46 lines
1.3 KiB
Nix
46 lines
1.3 KiB
Nix
|
{ config, self, pkgs, ... }: {
|
||
|
|
||
|
sops.secrets.merge-bot-gitea-token = { };
|
||
|
|
||
|
systemd.timers.job-flake-update = {
|
||
|
description = "Time for flake update workflow";
|
||
|
partOf = [ "job-flake-update.service" ];
|
||
|
wantedBy = [ "timers.target" ];
|
||
|
timerConfig = {
|
||
|
Persistent = true;
|
||
|
OnCalendar = "daily";
|
||
|
};
|
||
|
after = [ "network-online.target" ];
|
||
|
};
|
||
|
|
||
|
# service to for automatic merge bot
|
||
|
systemd.services.job-flake-update = {
|
||
|
description = "Automatically update flake inputs for clan-repos";
|
||
|
after = [ "network-online.target" ];
|
||
|
environment = {
|
||
|
GITEA_TOKEN_FILE = "%d/GITEA_TOKEN_FILE";
|
||
|
# these ariables are repescted by git itself
|
||
|
GIT_AUTHOR_NAME = "Clan Merge Bot";
|
||
|
GIT_COMMITTER_NAME = "Clan Merge Bot";
|
||
|
GIT_AUTHOR_EMAIL = "clan-bot@git.clan.lol";
|
||
|
GIT_COMMITTER_EMAIL = "clan-bot@git.clan.lol";
|
||
|
};
|
||
|
serviceConfig = {
|
||
|
LoadCredential = [ "GITEA_TOKEN_FILE:${config.sops.secrets.merge-bot-gitea-token.path}" ];
|
||
|
DynamicUser = true;
|
||
|
RuntimeDirectory = "job-flake-update";
|
||
|
};
|
||
|
path = [
|
||
|
self.packages.${pkgs.system}.job-flake-update
|
||
|
self.packages.${pkgs.system}.job-flake-update
|
||
|
];
|
||
|
script = ''
|
||
|
cd /run/job-flake-update
|
||
|
mkdir -p home
|
||
|
export HOME=$(realpath home)
|
||
|
export REPO_DIR=$HOME/repo
|
||
|
job-flake-update
|
||
|
'';
|
||
|
};
|
||
|
}
|