diff --git a/modules/web01/clan-merge.nix b/modules/web01/clan-merge.nix new file mode 100644 index 0000000..513125e --- /dev/null +++ b/modules/web01/clan-merge.nix @@ -0,0 +1,24 @@ +{ config, self, pkgs, ... }: { + + sops.secrets.merge-bot-gitea-token = {}; + + # service to for automatic merge bot + systemd.services.clan-merge = { + description = "Merge clan.lol PRs automatically"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + environment = { GITEA_TOKEN_FILE = "%d/GITEA_TOKEN_FILE"; }; + serviceConfig = { + LoadCredential = [ "GITEA_TOKEN_FILE:${config.sops.secrets.merge-bot-gitea-token.path}" ]; + Restart = "on-failure"; + DynamicUser = true; + }; + script = '' + while sleep 10; do + ${self.packages.${pkgs.system}.clan-merge}/bin/clan-merge \ + --allowed-users DavHau lassulus mic92 \ + --repos clan-core + done + ''; + }; +} diff --git a/modules/web01/default.nix b/modules/web01/default.nix index 59ee238..ff34edb 100644 --- a/modules/web01/default.nix +++ b/modules/web01/default.nix @@ -1,11 +1,12 @@ { imports = [ - ./homepage.nix - ./gitea - ./postfix.nix - ./harmonia.nix - ./dendrite.nix ./borgbackup.nix + ./clan-merge.nix + ./dendrite.nix + ./gitea + ./harmonia.nix + ./homepage.nix + ./postfix.nix ../zerotier ../zerotier/ctrl.nix ]; diff --git a/targets/web01/secrets.yaml b/targets/web01/secrets.yaml index e3da316..76e385c 100644 --- a/targets/web01/secrets.yaml +++ b/targets/web01/secrets.yaml @@ -11,6 +11,7 @@ harmonia-key: ENC[AES256_GCM,data:pZObqfbLogp0DYs47Tg2STKT9HptPSiP4sgcf31FD68PKS matrix-server-key: ENC[AES256_GCM,data:0148ezOFk8jX5KPQPCG0jQK9ajSfe/iOdUqlvys5/M8DrIwPXH9GzrkknwH+l8kF9ViTRDC/q5md8J2bj3/FBR/RW4rwjDrYx9cBEFm8wjHrywUlwON8kNKtj9ycJmXgtRyCrVGv7sBmODy0ZC5ZfWbhIQh6xWBkX2/rsSh4zwi/1PoHLpOO3u4=,iv:IwHPDi1E3R9LAY/seGpvx1U+N8mB9NMrUjLg4KMA1UA=,tag:pwRJ/CqkFN2eedrnMAaj2w==,type:str] registration-secret: ENC[AES256_GCM,data:EvPearZAxxb2irZFYgvy/tFA72h+IABuzwCbvy94IYR0eoHjuYw6GBde8CNUWG4SUiwyXJr4v438o/YThDhehsZ/cZFjg2o=,iv:ogN4/Iia5Zl95a3HP1KZoy86K8LyBFYw50cZUpkDNQo=,tag:5wU2OrNi7b5gWPfFZcGLjg==,type:str] gitea-actions-runner: ENC[AES256_GCM,data:JKXAa7J1V3GH8lp3UtHTBmiezJlqxX1ItHLE7UcaIeNFQH8We2imaOMVftMpVCeXTpRX,iv:W9+4wH4asw3+w28i5om0OcJFHrABC85bhjhbgGWEs8E=,tag:Rf9XBeiEoJ1Pt8Z1TDIyJA==,type:str] +merge-bot-gitea-token: ENC[AES256_GCM,data:ULHcaNSYJwMVeeEq4bSiRcVRuUkE9fFUV0AkWW1wM0yHQtD+dmo1GcQ=,iv:dujDWGZ+seoVN8Eez1w3tUuMpGeOHtNLMaa+f2hOpAo=,tag:WoDTsZegC6rrbh7ygWSk+A==,type:str] sops: kms: [] gcp_kms: [] @@ -53,8 +54,8 @@ sops: TGk4dUlwcE9XWWIzZE1nQXdXcWY0V0kKJi5yXdrsEOP4Z8K6k/sPA7yadNPKQtzo Iyt//Y+Y7n55KwuO8Doogu42SiVTUhHDICM9lezQmcugFqCoh3Lk4A== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-21T13:58:56Z" - mac: ENC[AES256_GCM,data:GD2lZplaOjw2vRYYAIFydFK1NndJRv5MeXNHDCr/H7G5t8jnO2XstOuUYLhzqO1lpL2dRi4vc+B0UuM6jS3mzUkUqfV201qQ4MxDnViYxgNRk+7XuVaM940yw4UwUJQA2IN7C9EOU/xmYRqpvHFWptjrGFkEnBEVChKncqpen4k=,iv:Zn9i3Y7pkz5OsGHeOi2VBuF2Ha0dUDbDJl+BhXKMgaI=,tag:azmGDxfkQ9P49QTQBxdjSQ==,type:str] + lastmodified: "2023-07-26T09:49:19Z" + mac: ENC[AES256_GCM,data:sAJcUwJeVCXwNXmWUJrP0L1UcjoYDqErW2mBTRC3yoUOVtbVdZnLkswO0PARWruOqMBKXkIH/SqeiLyJ7HLIsobBzFoUNQ6TgjmP0OHf4Qbo/5sSDVA95qK1ZCgK93uKSEfG0WUvJLqfOKUEdBUgPUqJ58RM2VOWU21liccaG+A=,iv:u6lStYbzZsOWd5rsZXKs0XCAbQTFsPrnXLqO27i/Qt0=,tag:JeYtuP1zztsy4FUB1kzcWw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3