Update config
This commit is contained in:
Malte Brandy
parent
014d3ef79d
commit
bfb9a0f199
|
|
@ -21,20 +21,15 @@ in {
|
|||
"stream.maralorn.de" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations = {
|
||||
"/" = {
|
||||
proxyPass = "http://[${config.m-0.hosts.apollo-wg}]:8123";
|
||||
};
|
||||
};
|
||||
locations."/".proxyPass =
|
||||
"http://[${config.m-0.hosts.apollo-wg}]:8123";
|
||||
};
|
||||
"tasks.maralorn.de" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations = {
|
||||
"/" = {
|
||||
proxyPass = "http://[::1]:8000";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
locations."/" = {
|
||||
proxyPass = "http://[::1]:8000";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
"hera.m-0.eu" = {
|
||||
|
|
|
|||
|
|
@ -5,19 +5,64 @@ let
|
|||
set -ex
|
||||
export PATH=${lib.makeBinPath path}:$PATH
|
||||
export NIX_PATH="/etc/nix-path:nixos-config=/etc/nixos/configuration.nix"
|
||||
export GIT_SSH_COMMAND="ssh -vv"
|
||||
'';
|
||||
checkout = ''
|
||||
git clone git@hera.m-0.eu:nixos-config config --config advice.detachedHead false
|
||||
cd config
|
||||
REPODIR=`pwd`
|
||||
git checkout origin/$BRANCH
|
||||
cd /var/cache/gc-links
|
||||
'';
|
||||
update-config =
|
||||
"${pkgs.systemd}/bin/systemctl start --no-block update-config";
|
||||
systems = [ "apollo" "hera" ];
|
||||
homes = lib.attrNames (import ../../../home-manager/machines.nix);
|
||||
mkHomeJob = (host: {
|
||||
name = "home-config-${host}.run";
|
||||
value = pkgs.writeShellScript "test-${host}-home-config.run" ''
|
||||
${common}
|
||||
${checkout}
|
||||
WITH_SECRETS=false
|
||||
${pkgs.test-home-config}/bin/test-home-config $REPODIR ${host} --builders "@/etc/nix/machines" --max-jobs 1
|
||||
git -C $REPODIR submodule init
|
||||
WITH_SECRETS=true
|
||||
${pkgs.test-home-config}/bin/test-home-config $REPODIR ${host}
|
||||
'';
|
||||
});
|
||||
mkSystemJob = (host: {
|
||||
name = "system-config-${host}.run";
|
||||
value = pkgs.writeShellScript "test-${host}-system-config.run" ''
|
||||
${common}
|
||||
${checkout}
|
||||
WITH_SECRETS=false
|
||||
${pkgs.test-system-config}/bin/test-system-config $REPODIR ${host} --builders "@/etc/nix/machines" --max-jobs 1
|
||||
git -C $REPODIR submodule init
|
||||
WITH_SECRETS=true
|
||||
${pkgs.test-system-config}/bin/test-system-config $REPODIR ${host}
|
||||
'';
|
||||
});
|
||||
in {
|
||||
services.laminar.cfgFiles.jobs = {
|
||||
"test-config.run" = pkgs.writeShellScript "test-config" ''
|
||||
"test-config.run" = pkgs.writeShellScript "test-config.run" ''
|
||||
${common}
|
||||
${pkgs.test-config}/bin/test-config
|
||||
${pkgs.systemd}/bin/systemctl start --no-block update-config
|
||||
'';
|
||||
"bump-and-test-config.run" = pkgs.writeShellScript "bump-and-test-config" ''
|
||||
"test-config.after" = pkgs.writeShellScript "test-config.after" ''
|
||||
${common}
|
||||
${pkgs.test-config}/bin/test-config bump
|
||||
/run/wrappers/bin/sudo ${update-config}
|
||||
'';
|
||||
};
|
||||
"bump-and-test-config.run" =
|
||||
pkgs.writeShellScript "bump-and-test-config.run" ''
|
||||
${common}
|
||||
${pkgs.test-config}/bin/test-config bump
|
||||
'';
|
||||
} // lib.listToAttrs (map mkHomeJob homes)
|
||||
// lib.listToAttrs (map mkSystemJob homes);
|
||||
security.sudo.extraRules = [{
|
||||
commands = [{
|
||||
command = "${update-config}";
|
||||
options = [ "NOPASSWD" ];
|
||||
}];
|
||||
users = [ "laminar" ];
|
||||
}];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -12,13 +12,8 @@ let
|
|||
(Text.dropAround ('"' ==) . decodeUtf8 . trim -> homeManagerChannel) <- nix_instantiate "--eval" "-E" ([i|(import #{configDir}/channels.nix).#{hostname}.home-manager-channel|] :: String) |> captureTrim
|
||||
(Text.dropAround ('"' ==) . decodeUtf8 . trim -> nixpkgsChannel) <- nix_instantiate "--eval" "-E" ([i|(import #{configDir}/channels.nix).#{hostname}.nixpkgs-channel|] :: String) |> captureTrim
|
||||
paths <- aNixPath homeManagerChannel nixpkgsChannel (toText configDir)
|
||||
logFile <- mktemp |> captureTrim
|
||||
let command = (${commandline}) &!> StdOut &> Append logFile
|
||||
failHandler = do
|
||||
say [i|--- Build failure for ${name} config for #{hostname} ---|]
|
||||
cat logFile
|
||||
say [i|Trying to build ${name} config for #{hostname}. Logging to #{logFile}.|]
|
||||
onException command failHandler
|
||||
say [i|Trying to build ${name} config for #{hostname}.|]
|
||||
${commandline}
|
||||
say [i|Build of ${name} config for #{hostname} was successful.|]
|
||||
'';
|
||||
in {
|
||||
|
|
@ -27,13 +22,15 @@ in {
|
|||
name = "test-system-config";
|
||||
inherit bins;
|
||||
inherit imports;
|
||||
} (haskellBody "system" ''nix_build $ buildSystemParams ++ paths ++ ["-I", [i|nixos-config=#{configDir}/nixos/machines/#{hostname}/configuration.nix|], "-o", [i|result-system-#{hostname}|]] ++ fmap toString args'');
|
||||
} (haskellBody "system" ''
|
||||
nix_build $ buildSystemParams ++ paths ++ ["-I", [i|nixos-config=#{configDir}/nixos/machines/#{hostname}/configuration.nix|], "-o", [i|result-system-#{hostname}|]] ++ fmap toString args'');
|
||||
|
||||
test-home-config = self.writeHaskellScript {
|
||||
name = "test-home-config";
|
||||
inherit bins;
|
||||
inherit imports;
|
||||
} (haskellBody "home" ''nix_build $ paths ++ [[i|#{configDir}/home-manager/target.nix|], "-A", hostname, "-o", [i|result-home-manager-#{hostname}|]] ++ fmap toString args'');
|
||||
} (haskellBody "home" ''
|
||||
nix_build $ paths ++ [[i|#{configDir}/home-manager/target.nix|], "-A", hostname, "-o", [i|result-home-manager-#{hostname}|]] ++ fmap toString args'');
|
||||
|
||||
test-config = self.writeHaskellScript {
|
||||
name = "test-config";
|
||||
|
|
@ -43,33 +40,29 @@ in {
|
|||
self.git
|
||||
self.niv.bin
|
||||
self.git-crypt
|
||||
self.laminar
|
||||
];
|
||||
imports = [ "System.Directory (withCurrentDirectory)" ];
|
||||
} ''
|
||||
checkout :: IO FilePath
|
||||
checkout = do
|
||||
(decodeUtf8 -> repoDir) <- mktemp "-d" |> captureTrim
|
||||
git "clone" "${repoSrc}" repoDir
|
||||
pure repoDir
|
||||
|
||||
main = do
|
||||
bump <- (maybe False (== "bump") . listToMaybe) <$> getArgs
|
||||
bracket checkout (rm "-rf") $ \repoDir -> do
|
||||
withCurrentDirectory repoDir $ do
|
||||
when bump $ ignoreFailure $ niv "update"
|
||||
changed <- (mempty /=) <$> (git "-C" repoDir "status" "--porcelain" |> captureTrim)
|
||||
bump <- maybe False (== "bump") . listToMaybe <$> getArgs
|
||||
git "clone" "${repoSrc}" "config"
|
||||
withCurrentDirectory "config" $ do
|
||||
when bump $ ignoreFailure $ niv "update"
|
||||
changed <- (mempty /=) <$> (git "status" "--porcelain" |> captureTrim)
|
||||
when changed $ do
|
||||
git "-C" repoDir "config" "user.email" "maralorn@maralorn.de"
|
||||
git "-C" repoDir "config" "user.name" "maralorn (nix-auto-updater)"
|
||||
git "-C" repoDir "commit" "-am" "Update dependencies with niv"
|
||||
git "config" "user.email" "maralorn@maralorn.de"
|
||||
git "config" "user.name" "maralorn (nix-auto-updater)"
|
||||
git "commit" "-am" "Update dependencies with niv"
|
||||
git "push" "-f" "HEAD:niv-bump"
|
||||
let branch = if bump then "niv-bump" else "master"
|
||||
concurrently_
|
||||
(mapConcurrently_ (\x -> test_system_config repoDir x remoteBuildParams) ${self.haskellList systems})
|
||||
(mapConcurrently_ (\x -> test_home_config repoDir x remoteBuildParams) ${self.haskellList homes})
|
||||
git "-C" repoDir "submodule" "update" "--init"
|
||||
concurrently_
|
||||
(mapConcurrently_ (test_system_config repoDir) ${self.haskellList systems})
|
||||
(mapConcurrently_ (test_home_config repoDir) ${self.haskellList homes})
|
||||
when changed $ do
|
||||
git "-C" repoDir "push" "origin" "master:master"
|
||||
(mapConcurrently_ (\x -> laminarc ["run", [i|system-config-#{x}|], [i|BRANCH=#{branch}|]]) ${
|
||||
self.haskellList systems
|
||||
})
|
||||
(mapConcurrently_ (\x -> laminarc ["run", [i|home-config-#{x}|], [i|BRANCH=#{branch}|]]) ${
|
||||
self.haskellList homes
|
||||
})
|
||||
when changed $ git "-C" "config" "push" "origin" "master:master"
|
||||
'';
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue