Infinidoge/kiosk
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

clone and decrypt configuration on boot

Browse source
This commit is contained in:
Infinidoge 2024-12-07 19:35:20 -05:00
parent f6f97a6079
commit 3757fb20b9
Signed by: Infinidoge
SSH key fingerprint: SHA256:oAMyvotlNFraMmZmr+p6AxnNfW/GioTs1pOn3V4tQ7A
2 changed files with 14 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
decryption.key Normal file
View file

Binary file not shown.

14
kiosk.nix
View file

@ -40,6 +40,20 @@ in
systemd.services.cage-tty1.requires = [ "network-online.target" ]; systemd.services.cage-tty1.requires = [ "network-online.target" ];
systemd.services.clone-config = {
wantedBy = [ "multi-user.target" ];
requires = [ "network-online.target" ];
path = with pkgs; [ git git-crypt ];
script = ''
git clone ssh://git@inx.moe:245/Infinidoge/kiosk.git /etc/nixos
cd /etc/nixos
git-crypt unlock /etc/decryption.key
'';
serviceConfig.Type = "oneshot";
};
environment.etc."decryption.key".source = ./decryption.key;
services.tailscale = { services.tailscale = {
enable = true; enable = true;
extraUpFlags = [ "--advertise-tags" "tag:kiosk" ]; extraUpFlags = [ "--advertise-tags" "tag:kiosk" ];