fruchti/hosts
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Auto-upgrade: Allow git pull as specific user

Browse source
This commit is contained in:
fruchti 2023-03-09 16:01:31 +01:00
parent b756893fa5
commit 7304bba68b
2 changed files with 10 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
hosts/Rupert.nix
View file

@ -94,6 +94,7 @@ in
sendEmail = true; sendEmail = true;
gitPull = true; gitPull = true;
gitDeploymentKeyFile = "/secrets/ssh_id_gitea_nixos_configuration"; gitDeploymentKeyFile = "/secrets/ssh_id_gitea_nixos_configuration";
gitUser = "fruchti";
}; };
# systemd.services.nixos-upgrade.onFailure = lib.mkIf config.system.autoUpgrade.enable [ "status-email@%n.service" ]; # systemd.services.nixos-upgrade.onFailure = lib.mkIf config.system.autoUpgrade.enable [ "status-email@%n.service" ];

10
options/auto-upgrade.nix
View file

@ -29,6 +29,13 @@ in
Private SSH key used for the `git pull` operation (if `gitPull` is enabled). Private SSH key used for the `git pull` operation (if `gitPull` is enabled).
''; '';
}; };
gitUser = mkOption {
type = types.str or null;
default = null;
description = mdDoc ''
User used for the `git pull` operation (if `gitPull` is enabled).
'';
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -41,6 +48,7 @@ in
grep = "${pkgs.gnugrep}/bin/grep"; grep = "${pkgs.gnugrep}/bin/grep";
git = "${pkgs.git}/bin/git"; git = "${pkgs.git}/bin/git";
ssh = "${pkgs.openssh}/bin/ssh"; ssh = "${pkgs.openssh}/bin/ssh";
sudo = "${pkgs.sudo}/bin/sudo";
shutdown = "${config.systemd.package}/bin/shutdown"; shutdown = "${config.systemd.package}/bin/shutdown";
sendmail = "${pkgs.system-sendmail}/bin/sendmail"; sendmail = "${pkgs.system-sendmail}/bin/sendmail";
upgradeFlag = optional (cfg.channel == null) "--upgrade"; upgradeFlag = optional (cfg.channel == null) "--upgrade";
@ -95,7 +103,7 @@ in
{ {
cd /etc/nixos cd /etc/nixos
echo " Refreshing git repository at /etc/nixos." | tee -a "$output_file" echo " Refreshing git repository at /etc/nixos." | tee -a "$output_file"
if ! ${optionalString (cfg.gitDeploymentKeyFile != null) ''GIT_SSH_COMMAND='${ssh} -i "${cfg.gitDeploymentKeyFile}" -o IdentitiesOnly=yes' ''}${git} pull 2>&1 | tee -a "$output_file" ; then if ! ${optionalString (cfg.gitDeploymentKeyFile != null) ''GIT_SSH_COMMAND='${ssh} -i "${cfg.gitDeploymentKeyFile}" -o IdentitiesOnly=yes' ''}${optionalString (cfg.gitUser != null) ''${sudo} -nu ${cfg.gitUser} ''}${git} pull 2>&1 | tee -a "$output_file" ; then
send_email=yes send_email=yes
email_subject_additions="$email_subject_additions, errors during git pull" email_subject_additions="$email_subject_additions, errors during git pull"
fi fi