nixos/modules/server/system.nix

{
  config,
  secrets,
  ...
}: {
  # Automatically `nixos-rebuild switch` daily with the latest configuration
  # from git. This overwrites any uncommitted changes in ~/nixos/, which is why
  # it is only enabled on servers. Note that this requires updating flake.lock
  # in the repository periodically (see .gitea/workflows/update.yaml).
  system.autoUpgrade = {
    enable = true;
    flake = "git+https://git.caspervk.net/caspervk/nixos.git";
  };

  # The `nixos-secrets` flake input requires authentication
  systemd.services.nixos-upgrade.environment.GIT_SSH_COMMAND = "ssh -i ${config.age.secrets.autoupgrade-deploy-key.path}";

  age.secrets.autoupgrade-deploy-key = {
    file = "${secrets}/secrets/autoupgrade-deploy-key.age";
    mode = "400";
    owner = "root";
    group = "root";
  };
}
Use secrets from nixos-secrets repo 2024-03-28 16:35:03 +01:00			`{`
			`config,`
			`secrets,`
			`...`
			`}: {`
autoupgrade on servers 2023-08-26 15:15:30 +02:00			# Automatically `nixos-rebuild switch` daily with the latest configuration
			`# from git. This overwrites any uncommitted changes in ~/nixos/, which is why`
			`# it is only enabled on servers. Note that this requires updating flake.lock`
fix autoupgrade comment 2024-09-09 22:37:44 +02:00			`# in the repository periodically (see .gitea/workflows/update.yaml).`
autoupgrade on servers 2023-08-26 15:15:30 +02:00			`system.autoUpgrade = {`
			`enable = true;`
			`flake = "git+https://git.caspervk.net/caspervk/nixos.git";`
			`};`
Use secrets from nixos-secrets repo 2024-03-28 16:35:03 +01:00
			# The `nixos-secrets` flake input requires authentication
			`systemd.services.nixos-upgrade.environment.GIT_SSH_COMMAND = "ssh -i ${config.age.secrets.autoupgrade-deploy-key.path}";`

			`age.secrets.autoupgrade-deploy-key = {`
			`file = "${secrets}/secrets/autoupgrade-deploy-key.age";`
			`mode = "400";`
			`owner = "root";`
			`group = "root";`
			`};`
autoupgrade on servers 2023-08-26 15:15:30 +02:00			`}`