From aefa549f538ac824c94e94ff2e947ac4107087c5 Mon Sep 17 00:00:00 2001
From: ska <ska@noreply.git.skarockoi.de>
Date: Fri, 19 Dec 2025 14:39:44 +0000
Subject: [PATCH] Update configuration.nix

---
 configuration.nix | 114 ++++++++++++++++++++++++++++------------------
 1 file changed, 70 insertions(+), 44 deletions(-)

diff --git a/configuration.nix b/configuration.nix
index 01f3e4b..2c6748c 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -1,28 +1,26 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
+# NixOS USB configuration with auto-update from public Git repo
+# Repo: https://git.skarockoi.de/ska/nixos-production.git
 
 { config, pkgs, ... }:
 
+let
+  gitRepoUrl = "https://git.skarockoi.de/ska/nixos-production.git";
+  gitLocalPath = "/var/lib/nixos-config";
+in
+
 {
   imports =
-    [ # Include the results of the hardware scan.
-      ./hardware-configuration.nix
-    ];
+    [ ./hardware-configuration.nix ];
 
-  # Bootloader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
-  networking.hostName = "nixos-usb"; # Define your hostname.
+  networking.hostName = "nixos-usb";
   networking.networkmanager.enable = true;
 
-  # Set your time zone.
   time.timeZone = "Europe/Berlin";
 
-  # Select internationalisation properties.
   i18n.defaultLocale = "de_DE.UTF-8";
-
   i18n.extraLocaleSettings = {
     LC_ADDRESS = "de_DE.UTF-8";
     LC_IDENTIFICATION = "de_DE.UTF-8";
@@ -35,29 +33,13 @@
     LC_TIME = "de_DE.UTF-8";
   };
 
-  # Enable the X11 windowing system.
   services.xserver.enable = true;
-
-  # Enable the GNOME Desktop Environment.
   services.xserver.displayManager.gdm.enable = true;
   services.xserver.desktopManager.gnome.enable = true;
-
-  # Configure keymap in X11
-  services.xserver.xkb = {
-    layout = "de";
-    variant = "";
-  };
-
-  # Configure console keymap
+  services.xserver.xkb.layout = "de";
+  services.xserver.libinput.enable = true;
   console.keyMap = "de";
 
-  # Enable touchpad support
-  services.xserver.libinput.enable = true;
-
-  # Enable CUPS to print documents.
-  services.printing.enable = true;
-
-  # Enable sound with pipewire.
   services.pulseaudio.enable = false;
   security.rtkit.enable = true;
   services.pipewire = {
@@ -67,28 +49,23 @@
     pulse.enable = true;
   };
 
-  # Define a user account.
+  services.printing.enable = true;
+
   users.users.user = {
     isNormalUser = true;
-    description = "user";
+    description = "Default USB user";
     extraGroups = [ "networkmanager" "wheel" ];
     shell = pkgs.bash;
-    # Set password after first boot with: passwd user
   };
 
-  # Allow unfree packages (required for Obsidian, etc.)
   nixpkgs.config.allowUnfree = true;
 
-  # List packages installed in system profile.
   environment.systemPackages = with pkgs; [
-    # Core utilities
-    nano
     git
     curl
     wget
-    openssh  # for ssh/scp if needed
-
-    # Requested applications
+    vim
+    openssh  # optional, for scp etc.
     obsidian
     libreoffice
     keepassxc
@@ -97,17 +74,66 @@
     inkscape
     gimp
     pdfarranger
+    epiphany
     apostrophe
-
-    # GNOME & web apps
-    epiphany  # GNOME Web — can install web apps
     gnomeExtensions.gsconnect
     gnomeExtensions.dash-to-dock
   ];
 
-  # Enable Firefox.
   programs.firefox.enable = true;
 
-  # This value determines the NixOS release compatibility.
+  # === Auto-update script: fetch config from public Git repo ===
+  environment.etc."update-nixos-config.sh".text = ''
+    #!/run/current-system/sw/bin/bash
+    set -e
+
+    export PATH="${pkgs.git}/bin:${pkgs.nix}/bin:/run/current-system/sw/bin"
+
+    LOCAL_PATH="${gitLocalPath}"
+    REPO_URL="${gitRepoUrl}"
+
+    if [ ! -d "$LOCAL_PATH/.git" ]; then
+      mkdir -p "$LOCAL_PATH"
+      chmod 700 "$LOCAL_PATH"
+      echo "Cloning config from $REPO_URL..."
+      git clone "$REPO_URL" "$LOCAL_PATH"
+    else
+      cd "$LOCAL_PATH"
+      echo "Fetching updates..."
+      git fetch origin
+      LOCAL_HEAD=$(git rev-parse HEAD)
+      REMOTE_HEAD=$(git rev-parse origin/main)
+      if [ "$LOCAL_HEAD" != "$REMOTE_HEAD" ]; then
+        echo "New config available. Updating..."
+        git reset --hard origin/main
+        nixos-rebuild switch -I nixos-config="$LOCAL_PATH/configuration.nix"
+        echo "System updated successfully."
+      else
+        echo "Config is already up to date."
+      fi
+    fi
+  '';
+  environment.etc."update-nixos-config.sh".mode = "0700";
+
+  # === Systemd timer for automatic updates ===
+  systemd.services.nixos-git-update = {
+    description = "Update NixOS from public Git config";
+    script = "/etc/update-nixos-config.sh";
+    serviceConfig = {
+      Type = "oneshot";
+      User = "root";
+      Group = "root";
+    };
+  };
+
+  systemd.timers.nixos-git-update = {
+    description = "Check for config updates hourly";
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      OnBootSec = "60s";
+      OnUnitActiveSec = "1h";
+    };
+  };
+
   system.stateVersion = "25.11";
 }
\ No newline at end of file