web01: add systemd service for job-flake-update
All checks were successful
build / test (push) Successful in 8s
All checks were successful
build / test (push) Successful in 8s
This commit is contained in:
parent
ab3c0adeb5
commit
badf3fb01d
|
@ -2,12 +2,12 @@
|
|||
set -euo pipefail
|
||||
|
||||
# prevent these variables from being unset by writePureShellScript
|
||||
export KEEP_VARS="PR_TITLE REMOTE_BRANCH REPO REPO_DIR"
|
||||
export KEEP_VARS="GIT_AUTHOR_NAME GIT_COMMITTER_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_EMAIL PR_TITLE REMOTE_BRANCH REPO REPO_DIR"
|
||||
|
||||
# configure variables for actions
|
||||
export PR_TITLE="Automatic flake update - $(date --iso-8601=minutes)"
|
||||
export REMOTE_BRANCH="flake-update-$(date --iso-8601)"
|
||||
export REPO=gitea@git.clan.lol:clan/clan-infra.git
|
||||
export REPO="https://git.clan.lol/clan/clan-infra"
|
||||
export REPO_DIR=$TMPDIR/repo
|
||||
|
||||
action-checkout
|
||||
|
|
|
@ -7,6 +7,7 @@
|
|||
./harmonia.nix
|
||||
./homepage.nix
|
||||
./postfix.nix
|
||||
./job-flake-update.nix
|
||||
../zerotier
|
||||
../zerotier/ctrl.nix
|
||||
];
|
||||
|
|
45
modules/web01/job-flake-update.nix
Normal file
45
modules/web01/job-flake-update.nix
Normal file
|
@ -0,0 +1,45 @@
|
|||
{ config, self, pkgs, ... }: {
|
||||
|
||||
sops.secrets.merge-bot-gitea-token = { };
|
||||
|
||||
systemd.timers.job-flake-update = {
|
||||
description = "Time for flake update workflow";
|
||||
partOf = [ "job-flake-update.service" ];
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = {
|
||||
Persistent = true;
|
||||
OnCalendar = "daily";
|
||||
};
|
||||
after = [ "network-online.target" ];
|
||||
};
|
||||
|
||||
# service to for automatic merge bot
|
||||
systemd.services.job-flake-update = {
|
||||
description = "Automatically update flake inputs for clan-repos";
|
||||
after = [ "network-online.target" ];
|
||||
environment = {
|
||||
GITEA_TOKEN_FILE = "%d/GITEA_TOKEN_FILE";
|
||||
# these ariables are repescted by git itself
|
||||
GIT_AUTHOR_NAME = "Clan Merge Bot";
|
||||
GIT_COMMITTER_NAME = "Clan Merge Bot";
|
||||
GIT_AUTHOR_EMAIL = "clan-bot@git.clan.lol";
|
||||
GIT_COMMITTER_EMAIL = "clan-bot@git.clan.lol";
|
||||
};
|
||||
serviceConfig = {
|
||||
LoadCredential = [ "GITEA_TOKEN_FILE:${config.sops.secrets.merge-bot-gitea-token.path}" ];
|
||||
DynamicUser = true;
|
||||
RuntimeDirectory = "job-flake-update";
|
||||
};
|
||||
path = [
|
||||
self.packages.${pkgs.system}.job-flake-update
|
||||
self.packages.${pkgs.system}.job-flake-update
|
||||
];
|
||||
script = ''
|
||||
cd /run/job-flake-update
|
||||
mkdir -p home
|
||||
export HOME=$(realpath home)
|
||||
export REPO_DIR=$HOME/repo
|
||||
job-flake-update
|
||||
'';
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue
Block a user