Commit `06e8a6a1cdd7`

Vincent Demeester <vincent@sbr.pm>

2025-12-02 14:38:41

feat: Enable passage on aomi with automated daily updates

- Allow password management on headless aomi server - Automate password store synchronization to keep secrets current - Prevent manual intervention with daily timer and persistence Signed-off-by: Vincent Demeester <vincent@sbr.pm>

main

1 parent 0f727da

Changed files (1)

systems

aomi

home.nix

@@ -1,10 +1,11 @@
-{ pkgs, ... }:
+{ pkgs, config, ... }:
 {
   imports = [
     ../../home/common/dev/default.nix
     ../../home/common/dev/emacs.nix
     ../../home/common/dev/containers.nix
     ../../home/common/dev/tektoncd.nix
+    ../../home/common/desktop/passage.nix
   ];
   services.ssh-agent.enable = true;
   systemd.user.services.syncthing.Install.WantedBy = [ "multi-user.target" ];
@@ -12,4 +13,30 @@
   home.packages = with pkgs; [
     gnumake
   ];
+
+  # Passage update service and timer
+  systemd.user.services.passage-update = {
+    Unit = {
+      Description = "Update passage password store";
+    };
+    Service = {
+      Type = "oneshot";
+      ExecStart = "${pkgs.passage}/bin/passage git pull --rebase";
+      WorkingDirectory = config.home.sessionVariables.PASSAGE_DIR;
+    };
+  };
+
+  systemd.user.timers.passage-update = {
+    Unit = {
+      Description = "Daily passage password store update";
+    };
+    Timer = {
+      OnCalendar = "daily";
+      Persistent = true;
+      RandomizedDelaySec = "1h";
+    };
+    Install = {
+      WantedBy = [ "timers.target" ];
+    };
+  };
 }

Commit 06e8a6a1cdd7

Commit `06e8a6a1cdd7`