sh;
|
||||||
runtimeInputs = [
|
runtimeInputs = with pkgs; [
|
||||||
pkgs.git
|
git
|
||||||
|
nix
|
||||||
|
openssh
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -4,10 +4,15 @@ set -euo pipefail
|
|||||||
|
|
||||||
NOW="$(date --utc --iso-8601=minutes)"
|
NOW="$(date --utc --iso-8601=minutes)"
|
||||||
|
|
||||||
git fetch origin master
|
git status || git clone gitea@git.clerie.de:clerie/nixfiles.git .
|
||||||
|
echo "[!] Download changes"
|
||||||
|
git fetch --all
|
||||||
git checkout updated-inputs
|
git checkout updated-inputs
|
||||||
git merge -s ort -X theirs origin/master -m "Update from master ${NOW}"
|
git -c "user.name=Flake Update Bot" -c "user.email=flake-update-bot@clerie.de" merge -s ort -X theirs origin/master -m "Update from master ${NOW}"
|
||||||
|
echo "[!] Update inputs"
|
||||||
nix flake update
|
nix flake update
|
||||||
|
echo "[!] Commit changes"
|
||||||
git add flake.lock
|
git add flake.lock
|
||||||
git commit -m "Flake update ${NOW}" || true
|
git -c "user.name=Flake Update Bot" -c "user.email=flake-update-bot@clerie.de" commit -m "Flake update ${NOW}" || true
|
||||||
|
echo "[!] Publish"
|
||||||
git push origin updated-inputs
|
git push origin updated-inputs
|
||||||
|
Loading…
Reference in New Issue
Block a user