Harald Hoyer
1e5ceb6c73
Include git in the `PATH` for the `nixos-upgrade` systemd service. This change ensures that the service can execute git commands during its operations. The path addition resolves issues related to unavailable git commands.
157 lines
3.4 KiB
Nix
157 lines
3.4 KiB
Nix
{ pkgs, lib, ... }:
|
|
{
|
|
imports = [
|
|
# ./goaccess.nix
|
|
./acme.nix
|
|
./backup.nix
|
|
./coturn.nix
|
|
./forgejo.nix
|
|
./hardware-configuration.nix
|
|
./kicker.nix
|
|
./mailserver.nix
|
|
./network.nix
|
|
./nextcloud.nix
|
|
./nginx.nix
|
|
./postgresql.nix
|
|
./rspamd.nix
|
|
./users.nix
|
|
];
|
|
|
|
metacfg = {
|
|
base.enable = true;
|
|
nix.enable = true;
|
|
podman.enable = true;
|
|
secureboot.enable = false;
|
|
tools = {
|
|
direnv.enable = true;
|
|
};
|
|
};
|
|
|
|
security = {
|
|
tpm2.enable = lib.mkDefault true;
|
|
tpm2.abrmd.enable = lib.mkDefault true;
|
|
};
|
|
|
|
system.autoUpgrade = {
|
|
enable = true;
|
|
dates = "04:00";
|
|
operation = "switch";
|
|
allowReboot = true;
|
|
# flake = lib.mkForce "git+file:///var/lib/gitea/repositories/harald/nixcfg.git#mx";
|
|
flake = lib.mkForce "/root/nixcfg/.#mx";
|
|
};
|
|
|
|
systemd.services.nixos-upgrade = {
|
|
path = [ pkgs.git ];
|
|
preStart = ''
|
|
cd /root
|
|
git fetch origin
|
|
git reset --hard origin/HEAD
|
|
'';
|
|
};
|
|
|
|
nix.gc = {
|
|
dates = "daily";
|
|
options = "--delete-older-than 7d";
|
|
};
|
|
|
|
programs.git.config = {
|
|
safe.directory = "/var/lib/gitea/repositories/harald/nixcfg.git";
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
age
|
|
apacheHttpd # for mkpasswd
|
|
efibootmgr
|
|
fgallery
|
|
git
|
|
htop
|
|
mdadm
|
|
rrsync
|
|
tpm2-pkcs11
|
|
tpm2-pkcs11.out
|
|
tpm2-tools
|
|
zola
|
|
];
|
|
|
|
sops.age.sshKeyPaths = [ "/var/lib/secrets/ssh_host_ed25519_key" ];
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
hostKeys = [
|
|
{
|
|
path = "/var/lib/secrets/ssh_host_ed25519_key";
|
|
type = "ed25519";
|
|
}
|
|
{
|
|
path = "/var/lib/secrets/ssh_host_rsa_key";
|
|
type = "rsa";
|
|
bits = 4096;
|
|
}
|
|
];
|
|
};
|
|
|
|
systemd.services = {
|
|
check_boot = {
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
Environment = "PATH=/run/current-system/sw/bin";
|
|
ExecStart = toString (
|
|
pkgs.writeShellScript "check_boot.sh" ''
|
|
CURRENT=$(df /boot | grep /boot | awk '{ print $5}' | sed 's/%//g')
|
|
THRESHOLD=85
|
|
|
|
if [ "$CURRENT" -gt "$THRESHOLD" ] ; then
|
|
${pkgs.mailutils}/bin/mail -s '/boot Disk Space Alert' harald << EOF
|
|
Your /boot partition remaining free space is critically low. Used: $CURRENT%
|
|
EOF
|
|
fi
|
|
''
|
|
);
|
|
};
|
|
wantedBy = [ "default.target" ];
|
|
};
|
|
};
|
|
|
|
systemd.timers = {
|
|
check_boot = {
|
|
timerConfig = {
|
|
OnCalendar = "daily";
|
|
};
|
|
wantedBy = [ "timers.target" ];
|
|
};
|
|
};
|
|
|
|
systemd.services = {
|
|
check_root = {
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
Environment = "PATH=/run/current-system/sw/bin";
|
|
ExecStart = toString (
|
|
pkgs.writeShellScript "check_root.sh" ''
|
|
CURRENT=$(df / | grep / | awk '{ print $5}' | sed 's/%//g')
|
|
THRESHOLD=85
|
|
|
|
if [ "$CURRENT" -gt "$THRESHOLD" ] ; then
|
|
${pkgs.mailutils}/bin/mail -s '/boot Disk Space Alert' harald << EOF
|
|
Your root partition remaining free space is critically low. Used: $CURRENT%
|
|
EOF
|
|
fi
|
|
''
|
|
);
|
|
};
|
|
wantedBy = [ "default.target" ];
|
|
};
|
|
};
|
|
|
|
systemd.timers = {
|
|
check_root = {
|
|
timerConfig = {
|
|
OnCalendar = "daily";
|
|
};
|
|
wantedBy = [ "timers.target" ];
|
|
};
|
|
};
|
|
|
|
system.stateVersion = "23.05";
|
|
}
|