From 4e94fc40ec1a7aca8727ad235b94f00899b249d6 Mon Sep 17 00:00:00 2001
From: Dmitry Voronin <hi@voronind.com>
Date: Wed, 22 Jan 2025 12:43:14 +0300
Subject: [PATCH] Home: Add repo-mirror service.

---
 host/x86_64-linux/home/Backup.nix     |  4 +--
 host/x86_64-linux/home/RepoMirror.nix | 52 +++++++++++++++++++++++++++
 2 files changed, 54 insertions(+), 2 deletions(-)
 create mode 100644 host/x86_64-linux/home/RepoMirror.nix

diff --git a/host/x86_64-linux/home/Backup.nix b/host/x86_64-linux/home/Backup.nix
index 43ead73..fe11434 100644
--- a/host/x86_64-linux/home/Backup.nix
+++ b/host/x86_64-linux/home/Backup.nix
@@ -6,7 +6,7 @@
 }@args:
 let
   bash = import <home/program/bash> args;
-  script = pkgs.writeText "backupScript" ''
+  script = pkgs.writeText "backup-script" ''
     source ${bash.modulesFile}
 
     function report() {
@@ -81,7 +81,7 @@ in
 {
   systemd.services.backup = util.mkStaticSystemdService {
     enable = true;
-    description = "Home system backup.";
+    description = "Home system backup";
     serviceConfig.Type = "oneshot";
     path = with pkgs; [
       bashInteractive
diff --git a/host/x86_64-linux/home/RepoMirror.nix b/host/x86_64-linux/home/RepoMirror.nix
new file mode 100644
index 0000000..8f50e4c
--- /dev/null
+++ b/host/x86_64-linux/home/RepoMirror.nix
@@ -0,0 +1,52 @@
+{
+  __findFile,
+  config,
+  pkgs,
+  secret,
+  util,
+  ...
+}@args:
+{
+  programs.git = {
+    enable = true;
+    config = {
+      gpg.ssh.allowedSignersFile = toString secret.crypto.sign.git.allowed;
+    };
+  };
+
+  systemd.services.repo-mirror = util.mkStaticSystemdService {
+    enable = true;
+    description = "NixOS repo mirror push service";
+    serviceConfig.Type = "oneshot";
+    environment.GIT_SSH_COMMAND = "ssh -o UserKnownHostsFile=/root/.ssh/known_hosts";
+    path = with pkgs; [
+      bash
+      coreutils
+      git
+      openssh
+    ];
+    script = ''
+      pushd /tmp
+      rm -rf ./nixos-mirror
+      git clone --single-branch --branch=main ${config.module.const.url} ./nixos-mirror
+      pushd ./nixos-mirror
+      git verify-commit HEAD && git fsck || {
+        echo "Verification failed."
+        exit 1
+      };
+      git remote add github git@github.com:voronind-com/nix.git
+      git remote add codeberg git@codeberg.org:voronind/nix.git
+      timeout 10m git push --force github main
+      timeout 10m git push --force codeberg main
+    '';
+  };
+
+  systemd.timers.repo-mirror = {
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      OnCalendar = "*-*-* 05:55:00";
+      Persistent = true;
+      Unit = "repo-mirror.service";
+    };
+  };
+}