maralorn/nixos-config
1
0
Fork 0
Code Wiki Activity

Various improvements

Browse source
This commit is contained in:
Malte Brandy 2021-01-10 21:03:55 +01:00
parent 143c33e90d
commit 37b15f461a
10 changed files with 129 additions and 90 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
nix/sources.nix
View file

@ -98,7 +98,10 @@ let
saneName = stringAsChars (c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name;
ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}";
in
if ersatz == "" then drv else ersatz;
if ersatz == "" then drv else
# this turns the string into an actual Nix path (for both absolute and
# relative paths)
if builtins.substring 0 1 ersatz == "/" then /. + ersatz else /. + builtins.getEnv "PWD" + "/${ersatz}";
# Ports of functions for older nix versions

1
nixos/machines/hera/configuration.nix
View file

@ -7,7 +7,6 @@ in {
imports = [
./hardware-configuration.nix
../../roles
../../roles/test-timer.nix
../../roles/standalone
../../roles/server
../../roles/git.nix

36
nixos/roles/laminar/bump-config.hs Normal file
View file

@ -0,0 +1,36 @@
{-# LANGUAGE TemplateHaskell #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE ExtendedDefaultRules #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# LANGUAGE ScopedTypeVariables #-}
{-# LANGUAGE FlexibleContexts #-}
{-# LANGUAGE QuasiQuotes #-}
{-# OPTIONS_GHC -Wall -Werror -Wno-missing-signatures -Wno-type-defaults -Wno-orphans #-}
import System.Environment
import Data.String.Interpolate
import qualified Data.Text as Text
import Language.Haskell.TH
import Language.Haskell.TH.Syntax
import Relude
import Shh
import Say
load Absolute ["git", "niv"]
paths :: [Text]
paths =
$$(liftTyped . mapMaybe (\x -> foldr (<|>) Nothing $ (\bin -> Text.stripSuffix [i|/#{bin}|] $ toText x) <$> ["git", "tar", "nix-prefetch-url", "gzip"])=<< runIO pathBinsAbs)
repo = "git@hera.m-0.eu:nixos-config"
main = do
git "clone" repo "."
setEnv "PATH" . toString $ Text.intercalate ":" paths
ignoreFailure $ niv "update"
changed <- (mempty /=) <$> (git "status" "--porcelain" |> captureTrim)
when changed $ do
git "config" "user.email" "maralorn@maralorn.de"
git "config" "user.name" "maralorn (nix-auto-updater)"
git "commit" "-am" "Update dependencies with niv"
git "push" "-f" "origin" "HEAD:niv-bump"
unless changed $ say "No updates in any niv source. Doing nothing."

6
nixos/roles/laminar/default.nix
View file

@ -47,14 +47,14 @@ in {
${pkgs.utillinux}/bin/flock -w 10 100
trap 'rm -f ${stateDir}/matrix-lock' EXIT
${pkgs.matrix-commander}/bin/matrix-commander -c ${stateDir}/matrix-credentials.json -s ${stateDir}/matrix-secrets-store <<EOF
$JOB #$RUN: $RESULT https://ci.m-0.eu/jobs/$JOB/$RUN
$JOB #$RUN: $BRANCH$DERIVATION $RESULT https://ci.m-0.eu/jobs/$JOB/$RUN
$(if [[ $RESULT == "failed" ]]; then echo -e 'maralorn'; ${pkgs.curl}/bin/curl -m5 -s $LAMINAR_URL/log/$JOB/$RUN | tail; fi)
EOF
fi
true
echo "Result was: $RESULT"
'';
contexts = {
"default.conf" = builtins.toFile "default.conf" "EXECUTORS=16";
"default.conf" = builtins.toFile "default.conf" "EXECUTORS=32";
};
};
users = {

53
nixos/roles/laminar/test-config.hs Normal file
View file

@ -0,0 +1,53 @@
{-# LANGUAGE DeriveAnyClass #-}
{-# LANGUAGE TupleSections #-}
{-# LANGUAGE LambdaCase #-}
{-# LANGUAGE QuasiQuotes #-}
{-# LANGUAGE TemplateHaskell #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE ExtendedDefaultRules #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# LANGUAGE ScopedTypeVariables #-}
{-# LANGUAGE FlexibleContexts #-}
{-# OPTIONS_GHC -Wall -Werror -Wno-missing-signatures -Wno-type-defaults -Wno-orphans #-}
import Control.Concurrent.Async
import Data.String.Interpolate
import Data.Text ( stripPrefix )
import Language.Haskell.TH.Syntax
import Relude
import Say
import Shh
import System.Environment
load Absolute ["laminarc", "git"]
repo = "git@hera.m-0.eu:nixos-config"
jobs :: [String]
jobs = $$(liftTyped =<< runIO (do
homes <- getEnv "HOMES"
systems <- getEnv "SYSTEMS"
let ret =((\x -> [i|system-config-#{x}|]) <$> (words . toText) systems)
<> ((\x -> [i|home-config-#{x}|]) <$> (words . toText) homes)
say [i|Found jobs #{ret}|]
pure ret
))
deployCommand :: String
deployCommand = $$(liftTyped =<< runIO (getEnv "DEPLOY"))
main = do
let process = fromMaybe "master" . (stripPrefix "refs/heads/" . toText =<<)
branch <- process <$> lookupEnv "BRANCH"
say [i|Starting builds of branch #{branch} for all systems.|]
mapConcurrently_ (\x -> laminarc ["run", x, [i|BRANCH=#{branch}|]]) jobs
say [i|Builds succeeded.|]
when (branch == "master") $ do
say [i|Deploying new config to localhost.|]
exe "/run/wrappers/bin/sudo" deployCommand
when (branch == "niv-bump") $ do
say [i|Merging branch niv-bump into master.|]
git "clone" repo "."
git "checkout" "master"
git "merge" "origin/niv-bump"
git "push"

46
nixos/roles/laminar/test-config.nix
View file

@ -7,8 +7,7 @@ let
export NIX_PATH="/etc/nix-path:nixos-config=/etc/nixos/configuration.nix"
'';
checkout = ''
git clone git@hera.m-0.eu:nixos-config config --config advice.detachedHead=false
cd config
git clone git@hera.m-0.eu:nixos-config . --config advice.detachedHead=false
REPODIR=`pwd`
git checkout origin/$BRANCH
cd /var/cache/gc-links
@ -41,27 +40,44 @@ let
${pkgs.test-system-config}/bin/test-system-config $REPODIR ${host}
'';
});
deployCommand = "${let user = "maralorn";
in pkgs.writeShellScript "deploy-system-config" ''
/run/wrappers/bin/sudo -u ${user} git -C /etc/nixos pull --ff-only
/run/wrappers/bin/sudo -u ${user} git -C /etc/nixos submodule update --init
/var/cache/gc-links/result-system-hera/bin/switch-to-configuration switch
/run/wrappers/bin/sudo -u ${user} /var/cache/gc-links/result-home-manager-hera/default/activate
''}";
in {
services.laminar.cfgFiles.jobs = {
"test-config.run" = pkgs.writeShellScript "test-config.run" ''
${common}
if [[ "$BRANCH" == "refs/heads/master" ]]; then
${pkgs.test-config}/bin/test-config
/run/wrappers/bin/sudo ${update-config}
fi
'';
"bump-and-test-config.run" =
pkgs.writeShellScript "bump-and-test-config.run" ''
${common}
${pkgs.test-config}/bin/test-config bump
'';
"test-config.run" = pkgs.writeHaskell "test-config" {
libraries = builtins.attrValues pkgs.myHaskellScriptPackages;
ghcEnv = {
HOMES = lib.concatStringsSep " " homes;
SYSTEMS = lib.concatStringsSep " " systems;
DEPLOY = deployCommand;
PATH = "${lib.makeBinPath [ pkgs.laminar pkgs.git ]}:$PATH";
};
ghcArgs = [ "-threaded" ];
} (builtins.readFile ./test-config.hs);
"bump-config.run" = pkgs.writeHaskell "bump-config" {
libraries = builtins.attrValues pkgs.myHaskellScriptPackages;
ghcEnv.PATH = "${lib.makeBinPath [ pkgs.git pkgs.niv pkgs.nix ]}:$PATH";
ghcArgs = [ "-threaded" ];
} (builtins.readFile ./bump-config.hs);
} // lib.listToAttrs (map mkHomeJob homes)
// lib.listToAttrs (map mkSystemJob homes);
security.sudo.extraRules = [{
commands = [{
command = "${update-config}";
command = deployCommand;
options = [ "NOPASSWD" ];
}];
users = [ "laminar" ];
}];
systemd.services.bump-config = {
startAt = "03:45";
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.laminar}/bin/laminarc queue bump-config";
};
};
}

34
nixos/roles/test-timer.nix
View file

@ -1,34 +0,0 @@
{ pkgs, config, lib, ... }:
let user = "maralorn";
in {
systemd.services = {
update-config = {
path = [ pkgs.git pkgs.nix pkgs.git-crypt ];
restartIfChanged = false;
unitConfig.X-StopOnRemoval = false;
serviceConfig = {
Type = "oneshot";
Restart = "on-failure";
RestartSec = 1;
};
unitConfig = {
StartLimitIntervalSec = 180;
StartLimitBurst = 3;
};
script = ''
/run/wrappers/bin/sudo -u ${user} git -C /etc/nixos pull --ff-only
/run/wrappers/bin/sudo -u ${user} git -C /etc/nixos submodule update --init
/var/cache/gc-links/result-system-hera/bin/switch-to-configuration switch
/run/wrappers/bin/sudo -u ${user} /var/cache/gc-links/result-home-manager-hera/default/activate
'';
};
bump-and-test-config = {
startAt = "03:45";
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.laminar}/bin/laminarc queue bump-and-test-config";
};
};
};
}

2
overlays/pkgSets.nix
View file

@ -52,7 +52,7 @@ self: super: {
inherit (self) ledger jali aqbanking;
};
system-pkgs = self.core-system-pkgs // self.extra-system-pkgs // {
inherit (self) test-system-config test-home-config test-config;
inherit (self) test-system-config test-home-config;
home-manager =
self.callPackage "${self.sources.${self.home-manager-channel}}/home-manager" { };
};

34
overlays/testing.nix
View file

@ -31,38 +31,4 @@ in {
inherit bins;
inherit imports;
} (haskellBody "home" ''paths ++ [[i|#{configDir}/home-manager/target.nix|], "-A", hostname]'' "[i|result-home-manager-#{hostname}|]");
test-config = self.writeHaskellScript {
name = "test-config";
bins = [
self.test-system-config
self.test-home-config
self.git
self.niv.bin
self.git-crypt
self.laminar
];
imports = [ "System.Directory (withCurrentDirectory)" ];
} ''
main = do
bump <- maybe False (== "bump") . listToMaybe <$> getArgs
git "clone" "${repoSrc}" "config"
withCurrentDirectory "config" $ do
when bump $ ignoreFailure $ niv "update"
changed <- (mempty /=) <$> (git "status" "--porcelain" |> captureTrim)
when changed $ do
git "config" "user.email" "maralorn@maralorn.de"
git "config" "user.name" "maralorn (nix-auto-updater)"
git "commit" "-am" "Update dependencies with niv"
git "push" "-f" "origin" "HEAD:niv-bump"
let branch = if bump then "niv-bump" else "master"
concurrently_
(mapConcurrently_ (\x -> laminarc ["run", [i|system-config-#{x}|], [i|BRANCH=#{branch}|]]) ${
self.haskellList systems
})
(mapConcurrently_ (\x -> laminarc ["run", [i|home-config-#{x}|], [i|BRANCH=#{branch}|]]) ${
self.haskellList homes
})
when changed $ git "push" "origin" "master:master"
'';
}

2
overlays/writeHaskellScript.nix
View file

@ -19,7 +19,7 @@ in {
cp $contentPath ${filename}.hs
${
lib.concatStringsSep " "
(lib.mapAttrsToList (key: val: "${key}=${val}") ghcEnv)
(lib.mapAttrsToList (key: val: ''${key}="${val}"'') ghcEnv)
} ${ghc.withPackages (_: libraries)}/bin/ghc ${
lib.escapeShellArgs ghcArgs
} ${filename}.hs