summaryrefslogtreecommitdiffstats
path: root/krebs/3modules/repo-sync.nix
blob: 2388c36175bb78394c4ab392b32e7bd6d9fb1f4d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
{ config, lib, pkgs, ... }:

with config.krebs.lib;
let
  cfg = config.krebs.repo-sync;

  out = {
    options.krebs.repo-sync = api;
    config = lib.mkIf cfg.enable imp;
  };

  api = {
    enable = mkEnableOption "repo-sync";
    repos = mkOption {
      type = with types;attrsOf (attrsOf (attrsOf (attrsOf str)));
      example = literalExample ''
        # see `repo-sync --help`
        #   `ref` provides sane defaults and can be omitted

        # attrset will be converted to json and be used as config
        { repo = {
            makefu = {
              origin = {
                url = http://github.com/makefu/repo ;
                ref = "heads/dev" ;
              };
              mirror = {
                url = "git@internal:mirror" ;
                ref = "heads/github-mirror-dev" ;
              };
            };
            lass = {
              origin = {
                url = http://github.com/lass/repo ;
              };
              mirror = {
                url = "git@internal:mirror" ;
              };
            };
            "@latest" = {
              mirror = {
                url = "git@internal:mirror";
                ref = "heads/master";
              };
            };
          };
        };
      '';
    };
    timerConfig = mkOption {
      type = types.attrsOf types.str;
      default = {
        OnCalendar = "*:00,15,30,45";
      };
    };
    stateDir = mkOption {
      type = types.str;
      default = "/var/lib/repo-sync";
    };

    user = mkOption {
      type = types.user;
      default = {
        name = "repo-sync";
        home = cfg.stateDir;
      };
    };

    privateKeyFile = mkOption {
      type = types.secret-file;
      default = {
        path = "${cfg.stateDir}/ssh.priv";
        owner = cfg.user;
        source-path = toString <secrets> + "/repo-sync.ssh.key";
      };
    };

  };

  imp = {
    users.users.${cfg.user.name} = {
      inherit (cfg.user) home name uid;
      createHome = true;
      description = "repo-sync user";
    };

    systemd.timers = mapAttrs' (name: repo:
      nameValuePair "repo-sync-${name}" {
        description = "repo-sync timer";
        wantedBy = [ "timers.target" ];

        timerConfig = cfg.timerConfig;
      }
    ) cfg.repos;

    systemd.services = mapAttrs' (name: repo:
      let
        repo-sync-config = pkgs.writeText "repo-sync-config-${name}.json"
          (builtins.toJSON repo);
      in nameValuePair "repo-sync-${name}" {
        description = "repo-sync";
        after = [ "network.target" "secret.service" ];

        environment = {
          GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.stateDir}/ssh.priv";
        };

        serviceConfig = {
          Type = "simple";
          PermissionsStartOnly = true;
          ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}";
          WorkingDirectory = cfg.stateDir;
          User = "repo-sync";
        };
      }
    ) cfg.repos;
  };
in out