42 lines
1.3 KiB
Nix
42 lines
1.3 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
let
|
|
cfg = config.services.gitea;
|
|
in
|
|
{
|
|
sops.secrets = {
|
|
"gitea/passwd-ssh-key" = { };
|
|
"gitea/ssh-known-hosts" = { };
|
|
"gitea/import-user-env" = { };
|
|
};
|
|
|
|
systemd.services.gitea-import-users = lib.mkIf cfg.enable {
|
|
enable = true;
|
|
preStart=''${pkgs.rsync}/bin/rsync -e "${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=$CREDENTIALS_DIRECTORY/ssh-known-hosts -i $CREDENTIALS_DIRECTORY/sshkey" -a pvv@smtp.pvv.ntnu.no:/etc/passwd /tmp/passwd-import'';
|
|
serviceConfig = {
|
|
ExecStart = pkgs.writers.writePython3 "gitea-import-users" {
|
|
flakeIgnore = [
|
|
"E501" # Line over 80 chars lol
|
|
];
|
|
libraries = with pkgs.python3Packages; [ requests ];
|
|
} (builtins.readFile ./gitea-import-users.py);
|
|
LoadCredential=[
|
|
"sshkey:${config.sops.secrets."gitea/passwd-ssh-key".path}"
|
|
"ssh-known-hosts:${config.sops.secrets."gitea/ssh-known-hosts".path}"
|
|
];
|
|
DynamicUser="yes";
|
|
EnvironmentFile=config.sops.secrets."gitea/import-user-env".path;
|
|
};
|
|
};
|
|
|
|
systemd.timers.gitea-import-users = lib.mkIf cfg.enable {
|
|
requires = [ "gitea.service" ];
|
|
after = [ "gitea.service" ];
|
|
wantedBy = [ "timers.target" ];
|
|
timerConfig = {
|
|
OnCalendar = "*-*-* 02:00:00";
|
|
Persistent = true;
|
|
Unit = "gitea-import-users.service";
|
|
};
|
|
};
|
|
}
|