From edcc01d8e3e8c86f6329dbd7fc4c125a6da0f397 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 24 Jun 2016 15:24:42 +0200 Subject: k 3 repo-sync: refactor, allow multiple repos --- krebs/3modules/repo-sync.nix | 124 +++++++++++++++++++++++-------------------- 1 file changed, 67 insertions(+), 57 deletions(-) (limited to 'krebs/3modules/repo-sync.nix') diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix index c5c806cd..2388c361 100644 --- a/krebs/3modules/repo-sync.nix +++ b/krebs/3modules/repo-sync.nix @@ -11,38 +11,39 @@ let api = { enable = mkEnableOption "repo-sync"; - config = mkOption { - type = with types;attrsOf (attrsOf (attrsOf str)); + repos = mkOption { + type = with types;attrsOf (attrsOf (attrsOf (attrsOf str))); example = literalExample '' # see `repo-sync --help` # `ref` provides sane defaults and can be omitted # attrset will be converted to json and be used as config - { + { repo = { makefu = { - origin = { - url = http://github.com/makefu/repo ; - ref = "heads/dev" ; - }; - mirror = { - url = "git@internal:mirror" ; - ref = "heads/github-mirror-dev" ; - }; + origin = { + url = http://github.com/makefu/repo ; + ref = "heads/dev" ; + }; + mirror = { + url = "git@internal:mirror" ; + ref = "heads/github-mirror-dev" ; + }; }; lass = { - origin = { - url = http://github.com/lass/repo ; - }; - mirror = { - url = "git@internal:mirror" ; - }; + origin = { + url = http://github.com/lass/repo ; + }; + mirror = { + url = "git@internal:mirror" ; + }; }; "@latest" = { - mirror = { - url = "git@internal:mirror"; - ref = "heads/master"; - }; + mirror = { + url = "git@internal:mirror"; + ref = "heads/master"; + }; }; + }; }; ''; }; @@ -56,53 +57,62 @@ let type = types.str; default = "/var/lib/repo-sync"; }; + + user = mkOption { + type = types.user; + default = { + name = "repo-sync"; + home = cfg.stateDir; + }; + }; + privateKeyFile = mkOption { - type = types.str; - description = '' - used by repo-sync to identify with ssh service - ''; - default = toString ; + type = types.secret-file; + default = { + path = "${cfg.stateDir}/ssh.priv"; + owner = cfg.user; + source-path = toString + "/repo-sync.ssh.key"; + }; }; + }; - repo-sync-config = pkgs.writeText "repo-sync-config.json" - (builtins.toJSON cfg.config); imp = { - users.users.repo-sync = { - name = "repo-sync"; - uid = genid "repo-sync"; - description = "repo-sync user"; - home = cfg.stateDir; + users.users.${cfg.user.name} = { + inherit (cfg.user) home name uid; createHome = true; + description = "repo-sync user"; }; - systemd.timers.repo-sync = { - description = "repo-sync timer"; - wantedBy = [ "timers.target" ]; + systemd.timers = mapAttrs' (name: repo: + nameValuePair "repo-sync-${name}" { + description = "repo-sync timer"; + wantedBy = [ "timers.target" ]; - timerConfig = cfg.timerConfig; - }; - systemd.services.repo-sync = { - description = "repo-sync"; - after = [ "network.target" ]; + timerConfig = cfg.timerConfig; + } + ) cfg.repos; - path = with pkgs; [ ]; + systemd.services = mapAttrs' (name: repo: + let + repo-sync-config = pkgs.writeText "repo-sync-config-${name}.json" + (builtins.toJSON repo); + in nameValuePair "repo-sync-${name}" { + description = "repo-sync"; + after = [ "network.target" "secret.service" ]; - environment = { - GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.stateDir}/ssh.priv"; - }; + environment = { + GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.stateDir}/ssh.priv"; + }; - serviceConfig = { - Type = "simple"; - PermissionsStartOnly = true; - ExecStartPre = pkgs.writeDash "prepare-repo-sync-user" '' - cp -v ${shell.escape cfg.privateKeyFile} ${cfg.stateDir}/ssh.priv - chown repo-sync ${cfg.stateDir}/ssh.priv - ''; - ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}"; - WorkingDirectory = cfg.stateDir; - User = "repo-sync"; - }; - }; + serviceConfig = { + Type = "simple"; + PermissionsStartOnly = true; + ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}"; + WorkingDirectory = cfg.stateDir; + User = "repo-sync"; + }; + } + ) cfg.repos; }; in out -- cgit v1.2.3 From ba0a7978ba56cd0965c7331e6c0aa759ff26a984 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 24 Jun 2016 16:04:04 +0200 Subject: k 3 repo-sync: set REPONAME This is needed to allow multiple repo fetching at the same time --- krebs/3modules/repo-sync.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules/repo-sync.nix') diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix index 2388c361..3f251525 100644 --- a/krebs/3modules/repo-sync.nix +++ b/krebs/3modules/repo-sync.nix @@ -103,6 +103,7 @@ let environment = { GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.stateDir}/ssh.priv"; + REPONAME = "${name}.git"; }; serviceConfig = { -- cgit v1.2.3 From 16b639e50ad2c2cbf33a545f244fb65d28e2f292 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 26 Jun 2016 17:53:11 +0200 Subject: k 3 repo-sync: add unitConfig option --- krebs/3modules/repo-sync.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'krebs/3modules/repo-sync.nix') diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix index 3f251525..0725d18f 100644 --- a/krebs/3modules/repo-sync.nix +++ b/krebs/3modules/repo-sync.nix @@ -75,6 +75,16 @@ let }; }; + unitConfig = mkOption { + type = types.attrsOf types.str; + description = "Extra unit configuration for fetchWallpaper to define conditions and assertions for the unit"; + example = literalExample '' + # do not start when running on umts + { ConditionPathExists = "!/var/run/ppp0.pid"; } + ''; + default = {}; + }; + }; imp = { @@ -113,6 +123,7 @@ let WorkingDirectory = cfg.stateDir; User = "repo-sync"; }; + unitConfig = cfg.unitConfig; } ) cfg.repos; }; -- cgit v1.2.3 From 13f7ef405bfd84c6f262be6845a0980433b5b773 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 26 Jun 2016 18:20:36 +0200 Subject: k 3 repo-sync: use the privateKeyFile --- krebs/3modules/repo-sync.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules/repo-sync.nix') diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix index 0725d18f..0317d1ec 100644 --- a/krebs/3modules/repo-sync.nix +++ b/krebs/3modules/repo-sync.nix @@ -88,6 +88,7 @@ let }; imp = { + krebs.secret.files.repo-sync-key = cfg.privateKeyFile; users.users.${cfg.user.name} = { inherit (cfg.user) home name uid; createHome = true; -- cgit v1.2.3