Auto-upgrade: Allow git pull as specific user
This commit is contained in:
parent
b756893fa5
commit
7304bba68b
|
|
@ -94,6 +94,7 @@ in
|
|||
sendEmail = true;
|
||||
gitPull = true;
|
||||
gitDeploymentKeyFile = "/secrets/ssh_id_gitea_nixos_configuration";
|
||||
gitUser = "fruchti";
|
||||
};
|
||||
|
||||
# systemd.services.nixos-upgrade.onFailure = lib.mkIf config.system.autoUpgrade.enable [ "status-email@%n.service" ];
|
||||
|
|
|
|||
|
|
@ -29,6 +29,13 @@ in
|
|||
Private SSH key used for the `git pull` operation (if `gitPull` is enabled).
|
||||
'';
|
||||
};
|
||||
gitUser = mkOption {
|
||||
type = types.str or null;
|
||||
default = null;
|
||||
description = mdDoc ''
|
||||
User used for the `git pull` operation (if `gitPull` is enabled).
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
|
@ -41,6 +48,7 @@ in
|
|||
grep = "${pkgs.gnugrep}/bin/grep";
|
||||
git = "${pkgs.git}/bin/git";
|
||||
ssh = "${pkgs.openssh}/bin/ssh";
|
||||
sudo = "${pkgs.sudo}/bin/sudo";
|
||||
shutdown = "${config.systemd.package}/bin/shutdown";
|
||||
sendmail = "${pkgs.system-sendmail}/bin/sendmail";
|
||||
upgradeFlag = optional (cfg.channel == null) "--upgrade";
|
||||
|
|
@ -95,7 +103,7 @@ in
|
|||
{
|
||||
cd /etc/nixos
|
||||
echo "→ Refreshing git repository at /etc/nixos." | tee -a "$output_file"
|
||||
if ! ${optionalString (cfg.gitDeploymentKeyFile != null) ''GIT_SSH_COMMAND='${ssh} -i "${cfg.gitDeploymentKeyFile}" -o IdentitiesOnly=yes' ''}${git} pull 2>&1 | tee -a "$output_file" ; then
|
||||
if ! ${optionalString (cfg.gitDeploymentKeyFile != null) ''GIT_SSH_COMMAND='${ssh} -i "${cfg.gitDeploymentKeyFile}" -o IdentitiesOnly=yes' ''}${optionalString (cfg.gitUser != null) ''${sudo} -nu ${cfg.gitUser} ''}${git} pull 2>&1 | tee -a "$output_file" ; then
|
||||
send_email=yes
|
||||
email_subject_additions="$email_subject_additions, errors during git pull"
|
||||
fi
|
||||
|
|
|
|||
Loading…
Reference in a new issue