From e17ac46a6c52c9cc72a1334edcc468e2e76605f0 Mon Sep 17 00:00:00 2001 From: DavHau Date: Fri, 28 Jul 2023 16:56:21 +0200 Subject: [PATCH] jobs: generate systemd services fro jobs automatically --- .../default.nix | 0 .../script.sh | 3 +- .../job-flake-update-clan-core/default.nix | 23 ++++++ .../job-flake-update-clan-core/script.sh | 7 ++ .../default.nix | 23 ++++++ .../job-flake-update-clan-homepage/script.sh | 7 ++ .../job-flake-update-clan-infra/default.nix | 23 ++++++ .../job-flake-update-clan-infra/script.sh | 7 ++ flake.nix | 5 +- modules/web01/default.nix | 2 +- modules/web01/job-flake-update.nix | 48 ------------- modules/web01/jobs.nix | 70 +++++++++++++++++++ 12 files changed, 166 insertions(+), 52 deletions(-) rename flake-parts/{job-flake-update => action-flake-update-pr-clan}/default.nix (100%) rename flake-parts/{job-flake-update => action-flake-update-pr-clan}/script.sh (88%) create mode 100644 flake-parts/job-flake-update-clan-core/default.nix create mode 100644 flake-parts/job-flake-update-clan-core/script.sh create mode 100644 flake-parts/job-flake-update-clan-homepage/default.nix create mode 100644 flake-parts/job-flake-update-clan-homepage/script.sh create mode 100644 flake-parts/job-flake-update-clan-infra/default.nix create mode 100644 flake-parts/job-flake-update-clan-infra/script.sh delete mode 100644 modules/web01/job-flake-update.nix create mode 100644 modules/web01/jobs.nix diff --git a/flake-parts/job-flake-update/default.nix b/flake-parts/action-flake-update-pr-clan/default.nix similarity index 100% rename from flake-parts/job-flake-update/default.nix rename to flake-parts/action-flake-update-pr-clan/default.nix diff --git a/flake-parts/job-flake-update/script.sh b/flake-parts/action-flake-update-pr-clan/script.sh similarity index 88% rename from flake-parts/job-flake-update/script.sh rename to flake-parts/action-flake-update-pr-clan/script.sh index bc4a570..7507941 100644 --- a/flake-parts/job-flake-update/script.sh +++ b/flake-parts/action-flake-update-pr-clan/script.sh @@ -2,12 +2,11 @@ set -euo pipefail # prevent these variables from being unset by writePureShellScript -export KEEP_VARS="GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL GITEA_URL GITEA_USER PR_TITLE REMOTE_BRANCH REPO REPO_DIR${KEEP_VARS:+ $KEEP_VARS}" +export KEEP_VARS="GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL GITEA_URL GITEA_USER PR_TITLE REMOTE_BRANCH REPO_DIR${KEEP_VARS:+ $KEEP_VARS}" # configure variables for actions export PR_TITLE="Automatic flake update - $(date --iso-8601=minutes)" export REMOTE_BRANCH="flake-update-$(date --iso-8601)" -export REPO="gitea@git.clan.lol:clan/clan-infra.git" export REPO_DIR=$TMPDIR/repo export GIT_AUTHOR_NAME="Clan Merge Bot" export GIT_AUTHOR_EMAIL="clan-bot@git.clan.lol" diff --git a/flake-parts/job-flake-update-clan-core/default.nix b/flake-parts/job-flake-update-clan-core/default.nix new file mode 100644 index 0000000..9450fd7 --- /dev/null +++ b/flake-parts/job-flake-update-clan-core/default.nix @@ -0,0 +1,23 @@ +{ + perSystem = + { config + , pkgs + , self' + , ... + }: + let + name = builtins.baseNameOf ./.; + script = config.writers.writePureShellScriptBin + name + [ + pkgs.bash + self'.packages.action-flake-update-pr-clan + ] + '' + bash ${./script.sh} + ''; + in + { + packages.${name} = script; + }; +} diff --git a/flake-parts/job-flake-update-clan-core/script.sh b/flake-parts/job-flake-update-clan-core/script.sh new file mode 100644 index 0000000..2bf784c --- /dev/null +++ b/flake-parts/job-flake-update-clan-core/script.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash +set -euo pipefail + +export REPO="gitea@git.clan.lol:clan/clan-core.git" +export KEEP_VARS="REPO${KEEP_VARS:+ $KEEP_VARS}" + +action-flake-update-pr-clan diff --git a/flake-parts/job-flake-update-clan-homepage/default.nix b/flake-parts/job-flake-update-clan-homepage/default.nix new file mode 100644 index 0000000..9450fd7 --- /dev/null +++ b/flake-parts/job-flake-update-clan-homepage/default.nix @@ -0,0 +1,23 @@ +{ + perSystem = + { config + , pkgs + , self' + , ... + }: + let + name = builtins.baseNameOf ./.; + script = config.writers.writePureShellScriptBin + name + [ + pkgs.bash + self'.packages.action-flake-update-pr-clan + ] + '' + bash ${./script.sh} + ''; + in + { + packages.${name} = script; + }; +} diff --git a/flake-parts/job-flake-update-clan-homepage/script.sh b/flake-parts/job-flake-update-clan-homepage/script.sh new file mode 100644 index 0000000..92aa6b9 --- /dev/null +++ b/flake-parts/job-flake-update-clan-homepage/script.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash +set -euo pipefail + +export REPO="gitea@git.clan.lol:clan/clan-homepage.git" +export KEEP_VARS="REPO${KEEP_VARS:+ $KEEP_VARS}" + +action-flake-update-pr-clan diff --git a/flake-parts/job-flake-update-clan-infra/default.nix b/flake-parts/job-flake-update-clan-infra/default.nix new file mode 100644 index 0000000..9450fd7 --- /dev/null +++ b/flake-parts/job-flake-update-clan-infra/default.nix @@ -0,0 +1,23 @@ +{ + perSystem = + { config + , pkgs + , self' + , ... + }: + let + name = builtins.baseNameOf ./.; + script = config.writers.writePureShellScriptBin + name + [ + pkgs.bash + self'.packages.action-flake-update-pr-clan + ] + '' + bash ${./script.sh} + ''; + in + { + packages.${name} = script; + }; +} diff --git a/flake-parts/job-flake-update-clan-infra/script.sh b/flake-parts/job-flake-update-clan-infra/script.sh new file mode 100644 index 0000000..c3c15b1 --- /dev/null +++ b/flake-parts/job-flake-update-clan-infra/script.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash +set -euo pipefail + +export REPO="gitea@git.clan.lol:clan/clan-infra.git" +export KEEP_VARS="REPO${KEEP_VARS:+ $KEEP_VARS}" + +action-flake-update-pr-clan diff --git a/flake.nix b/flake.nix index 23936c0..4924854 100644 --- a/flake.nix +++ b/flake.nix @@ -44,8 +44,11 @@ ./flake-parts/action-create-pr ./flake-parts/action-ensure-tea-login ./flake-parts/action-flake-update + ./flake-parts/action-flake-update-pr-clan ./flake-parts/devShells - ./flake-parts/job-flake-update + ./flake-parts/job-flake-update-clan-core + ./flake-parts/job-flake-update-clan-homepage + ./flake-parts/job-flake-update-clan-infra ./targets/flake-module.nix ./modules/flake-module.nix ./pkgs/flake-module.nix diff --git a/modules/web01/default.nix b/modules/web01/default.nix index 85bbb13..09ccfae 100644 --- a/modules/web01/default.nix +++ b/modules/web01/default.nix @@ -7,7 +7,7 @@ ./harmonia.nix ./homepage.nix ./postfix.nix - ./job-flake-update.nix + ./jobs.nix ../zerotier ../zerotier/ctrl.nix ]; diff --git a/modules/web01/job-flake-update.nix b/modules/web01/job-flake-update.nix deleted file mode 100644 index 3483385..0000000 --- a/modules/web01/job-flake-update.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ config, self, pkgs, ... }: { - - sops.secrets.clan-bot-gitea-token = { }; - sops.secrets.clan-bot-ssh-key = { }; - - systemd.timers.job-flake-update = { - description = "Time for flake update workflow"; - partOf = [ "job-flake-update.service" ]; - wantedBy = [ "timers.target" ]; - timerConfig = { - Persistent = true; - OnCalendar = "daily"; - }; - after = [ "network-online.target" ]; - }; - - # service to for automatic merge bot - systemd.services.job-flake-update = { - description = "Automatically update flake inputs for clan-repos"; - after = [ "network-online.target" ]; - environment = { - # secrets - GITEA_TOKEN_FILE = "%d/GITEA_TOKEN_FILE"; - CLAN_BOT_SSH_KEY_FILE = "%d/CLAN_BOT_SSH_KEY_FILE"; - - HOME = "/run/job-flake-update"; - - # used by action-checkout - REPO_DIR = "/run/job-flake-update/repo"; - - # used by git - GIT_SSH_COMMAND = "ssh -i %d/CLAN_BOT_SSH_KEY_FILE -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"; - - # prevent these variables from being unset by writePureShellScript - KEEP_VARS = "GIT_SSH_COMMAND GITEA_TOKEN_FILE"; - }; - serviceConfig = { - LoadCredential = [ - "GITEA_TOKEN_FILE:${config.sops.secrets.clan-bot-gitea-token.path}" - "CLAN_BOT_SSH_KEY_FILE:${config.sops.secrets.clan-bot-ssh-key.path}" - ]; - DynamicUser = true; - RuntimeDirectory = "job-flake-update"; - WorkingDirectory = "/run/job-flake-update"; - ExecStart = "${self.packages.${pkgs.system}.job-flake-update}/bin/job-flake-update"; - }; - }; -} diff --git a/modules/web01/jobs.nix b/modules/web01/jobs.nix new file mode 100644 index 0000000..222afb1 --- /dev/null +++ b/modules/web01/jobs.nix @@ -0,0 +1,70 @@ +{ config, self, pkgs, lib, ... }: +let + + allFlakePackages = [ + "job-flake-update-clan-core" + "job-flake-update-clan-homepage" + "job-flake-update-clan-infra" + ]; + + allFlakeJobs = lib.filter (lib.hasPrefix "job-") allFlakePackages; + + allSystemdConfigs = map configForJob allFlakeJobs; + + configForJob = name: { + systemd.timers.${name} = { + description = "Time for flake update workflow"; + partOf = [ "${name}.service" ]; + wantedBy = [ "timers.target" ]; + timerConfig = { + Persistent = true; + OnCalendar = "daily"; + }; + after = [ "network-online.target" ]; + }; + + # service to for automatic merge bot + systemd.services.${name} = { + description = "Automatically update flake inputs for clan-repos"; + after = [ "network-online.target" ]; + environment = { + # secrets + GITEA_TOKEN_FILE = "%d/GITEA_TOKEN_FILE"; + CLAN_BOT_SSH_KEY_FILE = "%d/CLAN_BOT_SSH_KEY_FILE"; + + HOME = "/run/${name}"; + + # used by action-checkout + REPO_DIR = "/run/${name}/repo"; + + # used by git + GIT_SSH_COMMAND = "ssh -i %d/CLAN_BOT_SSH_KEY_FILE -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"; + + # prevent these variables from being unset by writePureShellScript + KEEP_VARS = "GIT_SSH_COMMAND GITEA_TOKEN_FILE"; + }; + serviceConfig = { + LoadCredential = [ + "GITEA_TOKEN_FILE:${config.sops.secrets.clan-bot-gitea-token.path}" + "CLAN_BOT_SSH_KEY_FILE:${config.sops.secrets.clan-bot-ssh-key.path}" + ]; + DynamicUser = true; + RuntimeDirectory = "${name}"; + WorkingDirectory = "/run/${name}"; + ExecStart = "${self.packages.${pkgs.system}.${name}}/bin/${name}"; + }; + }; + }; + +in +{ + config = lib.mkMerge ( + allSystemdConfigs + ++ [ + { + sops.secrets.clan-bot-gitea-token = { }; + sops.secrets.clan-bot-ssh-key = { }; + } + ] + ); +}