46 lines
1.0 KiB
Nix
46 lines
1.0 KiB
Nix
{ services, pkgs, lib, makeBinPath, ... }:
|
|
let
|
|
domain = "runas.rocks";
|
|
runas_root = "/var/lib/runas.rocks/dist";
|
|
service_name = "runas.rocks-pull";
|
|
network = import ./network.nix;
|
|
mkStartScript = name: pkgs.writeShellScript "${name}.sh" ''
|
|
set -euo pipefail
|
|
cd ${runas_root}
|
|
git pull origin master --rebase
|
|
'';
|
|
in
|
|
{
|
|
services.nginx.virtualHosts.${domain} = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
locations."/".root = runas_root;
|
|
|
|
locations."/.git" = { return = "404"; };
|
|
};
|
|
|
|
systemd = {
|
|
services.${service_name} = {
|
|
path = [ pkgs.git ];
|
|
enable = true;
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
ExecStart = mkStartScript "${service_name}";
|
|
};
|
|
};
|
|
timers.${service_name} = {
|
|
wantedBy = [ "timers.target" ];
|
|
timerConfig = {
|
|
OnCalendar = "hourly";
|
|
Unit = "${service_name}.service";
|
|
};
|
|
};
|
|
};
|
|
|
|
networking.extraHosts = ''
|
|
${network.architect-lan} ${domain}
|
|
${network.architect-wg} ${domain}
|
|
'';
|
|
}
|