modules/autoupgrade: init

machines/massicot/default.nix

@@ -1,7 +1,5 @@
 {
   inputs,
-  config,
-  libs,
   pkgs,
   ...
 }:
@@ -51,13 +49,6 @@
     efiSupport = true;
     configurationLimit = 5;
   };
-  #
-  # fileSystems."/mnt/storage" = {
-  #   device = "//u380335-sub1.your-storagebox.de/u380335-sub1";
-  #   fsType = "cifs";
-  #   options = [ "credentials=${config.sops.secrets.storage_box_mount.path}" ];
-  # };
-  #
   environment.systemPackages = with pkgs; [
     cifs-utils
     git
@@ -69,14 +60,11 @@
     hostName = "massicot";
   };
 
-  custom.kanidm-client = {
-    enable = true;
-    uri = "https://auth.xinyang.life/";
-    asSSHAuth = {
+  commonSettings = {
+    auth.enable = true;
+    nix = {
       enable = true;
-      allowedGroups = [ "linux_users" ];
     };
-    sudoers = [ "xin@auth.xinyang.life" ];
   };
 
   security.sudo = {

machines/massicot/kanidm-provision.nix

@@ -139,7 +139,8 @@
         originUrl = [
           "http://localhost/"
           "http://127.0.0.1/"
-          "oc://android.owncloud.com"
+          # TODO: Should allow mobile redirect url not ending with /
+          # "oc://android.owncloud.com"
         ];
         basicSecretFile = config.sops.secrets."kanidm/ocis_android_secret".path;
         preferShortUsername = true;

machines/weilite/default.nix

@@ -17,6 +17,7 @@
     networking.hostName = "weilite";
     commonSettings = {
       auth.enable = true;
+      autoupgrade.enable = true;
       nix = {
         enable = true;
         enableMirrors = true;
@@ -157,7 +158,7 @@
             repo = "github.com/caddy-dns/cloudflare";
             version = "89f16b99c18ef49c8bb470a82f895bce01cbaece";
           }
-{
+          {
             repo = "github.com/caddy-dns/dnspod";
             version = "1fd4ce87e919f47db5fa029c31ae74b9737a58af";
           }

modules/nixos/common-settings/autoupgrade.nix

@@ -0,0 +1,32 @@
+{
+  config,
+  lib,
+  ...
+}:
+
+let
+  inherit (lib)
+    mkIf
+    mkEnableOption
+    mkOption
+    types
+    ;
+
+  cfg = config.commonSettings.autoupgrade;
+in
+{
+  options.commonSettings.autoupgrade = {
+    enable = mkEnableOption "auto upgrade with nixos-rebuild";
+    flake = mkOption {
+      type = types.str;
+      default = "github:xinyangli/nixos-config/deploy";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    system.autoUpgrade = {
+      enable = true;
+      flake = cfg.flake;
+    };
+  };
+}

modules/nixos/default.nix

@@ -1,6 +1,7 @@
 {
   imports = [
     ./common-settings/auth.nix
+    ./common-settings/autoupgrade.nix
     ./common-settings/nix-conf.nix
     ./restic.nix
     ./vaultwarden.nix