{ config, lib, pkgs, ... }: with config.krebs.lib; let cfg = config.krebs.repo-sync; out = { options.krebs.repo-sync = api; config = lib.mkIf cfg.enable imp; }; api = { enable = mkEnableOption "repo-sync"; repos = mkOption { type = with types;attrsOf (attrsOf (attrsOf (attrsOf str))); example = literalExample '' # see `repo-sync --help` # `ref` provides sane defaults and can be omitted # attrset will be converted to json and be used as config { repo = { makefu = { origin = { url = http://github.com/makefu/repo ; ref = "heads/dev" ; }; mirror = { url = "git@internal:mirror" ; ref = "heads/github-mirror-dev" ; }; }; lass = { origin = { url = http://github.com/lass/repo ; }; mirror = { url = "git@internal:mirror" ; }; }; "@latest" = { mirror = { url = "git@internal:mirror"; ref = "heads/master"; }; }; }; }; ''; }; timerConfig = mkOption { type = types.attrsOf types.str; default = { OnCalendar = "*:00,15,30,45"; }; }; stateDir = mkOption { type = types.str; default = "/var/lib/repo-sync"; }; user = mkOption { type = types.user; default = { name = "repo-sync"; home = cfg.stateDir; }; }; privateKeyFile = mkOption { type = types.secret-file; default = { path = "${cfg.stateDir}/ssh.priv"; owner = cfg.user; source-path = toString <secrets> + "/repo-sync.ssh.key"; }; }; unitConfig = mkOption { type = types.attrsOf types.str; description = "Extra unit configuration for fetchWallpaper to define conditions and assertions for the unit"; example = literalExample '' # do not start when running on umts { ConditionPathExists = "!/var/run/ppp0.pid"; } ''; default = {}; }; }; imp = { krebs.secret.files.repo-sync-key = cfg.privateKeyFile; users.users.${cfg.user.name} = { inherit (cfg.user) home name uid; createHome = true; description = "repo-sync user"; }; systemd.timers = mapAttrs' (name: repo: nameValuePair "repo-sync-${name}" { description = "repo-sync timer"; wantedBy = [ "timers.target" ]; timerConfig = cfg.timerConfig; } ) cfg.repos; systemd.services = mapAttrs' (name: repo: let repo-sync-config = pkgs.writeText "repo-sync-config-${name}.json" (builtins.toJSON repo); in nameValuePair "repo-sync-${name}" { description = "repo-sync"; after = [ "network.target" "secret.service" ]; environment = { GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.stateDir}/ssh.priv"; REPONAME = "${name}.git"; }; serviceConfig = { Type = "simple"; PermissionsStartOnly = true; ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}"; WorkingDirectory = cfg.stateDir; User = "repo-sync"; }; unitConfig = cfg.unitConfig; } ) cfg.repos; }; in out