System/machines/oracles/automation.nix

{ config, lib, pkgs, inputs, ... }:
let
  repo-updater = pkgs.writeShellScriptBin "repo-updater"
    (builtins.readFile ../../scripts/gitea/update-repo.sh);
  environment = {
    XDG_RUNTIME_DIR = "/tmp/strangerbot";
    HOME = "/home/strangerbot";
    NIX_PATH =
      "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels";
    XDG_CONFIG_DIRS =
      "/etc/profiles/per-user/strangerbot/etc/xdg:/nix/var/nix/profiles/default/etc/xdg:/run/current-system/sw/etc/xdg";
    XDG_CONFIG_HOME = "/home/strangerbot/.config";
  };
  path = with pkgs; [
    git
    inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.nurl
    jq
    curl
    openssh
    bash
    nix
    nix-prefetch
  ];
  update-flake = { name, repo, schedule, branch ? "trunk" }: {
    systemd.services."update-flake-${name}" = {
      inherit environment;
      inherit path;
      script = ''
        env
        ${repo-updater}/bin/repo-updater ${repo} ${branch}
      '';
      serviceConfig = {
        Type = "oneshot";
        User = "strangerbot";
        Group = "users";
      };
    };
    systemd.timers."update-flake-${name}" = {
      wantedBy = [ "timers.target" ];
      partOf = [ "update-flake-${name}.service" ];
      timerConfig = {
        OnCalendar = schedule;
        Unit = "update-flake-${name}.service";
      };
    };
  };

in lib.mkMerge [
  { # Setup hosts for gitea automation
    networking.hosts = { "100.99.69.14" = [ "git.stranger.systems" ]; };
    # Setup the bot user
    users.users."strangerbot" = {
      home = "/home/strangerbot";
      description = "Stranger Bot";
      isNormalUser = true;
    };
    home-manager.users."strangerbot" = {
      programs.git = {
        userName = "Stranger Bot";
        userEmail = "bot@stranger.systems";
        extraConfig = {
          commit.gpgsign = true;
          gpg.format = "ssh";
          user.signingkey = "~/.ssh/id_ed25519.pub";
        };
      };
    };
  }
  (update-flake {
    name = "system-sunday";
    repo = "gitea@git.stranger.systems:nix/System.git";
    schedule = "Sun 23:00";
  })
  (update-flake {
    name = "system-wed";
    repo = "gitea@git.stranger.systems:nix/System.git";
    schedule = "Wed 23:00";
  })
  (update-flake {
    name = "rust-util";
    repo = "gitea@git.stranger.systems:nix/Rust.git";
    schedule = "4:00";
  })
  (update-flake {
    name = "java";
    repo = "gitea@git.stranger.systems:nix/java.git";
    branch = "master";
    schedule = "6:00";
  })
]