git signing

2025-07-14 21:55:44 +02:00 · 2025-07-14 21:55:44 +02:00 · a018670eae
commit a018670eae
parent fc85e43c82
5 changed files with 69 additions and 8 deletions
--- a/host/roam/default.nix
+++ b/host/roam/default.nix
@ -3,6 +3,7 @@
  networking.hostName = "roam";

  imports = [
+    ./git.nix
    ./hardware-configuration.nix
    ./networking.nix
    ./services.nix
--- a/host/roam/git.nix
+++ b/host/roam/git.nix
@ -0,0 +1,13 @@
+{ pkgs, var, ... }:
+{
+  programs.git.enable = true;
+  users.groups.git = { };
+  users.users.git = {
+    isSystemUser = true;
+    home = "/git";
+    createHome = true;
+    group = "git";
+    shell = "${pkgs.git}/bin/git-shell";
+    openssh.authorizedKeys.keys = var.ssh-keys.unprivileged;
+  };
+}
--- a/host/roam/services.nix
+++ b/host/roam/services.nix
@ -1,7 +1,9 @@
-{ var, config, ... }:
-let
-  headscale-domain = "headscale.hdohmen.de";
-in
+{
+  var,
+  config,
+  pkgs,
+  ...
+}:
 {
  services = {
    nginx = {
@ -34,4 +36,26 @@ in
      443
    ];
  };
+
+  systemd = {
+    timers."backup-rclone" = {
+      wantedBy = [ "timers.target" ];
+      timerConfig = {
+        OnCalendar = "daily";
+        Persistent = true;
+        Unit = "backup-rclone.service";
+      };
+    };
+    services."backup-rclone" = {
+      script = ''
+        ${pkgs.rclone}/bin/rclone copy /home/hd/Documents odc:Documents
+        ${pkgs.rclone}/bin/rclone copy /git odc:git
+      '';
+      path = [ pkgs.rclone ];
+      serviceConfig = {
+        Type = "oneshot";
+        User = "root";
+      };
+    };
+  };
 }