xin/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

modules/autoupgrade: init

Browse source
This commit is contained in:
xinyangli 2024-09-24 10:53:51 +08:00
parent fb30c14c91
commit f905f051a0
Signed by: xin
SSH key fingerprint: SHA256:UU5pRTl7NiLFJbWJZa+snLylZSXIz5rgHmwjzv8v4oE
5 changed files with 40 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
machines/massicot/default.nix
View file

@ -1,7 +1,5 @@
{ {
inputs, inputs,
config,
libs,
pkgs, pkgs,
... ...
}: }:
@ -51,13 +49,6 @@
efiSupport = true; efiSupport = true;
configurationLimit = 5; configurationLimit = 5;
}; };
#
# fileSystems."/mnt/storage" = {
# device = "//u380335-sub1.your-storagebox.de/u380335-sub1";
# fsType = "cifs";
# options = [ "credentials=${config.sops.secrets.storage_box_mount.path}" ];
# };
#
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
cifs-utils cifs-utils
git git
@ -69,14 +60,11 @@
hostName = "massicot"; hostName = "massicot";
}; };
custom.kanidm-client = { commonSettings = {
enable = true; auth.enable = true;
uri = "https://auth.xinyang.life/"; nix = {
asSSHAuth = {
enable = true; enable = true;
allowedGroups = [ "linux_users" ];
}; };
sudoers = [ "xin@auth.xinyang.life" ];
}; };
security.sudo = { security.sudo = {

3
machines/massicot/kanidm-provision.nix
View file

@ -139,7 +139,8 @@
originUrl = [ originUrl = [
"http://localhost/" "http://localhost/"
"http://127.0.0.1/" "http://127.0.0.1/"
"oc://android.owncloud.com" # TODO: Should allow mobile redirect url not ending with /
# "oc://android.owncloud.com"
]; ];
basicSecretFile = config.sops.secrets."kanidm/ocis_android_secret".path; basicSecretFile = config.sops.secrets."kanidm/ocis_android_secret".path;
preferShortUsername = true; preferShortUsername = true;

3
machines/weilite/default.nix
View file

@ -17,6 +17,7 @@
networking.hostName = "weilite"; networking.hostName = "weilite";
commonSettings = { commonSettings = {
auth.enable = true; auth.enable = true;
autoupgrade.enable = true;
nix = { nix = {
enable = true; enable = true;
enableMirrors = true; enableMirrors = true;
@ -157,7 +158,7 @@
repo = "github.com/caddy-dns/cloudflare"; repo = "github.com/caddy-dns/cloudflare";
version = "89f16b99c18ef49c8bb470a82f895bce01cbaece"; version = "89f16b99c18ef49c8bb470a82f895bce01cbaece";
} }
{ {
repo = "github.com/caddy-dns/dnspod"; repo = "github.com/caddy-dns/dnspod";
version = "1fd4ce87e919f47db5fa029c31ae74b9737a58af"; version = "1fd4ce87e919f47db5fa029c31ae74b9737a58af";
} }

32
modules/nixos/common-settings/autoupgrade.nix Normal file
View file

@ -0,0 +1,32 @@
{
config,
lib,
...
}:
let
inherit (lib)
mkIf
mkEnableOption
mkOption
types
;
cfg = config.commonSettings.autoupgrade;
in
{
options.commonSettings.autoupgrade = {
enable = mkEnableOption "auto upgrade with nixos-rebuild";
flake = mkOption {
type = types.str;
default = "github:xinyangli/nixos-config/deploy";
};
};
config = mkIf cfg.enable {
system.autoUpgrade = {
enable = true;
flake = cfg.flake;
};
};
}

1
modules/nixos/default.nix
View file

@ -1,6 +1,7 @@
{ {
imports = [ imports = [
./common-settings/auth.nix ./common-settings/auth.nix
./common-settings/autoupgrade.nix
./common-settings/nix-conf.nix ./common-settings/nix-conf.nix
./restic.nix ./restic.nix
./vaultwarden.nix ./vaultwarden.nix