all: enable autoUpgrade for everything
This commit is contained in:
parent
a6dfd91515
commit
e13bcb9dae
11
default.nix
11
default.nix
@ -22,7 +22,7 @@ in {
|
|||||||
./services
|
./services
|
||||||
./system/nix-config.nix
|
./system/nix-config.nix
|
||||||
./system/nix-lockdown.nix
|
./system/nix-lockdown.nix
|
||||||
#./system/update.nix
|
./system/update.nix
|
||||||
./users
|
./users
|
||||||
|
|
||||||
./bins
|
./bins
|
||||||
@ -46,6 +46,15 @@ in {
|
|||||||
config = {
|
config = {
|
||||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
|
|
||||||
|
sops.secrets = {
|
||||||
|
xin_secrets_deploy_key = {
|
||||||
|
sopsFile = config.xin-secrets.deploy;
|
||||||
|
owner = "root";
|
||||||
|
group = "wheel";
|
||||||
|
mode = "400";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
security.pki.certificates = [''
|
security.pki.certificates = [''
|
||||||
-----BEGIN CERTIFICATE-----
|
-----BEGIN CERTIFICATE-----
|
||||||
MIIBrjCCAVOgAwIBAgIIKUKZ6zcNut8wCgYIKoZIzj0EAwIwFzEVMBMGA1UEAxMM
|
MIIBrjCCAVOgAwIBAgIIKUKZ6zcNut8wCgYIKoZIzj0EAwIwFzEVMBMGA1UEAxMM
|
||||||
|
|||||||
12
flake.lock
generated
12
flake.lock
generated
@ -242,18 +242,18 @@
|
|||||||
"stable": "stable_2"
|
"stable": "stable_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1661453539,
|
"lastModified": 1661480432,
|
||||||
"narHash": "sha256-gTqg3+/EQDUBcApgn5Lf5Ybu9yGHkqJBvqp80g8VKrE=",
|
"narHash": "sha256-Z+o84wE3O+mTKtGBAAeVa5J+UcFNDRYytYe38ReVe84=",
|
||||||
"ref": "main",
|
"ref": "main",
|
||||||
"rev": "d0f828c31429f9ceaeef469a7c2834aa59523b09",
|
"rev": "34c3214c299f839b014a4aed735557feb4640383",
|
||||||
"revCount": 24,
|
"revCount": 26,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "ssh://gitea@git.tapenet.org:2222/qbit/xin-secrets.git"
|
"url": "ssh://xin-secrets-ro/qbit/xin-secrets.git"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"ref": "main",
|
"ref": "main",
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "ssh://gitea@git.tapenet.org:2222/qbit/xin-secrets.git"
|
"url": "ssh://xin-secrets-ro/qbit/xin-secrets.git"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|||||||
@ -3,8 +3,7 @@
|
|||||||
|
|
||||||
inputs = {
|
inputs = {
|
||||||
xin-secrets = {
|
xin-secrets = {
|
||||||
url =
|
url = "git+ssh://xin-secrets-ro/qbit/xin-secrets.git?ref=main";
|
||||||
"git+ssh://gitea@git.tapenet.org:2222/qbit/xin-secrets.git?ref=main";
|
|
||||||
};
|
};
|
||||||
unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
|
unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||||
stable.url = "github:NixOS/nixpkgs/nixos-22.05-small";
|
stable.url = "github:NixOS/nixpkgs/nixos-22.05-small";
|
||||||
|
|||||||
@ -11,10 +11,23 @@ with lib; {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf config.autoUpdate.enable {
|
config = mkMerge [
|
||||||
system.autoUpgrade = {
|
(mkIf config.autoUpdate.enable {
|
||||||
enable = true;
|
system.autoUpgrade = {
|
||||||
allowReboot = false;
|
enable = true;
|
||||||
};
|
allowReboot = false;
|
||||||
};
|
flake = "github:qbit/xin";
|
||||||
|
};
|
||||||
|
})
|
||||||
|
{
|
||||||
|
# Always add our host alias or we run into a bootstrap issue
|
||||||
|
programs.ssh.extraConfig = ''
|
||||||
|
Host xin-secrets-ro
|
||||||
|
IdentityFile ${config.sops.secrets.xin_secrets_deploy_key.path}
|
||||||
|
User gitea
|
||||||
|
Port 2222
|
||||||
|
Hostname git.tapenet.org
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user