all: enable autoUpgrade for everything
This commit is contained in:
parent
a6dfd91515
commit
e13bcb9dae
11
default.nix
11
default.nix
@ -22,7 +22,7 @@ in {
|
||||
./services
|
||||
./system/nix-config.nix
|
||||
./system/nix-lockdown.nix
|
||||
#./system/update.nix
|
||||
./system/update.nix
|
||||
./users
|
||||
|
||||
./bins
|
||||
@ -46,6 +46,15 @@ in {
|
||||
config = {
|
||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
|
||||
sops.secrets = {
|
||||
xin_secrets_deploy_key = {
|
||||
sopsFile = config.xin-secrets.deploy;
|
||||
owner = "root";
|
||||
group = "wheel";
|
||||
mode = "400";
|
||||
};
|
||||
};
|
||||
|
||||
security.pki.certificates = [''
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIBrjCCAVOgAwIBAgIIKUKZ6zcNut8wCgYIKoZIzj0EAwIwFzEVMBMGA1UEAxMM
|
||||
|
12
flake.lock
generated
12
flake.lock
generated
@ -242,18 +242,18 @@
|
||||
"stable": "stable_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1661453539,
|
||||
"narHash": "sha256-gTqg3+/EQDUBcApgn5Lf5Ybu9yGHkqJBvqp80g8VKrE=",
|
||||
"lastModified": 1661480432,
|
||||
"narHash": "sha256-Z+o84wE3O+mTKtGBAAeVa5J+UcFNDRYytYe38ReVe84=",
|
||||
"ref": "main",
|
||||
"rev": "d0f828c31429f9ceaeef469a7c2834aa59523b09",
|
||||
"revCount": 24,
|
||||
"rev": "34c3214c299f839b014a4aed735557feb4640383",
|
||||
"revCount": 26,
|
||||
"type": "git",
|
||||
"url": "ssh://gitea@git.tapenet.org:2222/qbit/xin-secrets.git"
|
||||
"url": "ssh://xin-secrets-ro/qbit/xin-secrets.git"
|
||||
},
|
||||
"original": {
|
||||
"ref": "main",
|
||||
"type": "git",
|
||||
"url": "ssh://gitea@git.tapenet.org:2222/qbit/xin-secrets.git"
|
||||
"url": "ssh://xin-secrets-ro/qbit/xin-secrets.git"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
@ -3,8 +3,7 @@
|
||||
|
||||
inputs = {
|
||||
xin-secrets = {
|
||||
url =
|
||||
"git+ssh://gitea@git.tapenet.org:2222/qbit/xin-secrets.git?ref=main";
|
||||
url = "git+ssh://xin-secrets-ro/qbit/xin-secrets.git?ref=main";
|
||||
};
|
||||
unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||
stable.url = "github:NixOS/nixpkgs/nixos-22.05-small";
|
||||
|
@ -11,10 +11,23 @@ with lib; {
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf config.autoUpdate.enable {
|
||||
config = mkMerge [
|
||||
(mkIf config.autoUpdate.enable {
|
||||
system.autoUpgrade = {
|
||||
enable = true;
|
||||
allowReboot = false;
|
||||
flake = "github:qbit/xin";
|
||||
};
|
||||
};
|
||||
})
|
||||
{
|
||||
# Always add our host alias or we run into a bootstrap issue
|
||||
programs.ssh.extraConfig = ''
|
||||
Host xin-secrets-ro
|
||||
IdentityFile ${config.sops.secrets.xin_secrets_deploy_key.path}
|
||||
User gitea
|
||||
Port 2222
|
||||
Hostname git.tapenet.org
|
||||
'';
|
||||
}
|
||||
];
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user