Commit bb47f16e8d2c
Changed files (2)
systems
carthage
systems/carthage/extra.nix
@@ -198,6 +198,53 @@ in
group = "root";
};
+ age.secrets."flux-github-token" = {
+ file = ../../secrets/carthage/flux-github-token.age;
+ mode = "400";
+ owner = "vincent";
+ group = "users";
+ };
+
+ # Flux — website generator (hourly)
+ systemd.tmpfiles.rules = [
+ "d /var/lib/flux 0755 vincent users -"
+ ];
+
+ systemd.services.flux-generate = {
+ description = "Generate and deploy vincent.demeester.fr";
+ serviceConfig = {
+ Type = "oneshot";
+ User = "vincent";
+ Group = "users";
+ WorkingDirectory = "/var/lib/flux";
+ ExecStart = "/var/lib/flux/www/scripts/flux-generate.sh";
+ Environment = "HOME=/home/vincent";
+ };
+ path = with pkgs; [
+ nix
+ bash
+ git
+ openssh
+ rsync
+ coreutils
+ findutils
+ gnused
+ gnugrep
+ gnutar
+ gzip
+ ];
+ };
+
+ systemd.timers.flux-generate = {
+ description = "Generate website hourly";
+ wantedBy = [ "timers.target" ];
+ timerConfig = {
+ OnCalendar = "hourly";
+ Persistent = true;
+ RandomizedDelaySec = "5min";
+ };
+ };
+
# Allow Caddy to access git repositories in vincent's home
users.users.caddy.extraGroups = [ "users" ];
secrets.nix
@@ -176,4 +176,7 @@ in
# SearXNG on sakhalin
"secrets/sakhalin/searxng-secret-key.age".publicKeys = users ++ [ sakhalin ];
+
+ # Flux website generator on carthage
+ "secrets/carthage/flux-github-token.age".publicKeys = users ++ [ carthage ];
}