Add system update daemon to bosephus

systems/linux/bosephus.nix

@@ -95,7 +95,17 @@
 
   # List packages installed in system profile. To search, run:
   # $ nix search wget
-  environment.systemPackages = with pkgs; [ neovim git borgbackup ];
+  environment.systemPackages = with pkgs; [
+    neovim
+    git
+    borgbackup
+    # Add a script for users to trigger system updates
+    (pkgs.writeScriptBin "update-nixos" ''
+      #!${pkgs.bash}/bin/bash
+      echo "Requesting system update..."
+      ${pkgs.systemd}/bin/systemctl start nixos-update.service
+    '')
+  ];
 
   # Some programs need SUID wrappers, can be configured further or are
   # started in user sessions.
@@ -139,6 +149,66 @@
     options = [ "defaults" "compress=zstd" ];
   };
 
+  # Samba server
+  services.samba = {
+    enable = true;
+    package = pkgs.sambaFull;
+    securityType = "user";
+    openFirewall = true;
+    settings = {
+      global = {
+        workgroup = "SAMBA";
+        security = "user";
+        "passdb backend" = "tdbsam";
+        printing = "cups";
+        "printcap name" = "cups";
+        "load printers" = "yes";
+      };
+
+      homes = {
+        comment = "Home Directories";
+        "valid users" = "%S, %D%w%S";
+        browseable = "No";
+        "read only" = "No";
+        "inherit acls" = "Yes";
+      };
+
+      printers = {
+        comment = "All Printers";
+        path = "/var/spool/samba";
+        printable = "Yes";
+        "create mode" = "0700";
+        browseable = "No";
+      };
+
+      mybookduo = {
+        comment = "My Book Duo RAID system";
+        path = "/media/my-book-duo";
+        writable = "yes";
+        browseable = "yes";
+        public = "no";
+        "valid users" = "@mixstudios";
+        "create mask" = "0660";
+        "directory mask" = "0770";
+        "force group" = "+mixstudios";
+      };
+
+      gdrive = {
+        comment = "G-DRIVE media drive";
+        path = "/media/g-drive";
+        writable = "yes";
+        browseable = "yes";
+        public = "no";
+        "valid users" = "@mixstudios";
+        "create mask" = "0660";
+        "directory mask" = "0770";
+        "force group" = "+mixstudios";
+      };
+    };
+  };
+
+  systemd.tmpfiles.rules = [ "d /var/spool/samba 1777 root root -" ];
+
   systemd.services."fix-mount-permissions" = {
     wantedBy = [ "local-fs.target" ];
     after = [ "local-fs.target" ];
@@ -158,4 +228,54 @@
     };
   };
 
+  # Service to update NixOS configuration from git repo
+  systemd.services."nixos-update" = {
+    description = "Update NixOS configuration from git repository";
+    path = with pkgs; [ git coreutils ];
+    script = ''
+      # Ensure the directory exists
+      mkdir -p /srv/config
+
+      # Clone/pull the repository
+      if [ -d "/srv/config/.git" ]; then
+        cd /srv/config
+        git fetch origin
+        git reset --hard origin/master
+      else
+        rm -rf /srv/config
+        git clone https://code.millironx.com/millironx/nix-dotfiles.git /srv/config
+      fi
+
+      # Rebuild the system
+      ${pkgs.nixos-rebuild}/bin/nixos-rebuild switch --flake /srv/config#bosephus
+    '';
+    serviceConfig = {
+      Type = "oneshot";
+      User = "root";
+    };
+  };
+
+  # Timer to run the update service daily at 3am
+  systemd.timers."nixos-update" = {
+    wantedBy = [ "timers.target" ];
+    description = "Run NixOS update daily at 3am";
+    timerConfig = {
+      OnCalendar = "3:00";
+      Persistent = true;
+      Unit = "nixos-update.service";
+    };
+  };
+
+  # Polkit rule to allow non-root users to trigger the update
+  security.polkit.extraConfig = ''
+    polkit.addRule(function(action, subject) {
+      if (action.id == "org.freedesktop.systemd1.manage-units" &&
+          action.lookup("unit") == "nixos-update.service" &&
+          action.lookup("verb") == "start" &&
+          subject.isInGroup("wheel")) {
+            return polkit.Result.YES;
+      }
+    });
+  '';
+
 }