all: enable autoUpgrade for everything

This commit is contained in:
Aaron Bieber 2022-08-25 21:23:58 -06:00
parent a6dfd91515
commit e13bcb9dae
No known key found for this signature in database
4 changed files with 36 additions and 15 deletions

View File

@ -22,7 +22,7 @@ in {
./services
./system/nix-config.nix
./system/nix-lockdown.nix
#./system/update.nix
./system/update.nix
./users
./bins
@ -46,6 +46,15 @@ in {
config = {
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
sops.secrets = {
xin_secrets_deploy_key = {
sopsFile = config.xin-secrets.deploy;
owner = "root";
group = "wheel";
mode = "400";
};
};
security.pki.certificates = [''
-----BEGIN CERTIFICATE-----
MIIBrjCCAVOgAwIBAgIIKUKZ6zcNut8wCgYIKoZIzj0EAwIwFzEVMBMGA1UEAxMM

12
flake.lock generated
View File

@ -242,18 +242,18 @@
"stable": "stable_2"
},
"locked": {
"lastModified": 1661453539,
"narHash": "sha256-gTqg3+/EQDUBcApgn5Lf5Ybu9yGHkqJBvqp80g8VKrE=",
"lastModified": 1661480432,
"narHash": "sha256-Z+o84wE3O+mTKtGBAAeVa5J+UcFNDRYytYe38ReVe84=",
"ref": "main",
"rev": "d0f828c31429f9ceaeef469a7c2834aa59523b09",
"revCount": 24,
"rev": "34c3214c299f839b014a4aed735557feb4640383",
"revCount": 26,
"type": "git",
"url": "ssh://gitea@git.tapenet.org:2222/qbit/xin-secrets.git"
"url": "ssh://xin-secrets-ro/qbit/xin-secrets.git"
},
"original": {
"ref": "main",
"type": "git",
"url": "ssh://gitea@git.tapenet.org:2222/qbit/xin-secrets.git"
"url": "ssh://xin-secrets-ro/qbit/xin-secrets.git"
}
}
},

View File

@ -3,8 +3,7 @@
inputs = {
xin-secrets = {
url =
"git+ssh://gitea@git.tapenet.org:2222/qbit/xin-secrets.git?ref=main";
url = "git+ssh://xin-secrets-ro/qbit/xin-secrets.git?ref=main";
};
unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
stable.url = "github:NixOS/nixpkgs/nixos-22.05-small";

View File

@ -11,10 +11,23 @@ with lib; {
};
};
config = mkIf config.autoUpdate.enable {
config = mkMerge [
(mkIf config.autoUpdate.enable {
system.autoUpgrade = {
enable = true;
allowReboot = false;
flake = "github:qbit/xin";
};
};
})
{
# Always add our host alias or we run into a bootstrap issue
programs.ssh.extraConfig = ''
Host xin-secrets-ro
IdentityFile ${config.sops.secrets.xin_secrets_deploy_key.path}
User gitea
Port 2222
Hostname git.tapenet.org
'';
}
];
}