feat(sysupdate): Download from dl.patagia.dev. Add gpg authentication.
This commit is contained in:
parent
a069860ec4
commit
32f06a06fe
SSH key fingerprint:
SHA256:dQy1Xj3UiqJYpKR5ggQ2bxgz4jCH8IF+k3AB8o0kmdI
1 changed files with 34 additions and 9 deletions
|
|
@ -1,4 +1,33 @@
|
|||
{ config, ... }: {
|
||||
{ config, pkgs, ... }:
|
||||
let
|
||||
gpgPubKeyStaging = ''
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mDMEZvb3mhYJKwYBBAHaRw8BAQdAvyH7AMLukMEF/1as7auAh757//LlO/kBG8pm
|
||||
zhOlTj20LFBhdGFnaWEgU3RhZ2luZyA8bm9yZXBseStzdGFnaW5nQHBhdGFnaWEu
|
||||
aW8+iJQEExYKADwWIQTjWE8tGxWc+3+vxyy1R4V5MjgMzAUCZvb3mgIbAwUJBaOa
|
||||
gAQLCQgHBBUKCQgFFgIDAQACHgUCF4AACgkQtUeFeTI4DMwDWAEAlMAhSZh086Ux
|
||||
OfLBR1QYgHtXmk6tObJurWkZq6cGICwA/2fBOtZcLfAPRWYPLHAtsqtFrO6CIyQG
|
||||
H6n4Iv3D5ZsCuDgEZvb3mhIKKwYBBAGXVQEFAQEHQPKKcltfHlELIHf0AYcd0nOe
|
||||
GaWcAnoW4o3zLZUVNnlpAwEIB4h+BBgWCgAmFiEE41hPLRsVnPt/r8cstUeFeTI4
|
||||
DMwFAmb295oCGwwFCQWjmoAACgkQtUeFeTI4DMzuegEA62XIq4Ir+4DWdTql58bA
|
||||
+0Vr89dMQsAxwVzGGzl8D8wBAMuPY6/2SwbA7KwWuz8L/cTPQVLBt+TSdYeuCBps
|
||||
e5UE
|
||||
=m2st
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
'';
|
||||
gpgKeyring = pkgs.runCommand "gpg-keyring" { buildInputs = [ pkgs.gnupg ]; } ''
|
||||
mkdir -p $out
|
||||
export GNUPGHOME=$out
|
||||
gpg --no-default-keyring --keyring=$out/import-pubring.gpg --fingerprint
|
||||
gpg --no-default-keyring --keyring=$out/import-pubring.gpg --import <<< '${gpgPubKeyStaging}'
|
||||
rm $out/S.scdaemon $out/S.gpg-agent $out/S.gpg-agent.*
|
||||
'';
|
||||
in
|
||||
{
|
||||
|
||||
environment.etc."systemd/import-pubring.gpg".source = "${gpgKeyring}/import-pubring.gpg";
|
||||
|
||||
systemd.sysupdate = {
|
||||
enable = true;
|
||||
|
||||
|
|
@ -11,10 +40,8 @@
|
|||
|
||||
# We could fetch updates from the network as well:
|
||||
#
|
||||
# Path = "https://download.example.com/";
|
||||
# Type = "url-file";
|
||||
Path = "/var/updates/";
|
||||
Type = "regular-file";
|
||||
Path = "https://images.dl.patagia.dev/";
|
||||
Type = "url-file";
|
||||
};
|
||||
Target = {
|
||||
InstancesMax = 2;
|
||||
|
|
@ -38,10 +65,8 @@
|
|||
MatchPattern = [
|
||||
"${config.boot.uki.name}_@v.img.xz"
|
||||
];
|
||||
# Path = "https://download.example.com/";
|
||||
# Type = "url-file";
|
||||
Path = "/var/updates/";
|
||||
Type = "regular-file";
|
||||
Path = "https://images.dl.patagia.dev/";
|
||||
Type = "url-file";
|
||||
};
|
||||
|
||||
Target = {
|
||||
|
|
|
|||
Loading…
Reference in a new issue