Various improvements
This commit is contained in:
parent
143c33e90d
commit
37b15f461a
|
@ -98,7 +98,10 @@ let
|
||||||
saneName = stringAsChars (c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name;
|
saneName = stringAsChars (c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name;
|
||||||
ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}";
|
ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}";
|
||||||
in
|
in
|
||||||
if ersatz == "" then drv else ersatz;
|
if ersatz == "" then drv else
|
||||||
|
# this turns the string into an actual Nix path (for both absolute and
|
||||||
|
# relative paths)
|
||||||
|
if builtins.substring 0 1 ersatz == "/" then /. + ersatz else /. + builtins.getEnv "PWD" + "/${ersatz}";
|
||||||
|
|
||||||
# Ports of functions for older nix versions
|
# Ports of functions for older nix versions
|
||||||
|
|
||||||
|
|
|
@ -7,7 +7,6 @@ in {
|
||||||
imports = [
|
imports = [
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
../../roles
|
../../roles
|
||||||
../../roles/test-timer.nix
|
|
||||||
../../roles/standalone
|
../../roles/standalone
|
||||||
../../roles/server
|
../../roles/server
|
||||||
../../roles/git.nix
|
../../roles/git.nix
|
||||||
|
|
36
nixos/roles/laminar/bump-config.hs
Normal file
36
nixos/roles/laminar/bump-config.hs
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
{-# LANGUAGE TemplateHaskell #-}
|
||||||
|
{-# LANGUAGE OverloadedStrings #-}
|
||||||
|
{-# LANGUAGE ExtendedDefaultRules #-}
|
||||||
|
{-# LANGUAGE NoImplicitPrelude #-}
|
||||||
|
{-# LANGUAGE ScopedTypeVariables #-}
|
||||||
|
{-# LANGUAGE FlexibleContexts #-}
|
||||||
|
{-# LANGUAGE QuasiQuotes #-}
|
||||||
|
{-# OPTIONS_GHC -Wall -Werror -Wno-missing-signatures -Wno-type-defaults -Wno-orphans #-}
|
||||||
|
|
||||||
|
import System.Environment
|
||||||
|
import Data.String.Interpolate
|
||||||
|
import qualified Data.Text as Text
|
||||||
|
import Language.Haskell.TH
|
||||||
|
import Language.Haskell.TH.Syntax
|
||||||
|
import Relude
|
||||||
|
import Shh
|
||||||
|
import Say
|
||||||
|
|
||||||
|
load Absolute ["git", "niv"]
|
||||||
|
paths :: [Text]
|
||||||
|
paths =
|
||||||
|
$$(liftTyped . mapMaybe (\x -> foldr (<|>) Nothing $ (\bin -> Text.stripSuffix [i|/#{bin}|] $ toText x) <$> ["git", "tar", "nix-prefetch-url", "gzip"])=<< runIO pathBinsAbs)
|
||||||
|
|
||||||
|
repo = "git@hera.m-0.eu:nixos-config"
|
||||||
|
|
||||||
|
main = do
|
||||||
|
git "clone" repo "."
|
||||||
|
setEnv "PATH" . toString $ Text.intercalate ":" paths
|
||||||
|
ignoreFailure $ niv "update"
|
||||||
|
changed <- (mempty /=) <$> (git "status" "--porcelain" |> captureTrim)
|
||||||
|
when changed $ do
|
||||||
|
git "config" "user.email" "maralorn@maralorn.de"
|
||||||
|
git "config" "user.name" "maralorn (nix-auto-updater)"
|
||||||
|
git "commit" "-am" "Update dependencies with niv"
|
||||||
|
git "push" "-f" "origin" "HEAD:niv-bump"
|
||||||
|
unless changed $ say "No updates in any niv source. Doing nothing."
|
|
@ -47,14 +47,14 @@ in {
|
||||||
${pkgs.utillinux}/bin/flock -w 10 100
|
${pkgs.utillinux}/bin/flock -w 10 100
|
||||||
trap 'rm -f ${stateDir}/matrix-lock' EXIT
|
trap 'rm -f ${stateDir}/matrix-lock' EXIT
|
||||||
${pkgs.matrix-commander}/bin/matrix-commander -c ${stateDir}/matrix-credentials.json -s ${stateDir}/matrix-secrets-store <<EOF
|
${pkgs.matrix-commander}/bin/matrix-commander -c ${stateDir}/matrix-credentials.json -s ${stateDir}/matrix-secrets-store <<EOF
|
||||||
$JOB #$RUN: $RESULT https://ci.m-0.eu/jobs/$JOB/$RUN
|
$JOB #$RUN: $BRANCH$DERIVATION $RESULT https://ci.m-0.eu/jobs/$JOB/$RUN
|
||||||
$(if [[ $RESULT == "failed" ]]; then echo -e 'maralorn'; ${pkgs.curl}/bin/curl -m5 -s $LAMINAR_URL/log/$JOB/$RUN | tail; fi)
|
$(if [[ $RESULT == "failed" ]]; then echo -e 'maralorn'; ${pkgs.curl}/bin/curl -m5 -s $LAMINAR_URL/log/$JOB/$RUN | tail; fi)
|
||||||
EOF
|
EOF
|
||||||
fi
|
fi
|
||||||
true
|
echo "Result was: $RESULT"
|
||||||
'';
|
'';
|
||||||
contexts = {
|
contexts = {
|
||||||
"default.conf" = builtins.toFile "default.conf" "EXECUTORS=16";
|
"default.conf" = builtins.toFile "default.conf" "EXECUTORS=32";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
users = {
|
users = {
|
||||||
|
|
53
nixos/roles/laminar/test-config.hs
Normal file
53
nixos/roles/laminar/test-config.hs
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
{-# LANGUAGE DeriveAnyClass #-}
|
||||||
|
{-# LANGUAGE TupleSections #-}
|
||||||
|
{-# LANGUAGE LambdaCase #-}
|
||||||
|
{-# LANGUAGE QuasiQuotes #-}
|
||||||
|
{-# LANGUAGE TemplateHaskell #-}
|
||||||
|
{-# LANGUAGE OverloadedStrings #-}
|
||||||
|
{-# LANGUAGE ExtendedDefaultRules #-}
|
||||||
|
{-# LANGUAGE NoImplicitPrelude #-}
|
||||||
|
{-# LANGUAGE ScopedTypeVariables #-}
|
||||||
|
{-# LANGUAGE FlexibleContexts #-}
|
||||||
|
{-# OPTIONS_GHC -Wall -Werror -Wno-missing-signatures -Wno-type-defaults -Wno-orphans #-}
|
||||||
|
|
||||||
|
import Control.Concurrent.Async
|
||||||
|
import Data.String.Interpolate
|
||||||
|
import Data.Text ( stripPrefix )
|
||||||
|
import Language.Haskell.TH.Syntax
|
||||||
|
import Relude
|
||||||
|
import Say
|
||||||
|
import Shh
|
||||||
|
import System.Environment
|
||||||
|
|
||||||
|
load Absolute ["laminarc", "git"]
|
||||||
|
|
||||||
|
repo = "git@hera.m-0.eu:nixos-config"
|
||||||
|
|
||||||
|
jobs :: [String]
|
||||||
|
jobs = $$(liftTyped =<< runIO (do
|
||||||
|
homes <- getEnv "HOMES"
|
||||||
|
systems <- getEnv "SYSTEMS"
|
||||||
|
let ret =((\x -> [i|system-config-#{x}|]) <$> (words . toText) systems)
|
||||||
|
<> ((\x -> [i|home-config-#{x}|]) <$> (words . toText) homes)
|
||||||
|
say [i|Found jobs #{ret}|]
|
||||||
|
pure ret
|
||||||
|
))
|
||||||
|
|
||||||
|
deployCommand :: String
|
||||||
|
deployCommand = $$(liftTyped =<< runIO (getEnv "DEPLOY"))
|
||||||
|
|
||||||
|
main = do
|
||||||
|
let process = fromMaybe "master" . (stripPrefix "refs/heads/" . toText =<<)
|
||||||
|
branch <- process <$> lookupEnv "BRANCH"
|
||||||
|
say [i|Starting builds of branch #{branch} for all systems.|]
|
||||||
|
mapConcurrently_ (\x -> laminarc ["run", x, [i|BRANCH=#{branch}|]]) jobs
|
||||||
|
say [i|Builds succeeded.|]
|
||||||
|
when (branch == "master") $ do
|
||||||
|
say [i|Deploying new config to localhost.|]
|
||||||
|
exe "/run/wrappers/bin/sudo" deployCommand
|
||||||
|
when (branch == "niv-bump") $ do
|
||||||
|
say [i|Merging branch niv-bump into master.|]
|
||||||
|
git "clone" repo "."
|
||||||
|
git "checkout" "master"
|
||||||
|
git "merge" "origin/niv-bump"
|
||||||
|
git "push"
|
|
@ -7,8 +7,7 @@ let
|
||||||
export NIX_PATH="/etc/nix-path:nixos-config=/etc/nixos/configuration.nix"
|
export NIX_PATH="/etc/nix-path:nixos-config=/etc/nixos/configuration.nix"
|
||||||
'';
|
'';
|
||||||
checkout = ''
|
checkout = ''
|
||||||
git clone git@hera.m-0.eu:nixos-config config --config advice.detachedHead=false
|
git clone git@hera.m-0.eu:nixos-config . --config advice.detachedHead=false
|
||||||
cd config
|
|
||||||
REPODIR=`pwd`
|
REPODIR=`pwd`
|
||||||
git checkout origin/$BRANCH
|
git checkout origin/$BRANCH
|
||||||
cd /var/cache/gc-links
|
cd /var/cache/gc-links
|
||||||
|
@ -41,27 +40,44 @@ let
|
||||||
${pkgs.test-system-config}/bin/test-system-config $REPODIR ${host}
|
${pkgs.test-system-config}/bin/test-system-config $REPODIR ${host}
|
||||||
'';
|
'';
|
||||||
});
|
});
|
||||||
|
deployCommand = "${let user = "maralorn";
|
||||||
|
in pkgs.writeShellScript "deploy-system-config" ''
|
||||||
|
/run/wrappers/bin/sudo -u ${user} git -C /etc/nixos pull --ff-only
|
||||||
|
/run/wrappers/bin/sudo -u ${user} git -C /etc/nixos submodule update --init
|
||||||
|
/var/cache/gc-links/result-system-hera/bin/switch-to-configuration switch
|
||||||
|
/run/wrappers/bin/sudo -u ${user} /var/cache/gc-links/result-home-manager-hera/default/activate
|
||||||
|
''}";
|
||||||
in {
|
in {
|
||||||
services.laminar.cfgFiles.jobs = {
|
services.laminar.cfgFiles.jobs = {
|
||||||
"test-config.run" = pkgs.writeShellScript "test-config.run" ''
|
"test-config.run" = pkgs.writeHaskell "test-config" {
|
||||||
${common}
|
libraries = builtins.attrValues pkgs.myHaskellScriptPackages;
|
||||||
if [[ "$BRANCH" == "refs/heads/master" ]]; then
|
ghcEnv = {
|
||||||
${pkgs.test-config}/bin/test-config
|
HOMES = lib.concatStringsSep " " homes;
|
||||||
/run/wrappers/bin/sudo ${update-config}
|
SYSTEMS = lib.concatStringsSep " " systems;
|
||||||
fi
|
DEPLOY = deployCommand;
|
||||||
'';
|
PATH = "${lib.makeBinPath [ pkgs.laminar pkgs.git ]}:$PATH";
|
||||||
"bump-and-test-config.run" =
|
};
|
||||||
pkgs.writeShellScript "bump-and-test-config.run" ''
|
ghcArgs = [ "-threaded" ];
|
||||||
${common}
|
} (builtins.readFile ./test-config.hs);
|
||||||
${pkgs.test-config}/bin/test-config bump
|
"bump-config.run" = pkgs.writeHaskell "bump-config" {
|
||||||
'';
|
libraries = builtins.attrValues pkgs.myHaskellScriptPackages;
|
||||||
|
ghcEnv.PATH = "${lib.makeBinPath [ pkgs.git pkgs.niv pkgs.nix ]}:$PATH";
|
||||||
|
ghcArgs = [ "-threaded" ];
|
||||||
|
} (builtins.readFile ./bump-config.hs);
|
||||||
} // lib.listToAttrs (map mkHomeJob homes)
|
} // lib.listToAttrs (map mkHomeJob homes)
|
||||||
// lib.listToAttrs (map mkSystemJob homes);
|
// lib.listToAttrs (map mkSystemJob homes);
|
||||||
security.sudo.extraRules = [{
|
security.sudo.extraRules = [{
|
||||||
commands = [{
|
commands = [{
|
||||||
command = "${update-config}";
|
command = deployCommand;
|
||||||
options = [ "NOPASSWD" ];
|
options = [ "NOPASSWD" ];
|
||||||
}];
|
}];
|
||||||
users = [ "laminar" ];
|
users = [ "laminar" ];
|
||||||
}];
|
}];
|
||||||
|
systemd.services.bump-config = {
|
||||||
|
startAt = "03:45";
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
ExecStart = "${pkgs.laminar}/bin/laminarc queue bump-config";
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,34 +0,0 @@
|
||||||
{ pkgs, config, lib, ... }:
|
|
||||||
let user = "maralorn";
|
|
||||||
in {
|
|
||||||
systemd.services = {
|
|
||||||
update-config = {
|
|
||||||
path = [ pkgs.git pkgs.nix pkgs.git-crypt ];
|
|
||||||
restartIfChanged = false;
|
|
||||||
unitConfig.X-StopOnRemoval = false;
|
|
||||||
serviceConfig = {
|
|
||||||
Type = "oneshot";
|
|
||||||
Restart = "on-failure";
|
|
||||||
RestartSec = 1;
|
|
||||||
};
|
|
||||||
unitConfig = {
|
|
||||||
StartLimitIntervalSec = 180;
|
|
||||||
StartLimitBurst = 3;
|
|
||||||
};
|
|
||||||
script = ''
|
|
||||||
/run/wrappers/bin/sudo -u ${user} git -C /etc/nixos pull --ff-only
|
|
||||||
/run/wrappers/bin/sudo -u ${user} git -C /etc/nixos submodule update --init
|
|
||||||
/var/cache/gc-links/result-system-hera/bin/switch-to-configuration switch
|
|
||||||
/run/wrappers/bin/sudo -u ${user} /var/cache/gc-links/result-home-manager-hera/default/activate
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
bump-and-test-config = {
|
|
||||||
startAt = "03:45";
|
|
||||||
serviceConfig = {
|
|
||||||
Type = "oneshot";
|
|
||||||
ExecStart = "${pkgs.laminar}/bin/laminarc queue bump-and-test-config";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -52,7 +52,7 @@ self: super: {
|
||||||
inherit (self) ledger jali aqbanking;
|
inherit (self) ledger jali aqbanking;
|
||||||
};
|
};
|
||||||
system-pkgs = self.core-system-pkgs // self.extra-system-pkgs // {
|
system-pkgs = self.core-system-pkgs // self.extra-system-pkgs // {
|
||||||
inherit (self) test-system-config test-home-config test-config;
|
inherit (self) test-system-config test-home-config;
|
||||||
home-manager =
|
home-manager =
|
||||||
self.callPackage "${self.sources.${self.home-manager-channel}}/home-manager" { };
|
self.callPackage "${self.sources.${self.home-manager-channel}}/home-manager" { };
|
||||||
};
|
};
|
||||||
|
|
|
@ -31,38 +31,4 @@ in {
|
||||||
inherit bins;
|
inherit bins;
|
||||||
inherit imports;
|
inherit imports;
|
||||||
} (haskellBody "home" ''paths ++ [[i|#{configDir}/home-manager/target.nix|], "-A", hostname]'' "[i|result-home-manager-#{hostname}|]");
|
} (haskellBody "home" ''paths ++ [[i|#{configDir}/home-manager/target.nix|], "-A", hostname]'' "[i|result-home-manager-#{hostname}|]");
|
||||||
|
|
||||||
test-config = self.writeHaskellScript {
|
|
||||||
name = "test-config";
|
|
||||||
bins = [
|
|
||||||
self.test-system-config
|
|
||||||
self.test-home-config
|
|
||||||
self.git
|
|
||||||
self.niv.bin
|
|
||||||
self.git-crypt
|
|
||||||
self.laminar
|
|
||||||
];
|
|
||||||
imports = [ "System.Directory (withCurrentDirectory)" ];
|
|
||||||
} ''
|
|
||||||
main = do
|
|
||||||
bump <- maybe False (== "bump") . listToMaybe <$> getArgs
|
|
||||||
git "clone" "${repoSrc}" "config"
|
|
||||||
withCurrentDirectory "config" $ do
|
|
||||||
when bump $ ignoreFailure $ niv "update"
|
|
||||||
changed <- (mempty /=) <$> (git "status" "--porcelain" |> captureTrim)
|
|
||||||
when changed $ do
|
|
||||||
git "config" "user.email" "maralorn@maralorn.de"
|
|
||||||
git "config" "user.name" "maralorn (nix-auto-updater)"
|
|
||||||
git "commit" "-am" "Update dependencies with niv"
|
|
||||||
git "push" "-f" "origin" "HEAD:niv-bump"
|
|
||||||
let branch = if bump then "niv-bump" else "master"
|
|
||||||
concurrently_
|
|
||||||
(mapConcurrently_ (\x -> laminarc ["run", [i|system-config-#{x}|], [i|BRANCH=#{branch}|]]) ${
|
|
||||||
self.haskellList systems
|
|
||||||
})
|
|
||||||
(mapConcurrently_ (\x -> laminarc ["run", [i|home-config-#{x}|], [i|BRANCH=#{branch}|]]) ${
|
|
||||||
self.haskellList homes
|
|
||||||
})
|
|
||||||
when changed $ git "push" "origin" "master:master"
|
|
||||||
'';
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,7 +19,7 @@ in {
|
||||||
cp $contentPath ${filename}.hs
|
cp $contentPath ${filename}.hs
|
||||||
${
|
${
|
||||||
lib.concatStringsSep " "
|
lib.concatStringsSep " "
|
||||||
(lib.mapAttrsToList (key: val: "${key}=${val}") ghcEnv)
|
(lib.mapAttrsToList (key: val: ''${key}="${val}"'') ghcEnv)
|
||||||
} ${ghc.withPackages (_: libraries)}/bin/ghc ${
|
} ${ghc.withPackages (_: libraries)}/bin/ghc ${
|
||||||
lib.escapeShellArgs ghcArgs
|
lib.escapeShellArgs ghcArgs
|
||||||
} ${filename}.hs
|
} ${filename}.hs
|
||||||
|
|
Loading…
Reference in a new issue