Update config

nixos/machines/hera/web.nix

@@ -21,20 +21,15 @@ in {
         "stream.maralorn.de" = {
           forceSSL = true;
           enableACME = true;
-          locations = {
+          locations."/".proxyPass =
-            "/" = {
+            "http://[${config.m-0.hosts.apollo-wg}]:8123";
-              proxyPass = "http://[${config.m-0.hosts.apollo-wg}]:8123";
-            };
-          };
         };
         "tasks.maralorn.de" = {
           forceSSL = true;
           enableACME = true;
-          locations = {
+          locations."/" = {
-            "/" = {
+            proxyPass = "http://[::1]:8000";
-              proxyPass = "http://[::1]:8000";
+            proxyWebsockets = true;
-              proxyWebsockets = true;
-            };
           };
         };
         "hera.m-0.eu" = {

nixos/roles/laminar/test-config.nix

@@ -5,19 +5,64 @@ let
     set -ex
     export PATH=${lib.makeBinPath path}:$PATH
     export NIX_PATH="/etc/nix-path:nixos-config=/etc/nixos/configuration.nix"
-    export GIT_SSH_COMMAND="ssh -vv"
+  '';
+  checkout = ''
+    git clone git@hera.m-0.eu:nixos-config config --config advice.detachedHead false
+    cd config
+    REPODIR=`pwd`
+    git checkout origin/$BRANCH
     cd /var/cache/gc-links
   '';
+  update-config =
+    "${pkgs.systemd}/bin/systemctl start --no-block update-config";
+  systems = [ "apollo" "hera" ];
+  homes = lib.attrNames (import ../../../home-manager/machines.nix);
+  mkHomeJob = (host: {
+    name = "home-config-${host}.run";
+    value = pkgs.writeShellScript "test-${host}-home-config.run" ''
+      ${common}
+      ${checkout}
+      WITH_SECRETS=false
+      ${pkgs.test-home-config}/bin/test-home-config $REPODIR ${host} --builders "@/etc/nix/machines" --max-jobs 1
+      git -C $REPODIR submodule init
+      WITH_SECRETS=true
+      ${pkgs.test-home-config}/bin/test-home-config $REPODIR ${host}
+    '';
+  });
+  mkSystemJob = (host: {
+    name = "system-config-${host}.run";
+    value = pkgs.writeShellScript "test-${host}-system-config.run" ''
+      ${common}
+      ${checkout}
+      WITH_SECRETS=false
+      ${pkgs.test-system-config}/bin/test-system-config $REPODIR ${host} --builders "@/etc/nix/machines" --max-jobs 1
+      git -C $REPODIR submodule init
+      WITH_SECRETS=true
+      ${pkgs.test-system-config}/bin/test-system-config $REPODIR ${host}
+    '';
+  });
 in {
   services.laminar.cfgFiles.jobs = {
-    "test-config.run" = pkgs.writeShellScript "test-config" ''
+    "test-config.run" = pkgs.writeShellScript "test-config.run" ''
       ${common}
       ${pkgs.test-config}/bin/test-config
-      ${pkgs.systemd}/bin/systemctl start --no-block update-config
     '';
-    "bump-and-test-config.run" = pkgs.writeShellScript "bump-and-test-config" ''
+    "test-config.after" = pkgs.writeShellScript "test-config.after" ''
       ${common}
-      ${pkgs.test-config}/bin/test-config bump
+      /run/wrappers/bin/sudo ${update-config}
     '';
-  };
+    "bump-and-test-config.run" =
+      pkgs.writeShellScript "bump-and-test-config.run" ''
+        ${common}
+        ${pkgs.test-config}/bin/test-config bump
+      '';
+  } // lib.listToAttrs (map mkHomeJob homes)
+    // lib.listToAttrs (map mkSystemJob homes);
+  security.sudo.extraRules = [{
+    commands = [{
+      command = "${update-config}";
+      options = [ "NOPASSWD" ];
+    }];
+    users = [ "laminar" ];
+  }];
 }

overlays/testing.nix

@@ -12,13 +12,8 @@ let
       (Text.dropAround ('"' ==) . decodeUtf8 . trim -> homeManagerChannel) <- nix_instantiate "--eval" "-E" ([i|(import #{configDir}/channels.nix).#{hostname}.home-manager-channel|] :: String) |> captureTrim
       (Text.dropAround ('"' ==) . decodeUtf8 . trim -> nixpkgsChannel) <- nix_instantiate "--eval" "-E" ([i|(import #{configDir}/channels.nix).#{hostname}.nixpkgs-channel|] :: String) |> captureTrim
       paths <- aNixPath homeManagerChannel nixpkgsChannel (toText configDir)
-      logFile <- mktemp |> captureTrim
+      say [i|Trying to build ${name} config for #{hostname}.|]
-      let command = (${commandline}) &!> StdOut &> Append logFile
+      ${commandline}
-          failHandler = do
-            say [i|--- Build failure for ${name} config for #{hostname} ---|]
-            cat logFile
-      say [i|Trying to build ${name} config for #{hostname}. Logging to #{logFile}.|]
-      onException command failHandler
       say [i|Build of ${name} config for #{hostname} was successful.|]
   '';
 in {
@@ -27,13 +22,15 @@ in {
     name = "test-system-config";
     inherit bins;
     inherit imports;
-  } (haskellBody "system" ''nix_build $ buildSystemParams ++ paths ++ ["-I", [i|nixos-config=#{configDir}/nixos/machines/#{hostname}/configuration.nix|], "-o", [i|result-system-#{hostname}|]] ++ fmap toString args'');
+  } (haskellBody "system" ''
+    nix_build $ buildSystemParams ++ paths ++ ["-I", [i|nixos-config=#{configDir}/nixos/machines/#{hostname}/configuration.nix|], "-o", [i|result-system-#{hostname}|]] ++ fmap toString args'');
 
   test-home-config = self.writeHaskellScript {
     name = "test-home-config";
     inherit bins;
     inherit imports;
-  } (haskellBody "home" ''nix_build $ paths ++ [[i|#{configDir}/home-manager/target.nix|], "-A", hostname, "-o", [i|result-home-manager-#{hostname}|]] ++ fmap toString args'');
+  } (haskellBody "home" ''
+    nix_build $ paths ++ [[i|#{configDir}/home-manager/target.nix|], "-A", hostname, "-o", [i|result-home-manager-#{hostname}|]] ++ fmap toString args'');
 
   test-config = self.writeHaskellScript {
     name = "test-config";
@@ -43,33 +40,29 @@ in {
       self.git
       self.niv.bin
       self.git-crypt
+      self.laminar
     ];
     imports = [ "System.Directory (withCurrentDirectory)" ];
   } ''
-    checkout :: IO FilePath
-    checkout = do
-      (decodeUtf8 -> repoDir) <-  mktemp "-d" |> captureTrim
-      git "clone" "${repoSrc}" repoDir
-      pure repoDir
-
     main = do
-      bump <- (maybe False (== "bump") . listToMaybe) <$> getArgs
+      bump <- maybe False (== "bump") . listToMaybe <$> getArgs
-      bracket checkout (rm "-rf") $ \repoDir -> do
+      git "clone" "${repoSrc}" "config"
-        withCurrentDirectory repoDir $ do
+      withCurrentDirectory "config" $ do
-          when bump $ ignoreFailure $ niv "update"
+        when bump $ ignoreFailure $ niv "update"
-        changed <- (mempty /=) <$> (git "-C" repoDir "status" "--porcelain" |> captureTrim)
+        changed <- (mempty /=) <$> (git "status" "--porcelain" |> captureTrim)
         when changed $ do
-          git "-C" repoDir "config" "user.email" "maralorn@maralorn.de"
+          git "config" "user.email" "maralorn@maralorn.de"
-          git "-C" repoDir "config" "user.name" "maralorn (nix-auto-updater)"
+          git "config" "user.name" "maralorn (nix-auto-updater)"
-          git "-C" repoDir "commit" "-am" "Update dependencies with niv"
+          git "commit" "-am" "Update dependencies with niv"
+          git "push" "-f" "HEAD:niv-bump"
+        let branch = if bump then "niv-bump" else "master"
         concurrently_
-          (mapConcurrently_ (\x -> test_system_config repoDir x remoteBuildParams) ${self.haskellList systems})
+          (mapConcurrently_ (\x -> laminarc ["run", [i|system-config-#{x}|], [i|BRANCH=#{branch}|]]) ${
-          (mapConcurrently_ (\x -> test_home_config repoDir x remoteBuildParams) ${self.haskellList homes})
+            self.haskellList systems
-        git "-C" repoDir "submodule" "update" "--init"
+          })
-        concurrently_
+          (mapConcurrently_ (\x -> laminarc ["run", [i|home-config-#{x}|], [i|BRANCH=#{branch}|]]) ${
-          (mapConcurrently_ (test_system_config repoDir) ${self.haskellList systems})
+            self.haskellList homes
-          (mapConcurrently_ (test_home_config repoDir) ${self.haskellList homes})
+          })
-        when changed $ do
+        when changed $ git "-C" "config" "push" "origin" "master:master"
-          git "-C" repoDir "push" "origin" "master:master"
   '';
 }