From bfb9a0f199af4990aef82326efc4e3b0de0b500c Mon Sep 17 00:00:00 2001 From: Malte Brandy Date: Thu, 7 Jan 2021 04:45:37 +0100 Subject: [PATCH] Update config --- nixos/machines/hera/web.nix | 15 +++----- nixos/roles/laminar/test-config.nix | 57 ++++++++++++++++++++++++++--- overlays/testing.nix | 55 ++++++++++++---------------- 3 files changed, 80 insertions(+), 47 deletions(-) diff --git a/nixos/machines/hera/web.nix b/nixos/machines/hera/web.nix index 340b2218..e6de3661 100644 --- a/nixos/machines/hera/web.nix +++ b/nixos/machines/hera/web.nix @@ -21,20 +21,15 @@ in { "stream.maralorn.de" = { forceSSL = true; enableACME = true; - locations = { - "/" = { - proxyPass = "http://[${config.m-0.hosts.apollo-wg}]:8123"; - }; - }; + locations."/".proxyPass = + "http://[${config.m-0.hosts.apollo-wg}]:8123"; }; "tasks.maralorn.de" = { forceSSL = true; enableACME = true; - locations = { - "/" = { - proxyPass = "http://[::1]:8000"; - proxyWebsockets = true; - }; + locations."/" = { + proxyPass = "http://[::1]:8000"; + proxyWebsockets = true; }; }; "hera.m-0.eu" = { diff --git a/nixos/roles/laminar/test-config.nix b/nixos/roles/laminar/test-config.nix index f2702b36..fbf1947e 100644 --- a/nixos/roles/laminar/test-config.nix +++ b/nixos/roles/laminar/test-config.nix @@ -5,19 +5,64 @@ let set -ex export PATH=${lib.makeBinPath path}:$PATH export NIX_PATH="/etc/nix-path:nixos-config=/etc/nixos/configuration.nix" - export GIT_SSH_COMMAND="ssh -vv" + ''; + checkout = '' + git clone git@hera.m-0.eu:nixos-config config --config advice.detachedHead false + cd config + REPODIR=`pwd` + git checkout origin/$BRANCH cd /var/cache/gc-links ''; + update-config = + "${pkgs.systemd}/bin/systemctl start --no-block update-config"; + systems = [ "apollo" "hera" ]; + homes = lib.attrNames (import ../../../home-manager/machines.nix); + mkHomeJob = (host: { + name = "home-config-${host}.run"; + value = pkgs.writeShellScript "test-${host}-home-config.run" '' + ${common} + ${checkout} + WITH_SECRETS=false + ${pkgs.test-home-config}/bin/test-home-config $REPODIR ${host} --builders "@/etc/nix/machines" --max-jobs 1 + git -C $REPODIR submodule init + WITH_SECRETS=true + ${pkgs.test-home-config}/bin/test-home-config $REPODIR ${host} + ''; + }); + mkSystemJob = (host: { + name = "system-config-${host}.run"; + value = pkgs.writeShellScript "test-${host}-system-config.run" '' + ${common} + ${checkout} + WITH_SECRETS=false + ${pkgs.test-system-config}/bin/test-system-config $REPODIR ${host} --builders "@/etc/nix/machines" --max-jobs 1 + git -C $REPODIR submodule init + WITH_SECRETS=true + ${pkgs.test-system-config}/bin/test-system-config $REPODIR ${host} + ''; + }); in { services.laminar.cfgFiles.jobs = { - "test-config.run" = pkgs.writeShellScript "test-config" '' + "test-config.run" = pkgs.writeShellScript "test-config.run" '' ${common} ${pkgs.test-config}/bin/test-config - ${pkgs.systemd}/bin/systemctl start --no-block update-config ''; - "bump-and-test-config.run" = pkgs.writeShellScript "bump-and-test-config" '' + "test-config.after" = pkgs.writeShellScript "test-config.after" '' ${common} - ${pkgs.test-config}/bin/test-config bump + /run/wrappers/bin/sudo ${update-config} ''; - }; + "bump-and-test-config.run" = + pkgs.writeShellScript "bump-and-test-config.run" '' + ${common} + ${pkgs.test-config}/bin/test-config bump + ''; + } // lib.listToAttrs (map mkHomeJob homes) + // lib.listToAttrs (map mkSystemJob homes); + security.sudo.extraRules = [{ + commands = [{ + command = "${update-config}"; + options = [ "NOPASSWD" ]; + }]; + users = [ "laminar" ]; + }]; } diff --git a/overlays/testing.nix b/overlays/testing.nix index c7025a30..6e6788b4 100644 --- a/overlays/testing.nix +++ b/overlays/testing.nix @@ -12,13 +12,8 @@ let (Text.dropAround ('"' ==) . decodeUtf8 . trim -> homeManagerChannel) <- nix_instantiate "--eval" "-E" ([i|(import #{configDir}/channels.nix).#{hostname}.home-manager-channel|] :: String) |> captureTrim (Text.dropAround ('"' ==) . decodeUtf8 . trim -> nixpkgsChannel) <- nix_instantiate "--eval" "-E" ([i|(import #{configDir}/channels.nix).#{hostname}.nixpkgs-channel|] :: String) |> captureTrim paths <- aNixPath homeManagerChannel nixpkgsChannel (toText configDir) - logFile <- mktemp |> captureTrim - let command = (${commandline}) &!> StdOut &> Append logFile - failHandler = do - say [i|--- Build failure for ${name} config for #{hostname} ---|] - cat logFile - say [i|Trying to build ${name} config for #{hostname}. Logging to #{logFile}.|] - onException command failHandler + say [i|Trying to build ${name} config for #{hostname}.|] + ${commandline} say [i|Build of ${name} config for #{hostname} was successful.|] ''; in { @@ -27,13 +22,15 @@ in { name = "test-system-config"; inherit bins; inherit imports; - } (haskellBody "system" ''nix_build $ buildSystemParams ++ paths ++ ["-I", [i|nixos-config=#{configDir}/nixos/machines/#{hostname}/configuration.nix|], "-o", [i|result-system-#{hostname}|]] ++ fmap toString args''); + } (haskellBody "system" '' + nix_build $ buildSystemParams ++ paths ++ ["-I", [i|nixos-config=#{configDir}/nixos/machines/#{hostname}/configuration.nix|], "-o", [i|result-system-#{hostname}|]] ++ fmap toString args''); test-home-config = self.writeHaskellScript { name = "test-home-config"; inherit bins; inherit imports; - } (haskellBody "home" ''nix_build $ paths ++ [[i|#{configDir}/home-manager/target.nix|], "-A", hostname, "-o", [i|result-home-manager-#{hostname}|]] ++ fmap toString args''); + } (haskellBody "home" '' + nix_build $ paths ++ [[i|#{configDir}/home-manager/target.nix|], "-A", hostname, "-o", [i|result-home-manager-#{hostname}|]] ++ fmap toString args''); test-config = self.writeHaskellScript { name = "test-config"; @@ -43,33 +40,29 @@ in { self.git self.niv.bin self.git-crypt + self.laminar ]; imports = [ "System.Directory (withCurrentDirectory)" ]; } '' - checkout :: IO FilePath - checkout = do - (decodeUtf8 -> repoDir) <- mktemp "-d" |> captureTrim - git "clone" "${repoSrc}" repoDir - pure repoDir - main = do - bump <- (maybe False (== "bump") . listToMaybe) <$> getArgs - bracket checkout (rm "-rf") $ \repoDir -> do - withCurrentDirectory repoDir $ do - when bump $ ignoreFailure $ niv "update" - changed <- (mempty /=) <$> (git "-C" repoDir "status" "--porcelain" |> captureTrim) + bump <- maybe False (== "bump") . listToMaybe <$> getArgs + git "clone" "${repoSrc}" "config" + withCurrentDirectory "config" $ do + when bump $ ignoreFailure $ niv "update" + changed <- (mempty /=) <$> (git "status" "--porcelain" |> captureTrim) when changed $ do - git "-C" repoDir "config" "user.email" "maralorn@maralorn.de" - git "-C" repoDir "config" "user.name" "maralorn (nix-auto-updater)" - git "-C" repoDir "commit" "-am" "Update dependencies with niv" + git "config" "user.email" "maralorn@maralorn.de" + git "config" "user.name" "maralorn (nix-auto-updater)" + git "commit" "-am" "Update dependencies with niv" + git "push" "-f" "HEAD:niv-bump" + let branch = if bump then "niv-bump" else "master" concurrently_ - (mapConcurrently_ (\x -> test_system_config repoDir x remoteBuildParams) ${self.haskellList systems}) - (mapConcurrently_ (\x -> test_home_config repoDir x remoteBuildParams) ${self.haskellList homes}) - git "-C" repoDir "submodule" "update" "--init" - concurrently_ - (mapConcurrently_ (test_system_config repoDir) ${self.haskellList systems}) - (mapConcurrently_ (test_home_config repoDir) ${self.haskellList homes}) - when changed $ do - git "-C" repoDir "push" "origin" "master:master" + (mapConcurrently_ (\x -> laminarc ["run", [i|system-config-#{x}|], [i|BRANCH=#{branch}|]]) ${ + self.haskellList systems + }) + (mapConcurrently_ (\x -> laminarc ["run", [i|home-config-#{x}|], [i|BRANCH=#{branch}|]]) ${ + self.haskellList homes + }) + when changed $ git "-C" "config" "push" "origin" "master:master" ''; }