clan/clan-infra
10
0
Fork 1
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Merge pull request 'jobs: generate systemd services fro jobs automatically' (#55) from DavHau-auto-systemd-jobs into main
All checks were successful
build / test (push) Successful in 6s
Details

Browse Source
This commit is contained in:
clan-bot 2023-07-28 14:57:24 +00:00
commit ee6dff69cb
12 changed files with 166 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
flake-parts/job-flake-update/default.nix → flake-parts/action-flake-update-pr-clan/default.nix
View File

3
flake-parts/job-flake-update/script.sh → flake-parts/action-flake-update-pr-clan/script.sh
View File

@ -2,12 +2,11 @@
set -euo pipefail
# prevent these variables from being unset by writePureShellScript
export KEEP_VARS="GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL GITEA_URL GITEA_USER PR_TITLE REMOTE_BRANCH REPO REPO_DIR${KEEP_VARS:+ $KEEP_VARS}"
export KEEP_VARS="GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL GITEA_URL GITEA_USER PR_TITLE REMOTE_BRANCH REPO_DIR${KEEP_VARS:+ $KEEP_VARS}"
# configure variables for actions
export PR_TITLE="Automatic flake update - $(date --iso-8601=minutes)"
export REMOTE_BRANCH="flake-update-$(date --iso-8601)"
export REPO="gitea@git.clan.lol:clan/clan-infra.git"
export REPO_DIR=$TMPDIR/repo
export GIT_AUTHOR_NAME="Clan Merge Bot"
export GIT_AUTHOR_EMAIL="clan-bot@git.clan.lol"

23
flake-parts/job-flake-update-clan-core/default.nix Normal file
View File

@ -0,0 +1,23 @@
{
perSystem =
{ config
, pkgs
, self'
, ...
}:
let
name = builtins.baseNameOf ./.;
script = config.writers.writePureShellScriptBin
name
[
pkgs.bash
self'.packages.action-flake-update-pr-clan
]
''
bash ${./script.sh}
'';
in
{
packages.${name} = script;
};
}

7
flake-parts/job-flake-update-clan-core/script.sh Normal file
View File

@ -0,0 +1,7 @@
#!/usr/bin/env bash
set -euo pipefail
export REPO="gitea@git.clan.lol:clan/clan-core.git"
export KEEP_VARS="REPO${KEEP_VARS:+ $KEEP_VARS}"
action-flake-update-pr-clan

23
flake-parts/job-flake-update-clan-homepage/default.nix Normal file
View File

@ -0,0 +1,23 @@
{
perSystem =
{ config
, pkgs
, self'
, ...
}:
let
name = builtins.baseNameOf ./.;
script = config.writers.writePureShellScriptBin
name
[
pkgs.bash
self'.packages.action-flake-update-pr-clan
]
''
bash ${./script.sh}
'';
in
{
packages.${name} = script;
};
}

7
flake-parts/job-flake-update-clan-homepage/script.sh Normal file
View File

@ -0,0 +1,7 @@
#!/usr/bin/env bash
set -euo pipefail
export REPO="gitea@git.clan.lol:clan/clan-homepage.git"
export KEEP_VARS="REPO${KEEP_VARS:+ $KEEP_VARS}"
action-flake-update-pr-clan

23
flake-parts/job-flake-update-clan-infra/default.nix Normal file
View File

@ -0,0 +1,23 @@
{
perSystem =
{ config
, pkgs
, self'
, ...
}:
let
name = builtins.baseNameOf ./.;
script = config.writers.writePureShellScriptBin
name
[
pkgs.bash
self'.packages.action-flake-update-pr-clan
]
''
bash ${./script.sh}
'';
in
{
packages.${name} = script;
};
}

7
flake-parts/job-flake-update-clan-infra/script.sh Normal file
View File

@ -0,0 +1,7 @@
#!/usr/bin/env bash
set -euo pipefail
export REPO="gitea@git.clan.lol:clan/clan-infra.git"
export KEEP_VARS="REPO${KEEP_VARS:+ $KEEP_VARS}"
action-flake-update-pr-clan

5
flake.nix
View File

@ -44,8 +44,11 @@
./flake-parts/action-create-pr
./flake-parts/action-ensure-tea-login
./flake-parts/action-flake-update
./flake-parts/action-flake-update-pr-clan
./flake-parts/devShells
./flake-parts/job-flake-update
./flake-parts/job-flake-update-clan-core
./flake-parts/job-flake-update-clan-homepage
./flake-parts/job-flake-update-clan-infra
./targets/flake-module.nix
./modules/flake-module.nix
./pkgs/flake-module.nix

2
modules/web01/default.nix
View File

@ -7,7 +7,7 @@
./harmonia.nix
./homepage.nix
./postfix.nix
./job-flake-update.nix
./jobs.nix
../zerotier
../zerotier/ctrl.nix
];

48
modules/web01/job-flake-update.nix
View File

@ -1,48 +0,0 @@
{ config, self, pkgs, ... }: {
sops.secrets.clan-bot-gitea-token = { };
sops.secrets.clan-bot-ssh-key = { };
systemd.timers.job-flake-update = {
description = "Time for flake update workflow";
partOf = [ "job-flake-update.service" ];
wantedBy = [ "timers.target" ];
timerConfig = {
Persistent = true;
OnCalendar = "daily";
};
after = [ "network-online.target" ];
};
# service to for automatic merge bot
systemd.services.job-flake-update = {
description = "Automatically update flake inputs for clan-repos";
after = [ "network-online.target" ];
environment = {
# secrets
GITEA_TOKEN_FILE = "%d/GITEA_TOKEN_FILE";
CLAN_BOT_SSH_KEY_FILE = "%d/CLAN_BOT_SSH_KEY_FILE";
HOME = "/run/job-flake-update";
# used by action-checkout
REPO_DIR = "/run/job-flake-update/repo";
# used by git
GIT_SSH_COMMAND = "ssh -i %d/CLAN_BOT_SSH_KEY_FILE -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null";
# prevent these variables from being unset by writePureShellScript
KEEP_VARS = "GIT_SSH_COMMAND GITEA_TOKEN_FILE";
};
serviceConfig = {
LoadCredential = [
"GITEA_TOKEN_FILE:${config.sops.secrets.clan-bot-gitea-token.path}"
"CLAN_BOT_SSH_KEY_FILE:${config.sops.secrets.clan-bot-ssh-key.path}"
];
DynamicUser = true;
RuntimeDirectory = "job-flake-update";
WorkingDirectory = "/run/job-flake-update";
ExecStart = "${self.packages.${pkgs.system}.job-flake-update}/bin/job-flake-update";
};
};
}

70
modules/web01/jobs.nix Normal file
View File

@ -0,0 +1,70 @@
{ config, self, pkgs, lib, ... }:
let
allFlakePackages = [
"job-flake-update-clan-core"
"job-flake-update-clan-homepage"
"job-flake-update-clan-infra"
];
allFlakeJobs = lib.filter (lib.hasPrefix "job-") allFlakePackages;
allSystemdConfigs = map configForJob allFlakeJobs;
configForJob = name: {
systemd.timers.${name} = {
description = "Time for flake update workflow";
partOf = [ "${name}.service" ];
wantedBy = [ "timers.target" ];
timerConfig = {
Persistent = true;
OnCalendar = "daily";
};
after = [ "network-online.target" ];
};
# service to for automatic merge bot
systemd.services.${name} = {
description = "Automatically update flake inputs for clan-repos";
after = [ "network-online.target" ];
environment = {
# secrets
GITEA_TOKEN_FILE = "%d/GITEA_TOKEN_FILE";
CLAN_BOT_SSH_KEY_FILE = "%d/CLAN_BOT_SSH_KEY_FILE";
HOME = "/run/${name}";
# used by action-checkout
REPO_DIR = "/run/${name}/repo";
# used by git
GIT_SSH_COMMAND = "ssh -i %d/CLAN_BOT_SSH_KEY_FILE -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null";
# prevent these variables from being unset by writePureShellScript
KEEP_VARS = "GIT_SSH_COMMAND GITEA_TOKEN_FILE";
};
serviceConfig = {
LoadCredential = [
"GITEA_TOKEN_FILE:${config.sops.secrets.clan-bot-gitea-token.path}"
"CLAN_BOT_SSH_KEY_FILE:${config.sops.secrets.clan-bot-ssh-key.path}"
];
DynamicUser = true;
RuntimeDirectory = "${name}";
WorkingDirectory = "/run/${name}";
ExecStart = "${self.packages.${pkgs.system}.${name}}/bin/${name}";
};
};
};
in
{
config = lib.mkMerge (
allSystemdConfigs
++ [
{
sops.secrets.clan-bot-gitea-token = { };
sops.secrets.clan-bot-ssh-key = { };
}
]
);
}