Patagia/patos
Patagia/patos
1
1
Code Issues 4 Pull requests 3 Activity

feat(sysupdate): Download from dl.patagia.dev. Add gpg authentication.
All checks were successful
ci/woodpecker/pr/ci Pipeline was successful
Details

Browse source
This commit is contained in:
Daniel Lundin 2024-09-17 23:59:42 +02:00
parent a069860ec4
commit a36dc01d51
Signed by: dln
SSH key fingerprint: SHA256:dQy1Xj3UiqJYpKR5ggQ2bxgz4jCH8IF+k3AB8o0kmdI
1 changed files with 33 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
modules/sysupdate.nix
View file

@ -1,4 +1,32 @@
{ config, ... }: {
{ config, pkgs, ... }:
let
gpgPubKeyStaging = ''
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEZvb3mhYJKwYBBAHaRw8BAQdAvyH7AMLukMEF/1as7auAh757//LlO/kBG8pm
zhOlTj20LFBhdGFnaWEgU3RhZ2luZyA8bm9yZXBseStzdGFnaW5nQHBhdGFnaWEu
aW8+iJQEExYKADwWIQTjWE8tGxWc+3+vxyy1R4V5MjgMzAUCZvb3mgIbAwUJBaOa
gAQLCQgHBBUKCQgFFgIDAQACHgUCF4AACgkQtUeFeTI4DMwDWAEAlMAhSZh086Ux
OfLBR1QYgHtXmk6tObJurWkZq6cGICwA/2fBOtZcLfAPRWYPLHAtsqtFrO6CIyQG
H6n4Iv3D5ZsCuDgEZvb3mhIKKwYBBAGXVQEFAQEHQPKKcltfHlELIHf0AYcd0nOe
GaWcAnoW4o3zLZUVNnlpAwEIB4h+BBgWCgAmFiEE41hPLRsVnPt/r8cstUeFeTI4
DMwFAmb295oCGwwFCQWjmoAACgkQtUeFeTI4DMzuegEA62XIq4Ir+4DWdTql58bA
+0Vr89dMQsAxwVzGGzl8D8wBAMuPY6/2SwbA7KwWuz8L/cTPQVLBt+TSdYeuCBps
e5UE
=m2st
-----END PGP PUBLIC KEY BLOCK-----
'';
gpgKeyring = pkgs.runCommand "gpg-keyring" { buildInputs = [ pkgs.gnupg ]; } ''
mkdir -p $out
export GNUPGHOME=$out
gpg --no-default-keyring --keyring=$out/import-pubring.gpg --fingerprint
gpg --no-default-keyring --keyring=$out/import-pubring.gpg --import <<< '${gpgPubKeyStaging}'
rm $out/S.scdaemon $out/S.gpg-agent $out/S.gpg-agent.*
'';
in
{
environment.etc."systemd/import-pubring.gpg".source = "${gpgKeyring}/import-pubring.gpg";
systemd.sysupdate = {
enable = true;
@ -11,10 +39,8 @@
# We could fetch updates from the network as well:
#
# Path = "https://download.example.com/";
# Type = "url-file";
Path = "/var/updates/";
Type = "regular-file";
Path = "https://images.dl.patagia.dev/";
Type = "url-file";
};
Target = {
InstancesMax = 2;
@ -38,10 +64,8 @@
MatchPattern = [
"${config.boot.uki.name}_@v.img.xz"
];
# Path = "https://download.example.com/";
# Type = "url-file";
Path = "/var/updates/";
Type = "regular-file";
Path = "https://images.dl.patagia.dev/";
Type = "url-file";
};
Target = {