blob: 2388c36175bb78394c4ab392b32e7bd6d9fb1f4d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
{ config, lib, pkgs, ... }:
with config.krebs.lib;
let
cfg = config.krebs.repo-sync;
out = {
options.krebs.repo-sync = api;
config = lib.mkIf cfg.enable imp;
};
api = {
enable = mkEnableOption "repo-sync";
repos = mkOption {
type = with types;attrsOf (attrsOf (attrsOf (attrsOf str)));
example = literalExample ''
# see `repo-sync --help`
# `ref` provides sane defaults and can be omitted
# attrset will be converted to json and be used as config
{ repo = {
makefu = {
origin = {
url = http://github.com/makefu/repo ;
ref = "heads/dev" ;
};
mirror = {
url = "git@internal:mirror" ;
ref = "heads/github-mirror-dev" ;
};
};
lass = {
origin = {
url = http://github.com/lass/repo ;
};
mirror = {
url = "git@internal:mirror" ;
};
};
"@latest" = {
mirror = {
url = "git@internal:mirror";
ref = "heads/master";
};
};
};
};
'';
};
timerConfig = mkOption {
type = types.attrsOf types.str;
default = {
OnCalendar = "*:00,15,30,45";
};
};
stateDir = mkOption {
type = types.str;
default = "/var/lib/repo-sync";
};
user = mkOption {
type = types.user;
default = {
name = "repo-sync";
home = cfg.stateDir;
};
};
privateKeyFile = mkOption {
type = types.secret-file;
default = {
path = "${cfg.stateDir}/ssh.priv";
owner = cfg.user;
source-path = toString <secrets> + "/repo-sync.ssh.key";
};
};
};
imp = {
users.users.${cfg.user.name} = {
inherit (cfg.user) home name uid;
createHome = true;
description = "repo-sync user";
};
systemd.timers = mapAttrs' (name: repo:
nameValuePair "repo-sync-${name}" {
description = "repo-sync timer";
wantedBy = [ "timers.target" ];
timerConfig = cfg.timerConfig;
}
) cfg.repos;
systemd.services = mapAttrs' (name: repo:
let
repo-sync-config = pkgs.writeText "repo-sync-config-${name}.json"
(builtins.toJSON repo);
in nameValuePair "repo-sync-${name}" {
description = "repo-sync";
after = [ "network.target" "secret.service" ];
environment = {
GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.stateDir}/ssh.priv";
};
serviceConfig = {
Type = "simple";
PermissionsStartOnly = true;
ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}";
WorkingDirectory = cfg.stateDir;
User = "repo-sync";
};
}
) cfg.repos;
};
in out
|