nix-dotfiles/home/services/git-maintenance.nix

56 lines
1.4 KiB
Nix
Raw Normal View History

2024-06-30 14:39:36 +02:00
{ config, pkgs, lib, ... }:
2024-08-05 14:09:48 +02:00
let
cfg = config.programs.git;
in
2024-06-30 14:39:36 +02:00
{
systemd.user.services."git-maintenance@" = {
Unit = {
Description = "Optimize Git repositories data";
Documentation = [ "man:git-maintenance(1)" ];
};
Service = {
Type = "oneshot";
2024-08-05 14:09:48 +02:00
ExecStart = "${lib.getExe pkgs.git} for-each-repo --config=maintenance.repo maintenance run --no-quiet --schedule=%i";
Environment = [
"PATH=${lib.makeBinPath (with pkgs; [ cfg.package openssh ])}"
];
2024-06-30 14:39:36 +02:00
LockPersonality = "yes";
MemoryDenyWriteExecute = "yes";
NoNewPrivileges = "yes";
RestrictAddressFamilies = [
"AF_UNIX"
"AF_INET"
"AF_INET6"
"AF_VSOCK"
];
RestrictNamespaces = "yes";
RestrictRealtime = "yes";
RestrictSUIDSGID = "yes";
SystemCallArchitectures = "native";
SystemCallFilter = "@system-service";
};
};
2024-08-05 14:09:48 +02:00
systemd.user.timers."git-maintenance@" = {
2024-06-30 14:39:36 +02:00
Unit = {
Description = "Optimize Git repositories data";
Documentation = [ "man:git-maintenance(1)" ];
};
Timer = {
Persistent = true;
};
Install = {
WantedBy = [ "timers.target" ];
};
};
2024-08-05 14:09:48 +02:00
systemd.user.timers."git-maintenance@hourly".Timer.OnCalendar = "*-*-* 1..23:05:00";
systemd.user.timers."git-maintenance@daily".Timer.OnCalendar = "Tue..Sun *-*-* 0:05:00";
systemd.user.timers."git-maintenance@weekly".Timer.OnCalendar = "Mon 0:05:00";
2024-06-30 14:39:36 +02:00
}