nix-dotfiles/home/programs/git/maintenance-timers.nix

56 lines
1.4 KiB
Nix

{ config, pkgs, lib, ... }:
let
cfg = config.programs.git;
in
{
systemd.user.services."git-maintenance@" = {
Unit = {
Description = "Optimize Git repositories data";
Documentation = [ "man:git-maintenance(1)" ];
};
Service = {
Type = "oneshot";
ExecStart = "${lib.getExe pkgs.git} for-each-repo --config=maintenance.repo maintenance run --no-quiet --schedule=%i";
Environment = [
"PATH=${lib.makeBinPath (with pkgs; [ cfg.package openssh ])}"
];
LockPersonality = "yes";
MemoryDenyWriteExecute = "yes";
NoNewPrivileges = "yes";
RestrictAddressFamilies = [
"AF_UNIX"
"AF_INET"
"AF_INET6"
"AF_VSOCK"
];
RestrictNamespaces = "yes";
RestrictRealtime = "yes";
RestrictSUIDSGID = "yes";
SystemCallArchitectures = "native";
SystemCallFilter = "@system-service";
};
};
systemd.user.timers."git-maintenance@" = {
Unit = {
Description = "Optimize Git repositories data";
Documentation = [ "man:git-maintenance(1)" ];
};
Timer = {
Persistent = true;
};
Install = {
WantedBy = [ "timers.target" ];
};
};
systemd.user.timers."git-maintenance@hourly".Timer.OnCalendar = "*-*-* 1..23:05:00";
systemd.user.timers."git-maintenance@daily".Timer.OnCalendar = "Tue..Sun *-*-* 0:05:00";
systemd.user.timers."git-maintenance@weekly".Timer.OnCalendar = "Mon 0:05:00";
}