Begin moving openbao and authentik server to new setup

nix/modules/nixos/os/auto-update/default.nix

@@ -0,0 +1,55 @@
+{
+  config,
+  lib,
+  inputs,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.khscodes.os.auto-update;
+  upgradePath = "/var/lib/system-upgrade";
+  upgradeVersion = "/var/lib/system-upgrade.version";
+  prepareUpgrade = pkgs.writeShellApplication {
+    runtimeInputs = [
+      pkgs.uutils-coreutils-noprefix
+      pkgs.nix
+    ];
+    name = "nixos-prepare-upgrade";
+    text = ''
+
+
+      current_version=""
+      if [[ -f ${upgradeVersion} ]]; then
+        current_version="$(cat ${upgradeVersion})"
+      fi
+      if [[ "$current_version" != "${inputs.self.outPath}" ]]; then
+        rm -rf ${upgradePath}
+        cp -r ${inputs.self.outPath} ${upgradePath}
+        echo -n ${inputs.self.outPath} > ${upgradeVersion}
+      fi
+      cd ${upgradePath}
+      NIX_CONFIG="extra-experimental-features=flake nix-command" nix flake update
+    '';
+  };
+in
+{
+  options.khscodes.os.auto-update = {
+    enable = lib.mkEnableOption "Enables automatic OS updates";
+    dates = "02:00";
+    randomizedDelaySec = "45min";
+  };
+  config = lib.mkIf cfg.enable {
+    system.autoUpgrade = {
+      enable = true;
+      flake = upgradePath;
+    };
+    systemd.services.nixos-upgrade-prepare-flake = {
+      wantedBy = [ "nixos-upgrade.service" ];
+      before = [ "nixos-upgrade.service" ];
+      serviceConfig = {
+        Type = "oneshot";
+        ExecStart = lib.getExe prepareUpgrade;
+      };
+    };
+  };
+}