22 lines
936 B
Nix
22 lines
936 B
Nix
{ config, pkgs, ... }:
|
|
|
|
{
|
|
systemd.services.nixfiles-updated-inputs = {
|
|
environment = {
|
|
GIT_SSH_COMMAND = "ssh -o UserKnownHostsFile=${pkgs.writeText "known_hosts" "git.clerie.de ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIHQDwfRlw6L+pkLjXDgW2BUWlY1zNEDtVhNEsClgqaL"} -i %d/nixfiles-updated-inputs-ssh";
|
|
# nix likes a home directory to place the cache there
|
|
HOME = "/var/lib/nixfiles-updated-inputs";
|
|
};
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
ExecStart = pkgs.nixfiles-updated-inputs + "/bin/nixfiles-updated-inputs";
|
|
StateDirectory = "nixfiles-updated-inputs";
|
|
WorkingDirectory = "/var/lib/nixfiles-updated-inputs";
|
|
DynamicUser = true;
|
|
# this sets the correct file permissions for the ssh key because we use DynamicUser
|
|
LoadCredential = "nixfiles-updated-inputs-ssh:${config.age.secrets."nixfiles-updated-inputs-ssh".path}";
|
|
};
|
|
startAt = "*-*-* 03:03:00";
|
|
};
|
|
}
|