From f905f051a0c719b944288fbee64cb62e38b496a8 Mon Sep 17 00:00:00 2001
From: xinyangli <lixinyang411@gmail.com>
Date: Tue, 24 Sep 2024 10:53:51 +0800
Subject: [PATCH] modules/autoupgrade: init

---
 machines/massicot/default.nix                 | 18 ++---------
 machines/massicot/kanidm-provision.nix        |  3 +-
 machines/weilite/default.nix                  |  3 +-
 modules/nixos/common-settings/autoupgrade.nix | 32 +++++++++++++++++++
 modules/nixos/default.nix                     |  1 +
 5 files changed, 40 insertions(+), 17 deletions(-)
 create mode 100644 modules/nixos/common-settings/autoupgrade.nix

diff --git a/machines/massicot/default.nix b/machines/massicot/default.nix
index f74f265..ecbc6e2 100644
--- a/machines/massicot/default.nix
+++ b/machines/massicot/default.nix
@@ -1,7 +1,5 @@
 {
   inputs,
-  config,
-  libs,
   pkgs,
   ...
 }:
@@ -51,13 +49,6 @@
     efiSupport = true;
     configurationLimit = 5;
   };
-  #
-  # fileSystems."/mnt/storage" = {
-  #   device = "//u380335-sub1.your-storagebox.de/u380335-sub1";
-  #   fsType = "cifs";
-  #   options = [ "credentials=${config.sops.secrets.storage_box_mount.path}" ];
-  # };
-  #
   environment.systemPackages = with pkgs; [
     cifs-utils
     git
@@ -69,14 +60,11 @@
     hostName = "massicot";
   };
 
-  custom.kanidm-client = {
-    enable = true;
-    uri = "https://auth.xinyang.life/";
-    asSSHAuth = {
+  commonSettings = {
+    auth.enable = true;
+    nix = {
       enable = true;
-      allowedGroups = [ "linux_users" ];
     };
-    sudoers = [ "xin@auth.xinyang.life" ];
   };
 
   security.sudo = {
diff --git a/machines/massicot/kanidm-provision.nix b/machines/massicot/kanidm-provision.nix
index bd38b03..91f86d2 100644
--- a/machines/massicot/kanidm-provision.nix
+++ b/machines/massicot/kanidm-provision.nix
@@ -139,7 +139,8 @@
         originUrl = [
           "http://localhost/"
           "http://127.0.0.1/"
-          "oc://android.owncloud.com"
+          # TODO: Should allow mobile redirect url not ending with /
+          # "oc://android.owncloud.com"
         ];
         basicSecretFile = config.sops.secrets."kanidm/ocis_android_secret".path;
         preferShortUsername = true;
diff --git a/machines/weilite/default.nix b/machines/weilite/default.nix
index 2d2ef8c..ea52862 100644
--- a/machines/weilite/default.nix
+++ b/machines/weilite/default.nix
@@ -17,6 +17,7 @@
     networking.hostName = "weilite";
     commonSettings = {
       auth.enable = true;
+      autoupgrade.enable = true;
       nix = {
         enable = true;
         enableMirrors = true;
@@ -157,7 +158,7 @@
             repo = "github.com/caddy-dns/cloudflare";
             version = "89f16b99c18ef49c8bb470a82f895bce01cbaece";
           }
-{
+          {
             repo = "github.com/caddy-dns/dnspod";
             version = "1fd4ce87e919f47db5fa029c31ae74b9737a58af";
           }
diff --git a/modules/nixos/common-settings/autoupgrade.nix b/modules/nixos/common-settings/autoupgrade.nix
new file mode 100644
index 0000000..6c2cc83
--- /dev/null
+++ b/modules/nixos/common-settings/autoupgrade.nix
@@ -0,0 +1,32 @@
+{
+  config,
+  lib,
+  ...
+}:
+
+let
+  inherit (lib)
+    mkIf
+    mkEnableOption
+    mkOption
+    types
+    ;
+
+  cfg = config.commonSettings.autoupgrade;
+in
+{
+  options.commonSettings.autoupgrade = {
+    enable = mkEnableOption "auto upgrade with nixos-rebuild";
+    flake = mkOption {
+      type = types.str;
+      default = "github:xinyangli/nixos-config/deploy";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    system.autoUpgrade = {
+      enable = true;
+      flake = cfg.flake;
+    };
+  };
+}
diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
index 36bf773..bfc36ce 100644
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@@ -1,6 +1,7 @@
 {
   imports = [
     ./common-settings/auth.nix
+    ./common-settings/autoupgrade.nix
     ./common-settings/nix-conf.nix
     ./restic.nix
     ./vaultwarden.nix