2023-09-12 08:44:05 -06:00
|
|
|
{ config
|
|
|
|
|
, lib
|
|
|
|
|
, ...
|
2023-07-11 09:12:50 -06:00
|
|
|
}:
|
2022-08-25 12:21:35 -06:00
|
|
|
with lib; {
|
|
|
|
|
options = {
|
|
|
|
|
autoUpdate = {
|
|
|
|
|
enable = mkOption {
|
|
|
|
|
description = "Enable Auto Update";
|
|
|
|
|
default = true;
|
|
|
|
|
example = true;
|
|
|
|
|
type = lib.types.bool;
|
|
|
|
|
};
|
|
|
|
|
};
|
2024-05-31 08:29:22 -06:00
|
|
|
needsDeploy = {
|
|
|
|
|
enable = mkOption {
|
|
|
|
|
description = "Host needs deploy key to receive encrypted secrets";
|
|
|
|
|
default = true;
|
|
|
|
|
example = true;
|
|
|
|
|
type = lib.types.bool;
|
|
|
|
|
};
|
|
|
|
|
};
|
2022-08-25 12:21:35 -06:00
|
|
|
};
|
|
|
|
|
|
2022-08-25 21:23:58 -06:00
|
|
|
config = mkMerge [
|
|
|
|
|
(mkIf config.autoUpdate.enable {
|
|
|
|
|
system.autoUpgrade = {
|
2022-11-04 07:23:28 -06:00
|
|
|
# enable is set in flake depending on the state of the tree
|
|
|
|
|
# DIRTY means disabled, git revision means enabled
|
2022-11-08 14:54:41 -07:00
|
|
|
allowReboot = mkDefault true;
|
2022-08-25 21:23:58 -06:00
|
|
|
flake = "github:qbit/xin";
|
2022-08-26 20:25:46 -06:00
|
|
|
dates = "*-*-* *:05:00";
|
2022-08-25 21:23:58 -06:00
|
|
|
};
|
|
|
|
|
})
|
2024-05-31 08:29:22 -06:00
|
|
|
|
|
|
|
|
# Always add our host alias or we run into a bootstrap issue
|
|
|
|
|
(mkIf config.needsDeploy.enable {
|
|
|
|
|
programs.ssh.extraConfig =
|
|
|
|
|
''
|
|
|
|
|
Host xin-secrets-ro
|
|
|
|
|
IdentityFile ${config.sops.secrets.xin_secrets_deploy_key.path}
|
|
|
|
|
User gitea
|
|
|
|
|
Port 2222
|
|
|
|
|
Hostname git.tapenet.org
|
|
|
|
|
'';
|
|
|
|
|
})
|
2022-08-25 21:23:58 -06:00
|
|
|
];
|
2022-08-25 12:21:35 -06:00
|
|
|
}
|
