nixos/configuration.nix

836 lines
22 KiB
Nix
Raw Normal View History

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, lib, nixpkgs, pkgs, home-manager, ... }:
2024-03-14 10:13:21 +00:00
let
my_python = (pkgs.python3.withPackages (ps: with ps; [ git_plan ]));
my_emacs = (pkgs.emacsWithPackagesFromUsePackage {
config = ./emacs.el;
defaultInitFile = true;
package = pkgs.emacs29-pgtk.overrideAttrs (old: { withTreeSitter = true; });
#alwaysEnsure = true;
2024-03-14 10:13:21 +00:00
extraEmacsPackages = epkgs: [
pkgs.mu
pkgs.mu.mu4e
2024-03-14 10:13:21 +00:00
epkgs.treesit-grammars.with-all-grammars
epkgs.evil-collection
2024-03-14 10:13:21 +00:00
];
});
in {
imports = [
#./gnupg.nix
];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.extraOptions = ''
!include ${config.sops.secrets.github_token.path}
bash-prompt = (nix:$name)\040\[\033[1;32m\][\u@\h:\w]\$\[\033[0m\]\040
extra-sandbox-paths = /nix/var/cache/ccache
'';
sops = {
environment.SOPS_GPG_EXEC = "${pkgs.gnupg}/bin/gpg";
defaultSopsFile = ./secrets.yaml;
secrets = {
fastmail_password = {
owner = config.users.users.knazarov.name;
group = config.users.users.knazarov.group;
};
github_token = {
owner = config.users.users.knazarov.name;
group = config.users.users.knazarov.group;
};
2023-08-15 14:25:03 +00:00
git_plan_config = {
owner = config.users.users.knazarov.name;
group = config.users.users.knazarov.group;
};
git_plan_credentials = {
owner = config.users.users.knazarov.name;
group = config.users.users.knazarov.group;
};
syncthing_key = {
owner = config.users.users.knazarov.name;
group = config.users.users.knazarov.group;
};
syncthing_cert = {
owner = config.users.users.knazarov.name;
group = config.users.users.knazarov.group;
};
mullvad_account = { };
kagi_api_key = {
owner = config.users.users.knazarov.name;
group = config.users.users.knazarov.group;
};
};
};
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Enable networking
networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "Europe/London";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
# Mainly to access SMB shares on local network
services.gvfs = {
enable = true;
package = lib.mkForce pkgs.gnome.gvfs;
};
# Configure keymap in X11
services.xserver = {
xkb.layout = "us";
xkb.variant = "";
};
# Define a user account. Don't forget to set a password with passwd.
users.users.knazarov = {
isNormalUser = true;
description = "Konstantin Nazarov";
2024-03-14 10:13:21 +00:00
extraGroups = [ "networkmanager" "wheel" config.users.groups.keys.name ];
packages = with pkgs; [ ];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGxebDydOcs7URJjXFHMU++ruaZOJpXbK4ixH19pWTsX7WtxxriZxD4+RQ3oyllGG/8sEFzEe0NoTHUPU6YrBpfwT/ekGDmCJHtvZ+rZs+cRQd6tObfAUip1B1Mcvhuaj0prnrbfohOuHpvQ/L8TogIKuHgczDmud4KGUu0mxCsUHbD5tlKpsgN+dJXkvjxsO7JhhF9JpFTrYAU0gTuBPTt3ynpnZKrE1NgnE0iy+CEr/v41dLqxw3fUjT3nOFUQ1l/VKTw5mLt5Iw7XmBLuFGLRAVrwzXxeBCfYqKGYgY4QV8HCcVpcqC8zWmRskiRetzQ/5HwRagm4yZr0I+LZ305nGB0cSJzLWXXOUF6SDg2cqAXFpF/o2LoFCmaV5h3jmCGOUrowF7oV4mYwBMWfabrbZx21z/R56GkAOOEKc2h+Qh5wIj4yayX081SkqJK3J9+3vGG4VvXnwGnPnWQFqrzeedyV74maffGBGFYm0UOcD+oG6EwM+7MEUBpJm9m4c= knazarov"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHkDvP2BO1uV0AwEjABYFEiA2BbGo1IsSht4emYMRLgi root@mira"
];
};
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
# needed to request polkit access (for instance, for SMB shares)
lxqt.lxqt-policykit
vim
waybar
foot
wayland
xdg-utils
glib
2024-11-23 09:51:10 +00:00
bc
dracula-theme
2024-09-08 23:38:16 +00:00
adwaita-icon-theme
swaylock
swayidle
wl-clipboard
keyd
tdesktop
git
source-code-pro
pavucontrol
brightnessctl
sops
age
ssh-to-age
syncthing
pass
pkgs.gnupg
pciutils
slack
q-sh
notes-sh
2024-09-08 23:38:16 +00:00
transmission_4-gtk
mpv
imv
okular
yt-dlp
evince # document viewer
firefox
gthumb
unzip
somafm-cli
# these packages have some problem with installation now
#yubikey-manager
#yubikey-manager-qt
ripgrep
file
zoom-us
obs-studio
2024-09-08 23:38:16 +00:00
nautilus
xfce.thunar
zig
mullvad-vpn
mullvad
2023-08-14 21:50:06 +00:00
usbutils
2023-09-09 21:17:02 +00:00
xournalpp
dnsutils
2023-09-26 20:19:24 +00:00
graphviz
fzf
2024-05-11 16:20:32 +00:00
fd
nixfmt
my_emacs
libreoffice
2024-03-14 10:13:21 +00:00
gcc
2024-05-11 16:20:32 +00:00
neovim
go
gopls
lazygit
2024-07-08 19:36:39 +00:00
guile
solc
kdenlive
2024-09-08 23:38:16 +00:00
kooha # screen capture
inotify-tools
2024-09-08 23:38:16 +00:00
# ----------
# mainly needed for npm which decided to play hardball
automake
autoconf
# ----------
2024-07-08 19:36:39 +00:00
(pkgs.callPackage ./nil_cli.nix {})
2023-09-09 21:17:02 +00:00
#network-manager-applet
2024-09-08 23:38:16 +00:00
#(clang-tools.override {
#llvmPackages = llvmPackages_17;
#enableLibcxx = false;
#}) # mainly for clang-format
clang-tools
# wget
2023-08-15 14:25:03 +00:00
my_python
# latex basics
(pkgs.texlive.combine {
inherit (pkgs.texlive) scheme-basic
dvisvgm dvipng beamer metafont
wrapfig amsmath ulem hyperref capt-of;
})
nodejs
networkmanagerapplet
qpwgraph
2024-11-23 09:51:10 +00:00
bat
chafa
];
services.blueman.enable = true;
services.tailscale.enable = true;
services.mullvad-vpn = { enable = true; };
systemd.services."mullvad-daemon".postStart =
let mullvad = config.services.mullvad-vpn.package;
in ''
while ! ${mullvad}/bin/mullvad status >/dev/null; do sleep 1; done
${mullvad}/bin/mullvad account login `cat /var/run/secrets/mullvad_account`
${mullvad}/bin/mullvad auto-connect set on
${mullvad}/bin/mullvad tunnel set ipv6 on
'';
2023-09-09 21:17:02 +00:00
services.fwupd.enable = true;
services.gnome.gnome-keyring.enable = true;
#services.emacs.package = nixpkgs.emacsUnstablePgtk;
# Enables wayland support in electron apps (e.g. slack)
environment.sessionVariables.NIXOS_OZONE_WL = "1";
# Enable screen sharing on Wayland
xdg = {
portal = {
enable = true;
2023-08-19 18:18:44 +00:00
wlr.enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
];
};
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
programs.gnupg.package = pkgs.gnupg;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
enableExtraSocket = true;
};
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
# List services that you want to enable:
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
2023-08-19 18:18:44 +00:00
wireplumber.enable = true;
};
services.pipewire.wireplumber.extraConfig.bluetoothEnhancements = {
"monitor.bluez.properties" = {
"bluez5.enable-sbc-xq" = true;
"bluez5.enable-msbc" = true;
"bluez5.enable-hw-volume" = true;
"bluez5.roles" = [ "hsp_hs" "hsp_ag" "hfp_hf" "hfp_ag" ];
};
};
programs.steam = {
enable = true;
};
# Disable unneeded PipeWire devices and rename the ones I use to more recognizable names
environment.etc."wireplumber/main.lua.d/51-device-rename.lua".text = ''
table.insert(alsa_monitor.rules, {
matches = {
{
{ "node.name", "equals", "alsa_output.usb-Audioengine_LLC_Audioengine_2__AE202010001A2002-00.analog-stereo" },
},
},
apply_properties = {
["node.description"] = "Speakers",
["node.nick"] = "Speakers",
},
})
table.insert(alsa_monitor.rules, {
matches = {
{
{ "node.name", "equals", "alsa_output.usb-SteelSeries_SteelSeries_Arctis_5_00000000-00.analog-chat" },
},
},
apply_properties = {
["node.description"] = "Headphones",
["node.nick"] = "Headphones",
},
})
table.insert(alsa_monitor.rules, {
matches = {
{
{ "node.name", "equals", "alsa_input.usb-SteelSeries_SteelSeries_Arctis_5_00000000-00.analog-chat" },
},
},
apply_properties = {
["node.description"] = "Headphone Mic",
["node.nick"] = "Headphone Mic",
},
})
table.insert(alsa_monitor.rules, {
matches = {
{{ "node.name", "equals", "alsa_output.usb-SteelSeries_SteelSeries_Arctis_5_00000000-00.analog-game" },},
},
apply_properties = {
["node.disabled"] = true,
},
})
table.insert(alsa_monitor.rules, {
matches = {
{{ "node.name", "equals", "alsa_output.pci-0000_14_00.1.hdmi-stereo" },},
},
apply_properties = {
["node.disabled"] = true,
},
})
table.insert(alsa_monitor.rules, {
matches = {
{{ "node.name", "equals", "alsa_input.usb-MACROSILICON_USB_Video-02.analog-stereo" },},
},
apply_properties = {
["node.disabled"] = true,
},
})
'';
services.dbus.enable = true;
services.greetd = {
enable = true;
settings = rec {
initial_session = {
command = "${pkgs.sway}/bin/sway";
user = "knazarov";
};
default_session = initial_session;
};
};
services.keyd = {
enable = true;
2024-03-14 10:13:21 +00:00
keyboards = {
default = {
ids = [ "*" ];
settings = {
main = {
capslock = "overload(control, esc)";
leftalt = "layer(meta_mac)";
leftmeta = "layer(alt)";
};
"meta_mac:M" = {
c = "C-insert";
v = "S-insert";
};
};
};
};
};
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
# settings = {
# passwordAuthentication = false;
# kbdInteractiveAuthentication = false;
# };
};
services.jellyfin = {
enable = true;
openFirewall = true;
};
networking.firewall.allowedTCPPorts = [
2024-03-14 10:13:21 +00:00
8096
# Syncthing
8384
22000
];
networking.firewall.allowedUDPPorts = [
# Syncthing
22000
21027
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
2024-03-14 10:13:21 +00:00
system.stateVersion = "23.11"; # Did you read the comment?
# needed for sway
security.polkit.enable = true;
# needed for pipewire
security.rtkit.enable = true;
# allow remote rebuilds
nix.settings.trusted-users = [ "@wheel" ];
# needed for YubiKey smartcard support
services.pcscd.enable = true;
fonts.fontDir.enable = true;
fonts.packages = with pkgs; [
dejavu_fonts
2024-05-11 16:20:32 +00:00
(nerdfonts.override { fonts = [ "SourceCodePro" ]; })
source-code-pro
font-awesome # for waybar indicators
];
services.syncthing = {
enable = true;
user = "knazarov";
configDir = "/home/knazarov/.config/syncthing";
key = config.sops.secrets.syncthing_key.path;
cert = config.sops.secrets.syncthing_cert.path;
};
home-manager.users.knazarov = {
# The home.stateVersion option does not have a default and must be set
2024-09-08 23:38:16 +00:00
home.stateVersion = "24.11";
2024-07-08 19:36:39 +00:00
home.sessionVariables = {
EDITOR = "emacs -nw --no-splash";
GUILE_LOAD_PATH = "${config.users.users.knazarov.home}/guile";
};
home.file.".guile" = {
source = ./guile-config;
};
programs.lf = {
enable = true;
extraConfig = ''
set sixel true
set previewer ${pkgs.chafa}/bin/chafa
'';
};
2024-11-23 09:51:10 +00:00
programs.bat = {
enable = true;
config = {
theme = "ansi";
};
};
programs.bash = {
enable = true;
bashrcExtra = ''
if [[ "$INSIDE_EMACS" = 'vterm' ]] \
&& [[ -n ''${EMACS_VTERM_PATH} ]] \
&& [[ -f ''${EMACS_VTERM_PATH}/etc/emacs-vterm-bash.sh ]]; then
source ''${EMACS_VTERM_PATH}/etc/emacs-vterm-bash.sh
fi
'';
shellAliases = {
nn = "notes.sh -n";
ne =
2024-11-23 09:51:10 +00:00
''notes.sh -l | fzf --tac --with-nth="2..-1" --preview "notes.sh -p {}" --print-query --bind 'alt-enter:print-query' | xargs -o -d "\n" -n 2 notes.sh -f'';
vim = "emacs -nw --no-splash";
};
};
2024-07-08 19:36:39 +00:00
xdg.mimeApps = {
enable = true;
defaultApplications = {
"text/html" = "firefox.desktop";
"x-scheme-handler/http" = "firefox.desktop";
"x-scheme-handler/https" = "firefox.desktop";
"x-scheme-handler/about" = "firefox.desktop";
"x-scheme-handler/unknown" = "firefox.desktop";
};
};
gtk = {
enable = true;
gtk3.extraConfig = { gtk-enable-animations = "0"; };
gtk4.extraConfig = { gtk-enable-animations = "0"; };
};
2024-07-08 19:36:39 +00:00
# Workaround for https://github.com/nix-community/home-manager/issues/5146
services.gpg-agent = {
enable = true;
pinentryPackage = pkgs.pinentry-gnome3;
enableExtraSocket = true;
2024-07-08 19:36:39 +00:00
};
programs.gpg = {
enable = true;
package = pkgs.gnupg;
2023-08-15 14:25:03 +00:00
publicKeys = [
{
source = ./gpg_public_key.asc;
trust = "ultimate";
}
{
source = ./pgp_keys/FB4809DC51A4F483.asc;
trust = "ultimate";
}
{
source = ./pgp_keys/60B2FF168764BED2D4ADE1BF7DE090DD4DB68232.asc;
trust = "ultimate";
}
{
source = ./pgp_keys/8311DCF21B41308C743FBFEA44B0C3FE7CD9EAE3.asc;
trust = "ultimate";
}
2023-08-15 14:25:03 +00:00
];
settings = { default-key = "0x0560020C9C577C1B"; };
mutableKeys = false;
mutableTrust = false;
};
programs.git = {
enable = true;
2023-08-19 18:18:44 +00:00
package = pkgs.gitAndTools.gitFull; # needed for git send-email support
userName = "Konstantin Nazarov";
userEmail = "mail@knazarov.com";
signing = {
gpgPath = "${pkgs.gnupg}/bin/gpg2";
key = "0x0560020C9C577C1B";
signByDefault = true;
};
extraConfig = {
push = {
autoSetupRemote = true;
};
};
};
accounts.email = {
maildirBasePath = "${config.users.users.knazarov.home}/Maildir";
accounts = {
personal = let account = "mail@knazarov.com";
in {
primary = true;
flavor = "fastmail.com";
address = account;
userName = account;
realName = "Konstantin Nazarov";
passwordCommand = "cat /run/secrets/fastmail_password";
gpg = {
key = "0x0560020C9C577C1B";
signByDefault = true;
};
mu.enable = true;
msmtp.enable = true;
mbsync = {
enable = true;
# Folders existing on the server, but not locally, will be created.
create = "maildir";
};
neomutt = { enable = true; };
};
};
};
programs.neomutt = { enable = true; };
programs.mu = { enable = true; };
programs.msmtp.enable = true;
programs.mbsync = { enable = true; };
#services.easyeffects = {
# enable = true;
#};
services.swayidle = {
enable = true;
timeouts = [
{
timeout = 300;
command = "${pkgs.swaylock}/bin/swaylock -f -c 000000";
}
{
timeout = 600;
command = ''${pkgs.sway}/bin/swaymsg "output * dpms off"'';
resumeCommand = ''${pkgs.sway}/bin/swaymsg "output * dpms on"'';
}
];
events = [{
event = "before-sleep";
command = "${pkgs.swaylock}/bin/swaylock -f -c 000000";
}];
};
services.emacs = {
enable = true;
package = my_emacs;
client.enable = true;
};
wayland.windowManager.sway = {
enable = true;
xwayland = true;
config = rec {
modifier = "Mod4";
terminal = "foot";
bars = [{ "command" = "waybar"; }];
keybindings = pkgs.lib.mkOptionDefault {
"XF86AudioRaiseVolume" =
"exec wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+";
"XF86AudioLowerVolume" =
"exec wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-";
"XF86AudioMute" = "exec wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle";
"XF86AudioMicMute" =
"exec pactl set-source-mute @DEFAULT_SOURCE@ toggle";
"XF86MonBrightnessUp" = "exec brightnessctl s +5%";
"XF86MonBrightnessDown" = "exec brightnessctl s 5%-";
#"Mod4+Return" =
2024-03-14 10:13:21 +00:00
#"exec emacs --eval '(progn (setq confirm-kill-processes nil) (vterm))'";
#"Mod4+Return" = "exec emacsclient -c";
"Mod4+Return" = "exec foot";
"Mod4+space" =
"exec ${pkgs.foot}/bin/foot -T mylauncher -a mylauncher ${pkgs.q-sh}/bin/q";
"Mod4+p" =
"exec '${pkgs.grim}/bin/grim -g \"$$(${pkgs.slurp}/bin/slurp)\" - | ${pkgs.wl-clipboard}/bin/wl-copy -t image/png'";
2024-09-08 23:38:16 +00:00
"Mod4+o" =
"exec '${pkgs.kooha}/bin/kooha'";
};
output = {
"*" = { bg = "${./wallpaper.jpg} fill"; };
"Lenovo Group Limited LEN T32p-20 VNA4VRNY" = { scale = "1.5"; };
"LG Electronics LG TV SSCR2 0x01010101" = { mode = "1920x1080@60Hz"; };
};
input = {
"type:keyboard" = {
xkb_layout = "us,ru";
xkb_options = "grp:alt_space_toggle";
};
};
gaps = {
inner = 10;
outer = 5;
};
colors.unfocused = {
border = "#dddddd";
background = "#dddddd";
text = "#888888";
indicator = "#888888";
childBorder = "#888888";
};
};
extraConfig = ''
for_window [title="as_toolbar"] floating enable
for_window [title="mylauncher"] floating enable
for_window [title="Firefox.*Sharing Indicator"] floating enable;
default_border pixel 3
input 1386:885:Wacom_Intuos_M_Pen map_to_output DP-1
exec_always ${pkgs.networkmanagerapplet}/bin/nm-applet --indicator
'';
};
programs.foot = {
enable = true;
settings = {
2024-05-11 16:20:32 +00:00
main = { font = "Source Code Pro:size=12"; };
colors = {
2024-05-11 16:20:32 +00:00
background = "ffffff";
foreground = "000000";
regular0 = "000000";
regular1 = "a60000";
regular2 = "005e00";
regular3 = "813e00";
regular4 = "0031a9";
regular5 = "721045";
regular6 = "00538b";
regular7 = "bfbfbf";
bright0 = "595959";
bright1 = "972500";
bright2 = "315b00";
bright3 = "70480f";
bright4 = "2544bb";
bright5 = "5317ac";
bright6 = "005a5f";
bright7 = "ffffff";
};
key-bindings = {
clipboard-copy = "Control+Insert";
clipboard-paste = "Shift+Insert";
primary-paste = "Control+Shift+v";
};
};
};
programs.waybar = {
enable = true;
settings = [{
layer = "top";
position = "top";
height = 24;
modules-left = [ "sway/workspaces" "sway/mode" ];
modules-center = [ "sway/window" ];
modules-right = [ "custom/maildir" "idle_inhibitor" "battery" "clock" "tray" ];
clock.format = "{:%Y-%m-%d %H:%M}";
"custom/maildir" = {
exec = "${./waybar_maildir.sh} /home/knazarov/Maildir/personal/Inbox/new knazarov";
format = " {} ";
return-type = "json";
};
battery = {
states = {
# good = 95;
warning = 30;
critical = 15;
};
format = "{capacity}% {icon}";
format-charging = "{capacity}% ";
format-plugged = "{capacity}% ";
format-alt = "{time} {icon}";
format-icons = [ "" "" "" "" "" ];
};
idle_inhibitor = {
format = "{icon}";
format-icons = {
activated = "";
deactivated = "";
};
};
}];
};
#services.syncthing = { enable = true; };
home.pointerCursor = {
name = "Adwaita";
2024-09-08 23:38:16 +00:00
package = pkgs.adwaita-icon-theme;
size = 24;
x11 = {
enable = true;
defaultCursor = "Adwaita";
};
};
};
virtualisation = {
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings = { dns_enabled = true; };
};
};
services.udev.packages = [ pkgs.android-udev-rules
(pkgs.callPackage ./zsa-udev-rules.nix {})];
2023-08-14 21:50:06 +00:00
#udevadm info --query=all --name=/dev/sda1 | grep ID_SERIAL
services.udev.extraRules =
''ACTION=="add", SUBSYSTEMS=="usb", SUBSYSTEM=="block", '' + ''
ENV{ID_FS_USAGE}=="filesystem", ENV{ID_SERIAL_SHORT}=="Hidizs_AP80PRO", ''
+ ''RUN{program}+="${pkgs.systemd}/bin/systemd-mount --owner knazarov ''
+ ''--no-block --automount=yes --collect $devnode /media"'';
2023-08-15 14:25:03 +00:00
systemd.timers."git_plan" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "1h";
OnUnitActiveSec = "1h";
2023-08-15 14:25:03 +00:00
Unit = "git_plan.service";
};
};
systemd.services."git_plan" = {
script = ''
${my_python}/bin/python3 -m git_plan -c /var/run/secrets/git_plan_config -r /var/run/secrets/git_plan_credentials oneshot
'';
2023-08-15 14:25:03 +00:00
serviceConfig = {
Type = "oneshot";
User = "knazarov";
StateDirectory = "git_plan";
Environment = "PYTHONUNBUFFERED=1";
2023-08-15 14:25:03 +00:00
};
};
systemd.timers."git_plan_pr" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "Mon,Tue,Wed,Thu,Fri *-*-* 10:00:00";
2023-08-15 14:25:03 +00:00
Unit = "git_plan_pr.service";
};
};
systemd.services."git_plan_pr" = {
script = ''
${my_python}/bin/python3 -m git_plan -c /var/run/secrets/git_plan_config -r /var/run/secrets/git_plan_credentials pr
'';
2023-08-15 14:25:03 +00:00
serviceConfig = {
Type = "oneshot";
User = "knazarov";
StateDirectory = "git_plan";
Environment = "PYTHONUNBUFFERED=1";
2023-08-15 14:25:03 +00:00
};
};
}