{ config, lib, pkgs, ... }: with import <stockholm/lib>; let cfg = config.krebs.repo-sync; out = { options.krebs.repo-sync = api; config = lib.mkIf cfg.enable imp; }; api = { enable = mkEnableOption "repo-sync"; repos = mkOption { type = types.attrsOf (types.submodule { options = { branches = mkOption { type = types.attrsOf (types.submodule ({ config, ... }: { options = { origin = mkOption { type = types.git-source; }; mirror = mkOption { type = types.git-source; }; }; config = { origin.ref = mkDefault "heads/master"; mirror.ref = mkDefault "heads/${config._module.args.name}"; }; })); }; latest = mkOption { type = types.nullOr types.git-source; default = null; }; timerConfig = mkOption { type = types.attrsOf types.str; default = cfg.timerConfig; }; }; }); example = literalExample '' # see `repo-sync --help` # `ref` provides sane defaults and can be omitted # you can have multiple repo-sync groups and therefore multiple @latest # configuration entries. # attrset will be converted to json and be used as config # each attrset defines a group of repos for syncing { nxpkgs = { branches = { makefu = { origin = { url = http://github.com/makefu/nixpkgs; ref = "heads/dev" ; }; mirror = { url = "git@internal:nixpkgs-mirror" ; ref = "heads/github-mirror-dev" ; }; }; lass = { origin = { url = http://github.com/lass/nixpkgs; }; mirror = { url = "git@internal:nixpkgs-mirror" ; }; }; }; latest = { url = "git@internal:nixpkgs-mirror"; ref = "heads/master"; }; }; stockholm = { branches = { lass = { origin = { url = http://cgit.prism.r/stockholm; }; mirror = { url = "git@internal:stockholm-mirror" ; }; }; makefu = { origin = { url = http://gum.krebsco.de/stockholm; }; mirror = { url = "git@internal:stockholm-mirror" ; }; }; }; latest = { url = "git@internal:stockholm-mirror"; ref = "heads/master"; }; }; }; ''; }; timerConfig = mkOption { type = types.attrsOf types.str; default = { OnCalendar = "*:00,15,30,45"; }; }; stateDir = mkOption { type = types.str; default = "/var/lib/repo-sync"; }; user = mkOption { type = types.user; default = { name = "repo-sync"; home = cfg.stateDir; }; }; privateKeyFile = mkOption { type = types.secret-file; default = { path = "${cfg.stateDir}/ssh.priv"; owner = cfg.user; source-path = toString <secrets> + "/repo-sync.ssh.key"; }; }; unitConfig = mkOption { type = types.attrsOf types.str; description = "Extra unit configuration for fetchWallpaper to define conditions and assertions for the unit"; example = literalExample '' # do not start when running on umts { ConditionPathExists = "!/var/run/ppp0.pid"; } ''; default = {}; }; }; imp = { krebs.secret.files.repo-sync-key = cfg.privateKeyFile; users.users.${cfg.user.name} = { inherit (cfg.user) home name uid; createHome = true; description = "repo-sync user"; }; systemd.timers = mapAttrs' (name: repo: nameValuePair "repo-sync-${name}" { description = "repo-sync timer"; wantedBy = [ "timers.target" ]; timerConfig = repo.timerConfig; } ) cfg.repos; systemd.services = mapAttrs' (name: repo: let repo-sync-config = pkgs.writeJSON "repo-sync-config-${name}.json" (repo.branches // optionalAttrs (repo.latest != null) { "@latest".mirror = repo.latest; }); in nameValuePair "repo-sync-${name}" { description = "repo-sync"; after = [ "network.target" "secret.service" ]; environment = { GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.stateDir}/ssh.priv"; REPONAME = "${name}.git"; }; restartIfChanged = false; serviceConfig = { Type = "simple"; PermissionsStartOnly = true; ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}"; WorkingDirectory = cfg.stateDir; User = "repo-sync"; }; unitConfig = cfg.unitConfig; } ) cfg.repos; }; in out