Merge branch 'main' into disko

hosts/Khanda/default.nix

@@ -21,7 +21,6 @@
     };
     users.aires = {
       enable = true;
-      autologin = true;
       services = {
         syncthing = {
           enable = true;

hosts/Khanda/hardware-configuration.nix

@@ -11,6 +11,9 @@
 
   boot = {
     initrd = {
+      # Enable systemd for TPM auto-unlocking
+      systemd.enable = true;
+      
       availableKernelModules = [
         "surface_aggregator"
         "surface_aggregator_registry"

modules/base/system.nix

@@ -26,6 +26,14 @@
     };
   };
 
+  # Configure automatic updates for all hosts
+  host.services.autoUpgrade = {
+    enable = true;
+    configDir = config.secrets.nixConfigFolder;
+    onCalendar = "daily";
+    user = config.users.users.aires.name;
+  };
+
   services = {
     # Enable fwupd (firmware updater)
     fwupd.enable = true;

modules/services/autoupgrade.nix

@@ -31,9 +31,36 @@ in
         type = lib.types.bool;
         description = "Enables automatic system updates.";
       };
+      branches = lib.mkOption {
+        type = lib.types.attrs;
+        description = "Which local and remote branches to compare.";
+        default = {
+          local = "main";
+          remote = "main";
+          remoteName = "origin";
+        };
+      };
+      configDir = lib.mkOption {
+        type = lib.types.str;
+        description = "Path where your NixOS configuration files are stored.";
+      };
+      onCalendar = lib.mkOption {
+        default = "daily";
+        type = lib.types.str;
+        description = "How frequently to run updates. See systemd.timer(5) and systemd.time(7) for configuration details.";
+      };
+      persistent = lib.mkOption {
+        default = true;
+        type = lib.types.bool;
+        description = "If true, the time when the service unit was last triggered is stored on disk. When the timer is activated, the service unit is triggered immediately if it would have been triggered at least once during the time when the timer was inactive. This is useful to catch up on missed runs of the service when the system was powered down.";
+      };
       pushUpdates = lib.mkEnableOption (
         lib.mdDoc "Updates the flake.lock file and pushes it back to the repo."
       );
+      user = lib.mkOption {
+        type = lib.types.str;
+        description = "The user who owns the configDir.";
+      };
     };
   };
 
@@ -46,29 +73,30 @@ in
           User = "root";
         };
         path = pathPkgs;
+        # Git diffing strategy courtesy of https://stackoverflow.com/a/40255467
         script = ''
-          cd ${config.secrets.nixConfigFolder}
+          cd ${cfg.configDir}
           # Check if there are changes from Git.
           echo "Pulling latest version..."
-          sudo -u aires git fetch
+          sudo -u ${cfg.user} git fetch
-          sudo -u aires git diff --quiet --exit-code main origin/main || true
+          sudo -u ${cfg.user} git diff --quiet --exit-code ${cfg.branches.local} ${cfg.branches.remoteName}/${cfg.branches.remote} || true
           # If we have changes (git diff returns 1), pull changes and run the update
           if [ $? -eq 1 ]; then
             echo "Updates found, running nixos-rebuild..."
-            sudo -u aires git pull --recurse-submodules
+            sudo -u ${cfg.user} git pull --recurse-submodules
-            nh os switch
+            nixos-rebuild switch --flake .
           else
             echo "No updates found. Exiting."
           fi
         '';
       };
-      systemd.timers."nixos-upgrade-timer" = {
+      systemd.timers."nixos-upgrade" = {
         wants = [ "network-online.target" ];
         after = [ "network-online.target" ];
         wantedBy = [ "timers.target" ];
         timerConfig = {
-          OnCalendar = "daily";
+          OnCalendar = cfg.onCalendar;
-          Persistent = "true";
+          Persistent = cfg.persistent;
           Unit = "nixos-upgrade.service";
         };
       };
@@ -78,13 +106,12 @@ in
       systemd.services."nixos-upgrade-flake" = {
         serviceConfig = {
           Type = "oneshot";
-          User = config.users.users.aires.name;
+          User = cfg.user;
         };
         path = pathPkgs;
-        # Git diffing strategy courtesy of https://stackoverflow.com/a/40255467
         script = ''
           set -eu
-          cd ${config.secrets.nixConfigFolder}
+          cd ${cfg.configDir}
           # Make sure we're up-to-date
           echo "Pulling the latest version..."
           git pull --recurse-submodules
@@ -93,13 +120,13 @@ in
         '';
       };
 
-      systemd.timers."nixos-upgrade-flake-timer" = {
+      systemd.timers."nixos-upgrade-flake" = {
         wants = [ "network-online.target" ];
         after = [ "network-online.target" ];
         wantedBy = [ "timers.target" ];
         timerConfig = {
-          OnCalendar = "daily";
+          OnCalendar = cfg.onCalendar;
-          Persistent = "true";
+          Persistent = cfg.persistent;
           Unit = "nixos-upgrade-flake.service";
         };
       };

modules/services/ssh.nix

@@ -8,7 +8,7 @@ in
     host.services.ssh = {
       enable = lib.mkEnableOption (lib.mdDoc "Enables SSH server.");
       ports = lib.mkOption {
-        default = [ ];
+        default = [ 22 ];
         type = lib.types.listOf lib.types.int;
         description = "Ports for SSH to listen on.";
       };