stockholm/krebs/3modules/repo-sync.nix

196 lines
5.5 KiB
Nix
Raw Permalink Normal View History

{ config, lib, pkgs, ... }:
2023-06-10 10:50:53 +00:00
with import ../../lib/pure.nix { inherit lib; };
let
cfg = config.krebs.repo-sync;
out = {
options.krebs.repo-sync = api;
2016-06-13 00:04:22 +00:00
config = lib.mkIf cfg.enable imp;
};
api = {
enable = mkEnableOption "repo-sync";
repos = mkOption {
type = types.attrsOf (types.submodule {
options = {
branches = mkOption {
type = types.attrsOf (types.submodule ({ config, ... }: {
options = {
origin = mkOption {
2018-02-28 13:30:11 +00:00
type = types.source-types.git;
};
mirror = mkOption {
2018-02-28 13:30:11 +00:00
type = types.source-types.git;
};
};
config = {
origin.ref = mkDefault "heads/master";
mirror.ref = mkDefault "heads/${config._module.args.name}";
};
}));
};
latest = mkOption {
2018-02-28 13:30:11 +00:00
type = types.nullOr types.source-types.git;
default = null;
};
timerConfig = mkOption {
type = types.attrsOf types.str;
default = cfg.timerConfig;
};
};
});
example = literalExample ''
# see `repo-sync --help`
# `ref` provides sane defaults and can be omitted
# you can have multiple repo-sync groups and therefore multiple @latest
# configuration entries.
# attrset will be converted to json and be used as config
# each attrset defines a group of repos for syncing
{ nxpkgs = {
branches = {
makefu = {
origin = {
url = http://github.com/makefu/nixpkgs;
ref = "heads/dev" ;
};
mirror = {
url = "git@internal:nixpkgs-mirror" ;
ref = "heads/github-mirror-dev" ;
};
};
lass = {
origin = {
url = http://github.com/lass/nixpkgs;
};
mirror = {
url = "git@internal:nixpkgs-mirror" ;
};
};
};
latest = {
url = "git@internal:nixpkgs-mirror";
ref = "heads/master";
};
};
stockholm = {
branches = {
lass = {
origin = {
url = http://cgit.prism.r/stockholm;
};
mirror = {
url = "git@internal:stockholm-mirror" ;
};
};
makefu = {
origin = {
url = http://gum.krebsco.de/stockholm;
};
mirror = {
url = "git@internal:stockholm-mirror" ;
};
};
};
latest = {
url = "git@internal:stockholm-mirror";
ref = "heads/master";
};
};
};
'';
};
timerConfig = mkOption {
type = types.attrsOf types.str;
default = {
OnCalendar = "*:00,15,30,45";
};
};
stateDir = mkOption {
type = types.str;
default = "/var/lib/repo-sync";
};
user = mkOption {
type = types.user;
default = {
name = "repo-sync";
home = cfg.stateDir;
};
};
privateKeyFile = mkOption {
2021-12-23 23:47:41 +00:00
type = types.absolute-pathname;
default = "${config.krebs.secret.directory}/repo-sync.ssh.key";
2021-12-23 23:47:41 +00:00
defaultText = "secrets/repo-sync.ssh.key";
};
2016-06-26 15:53:11 +00:00
unitConfig = mkOption {
type = types.attrsOf types.str;
description = "Extra unit configuration for fetchWallpaper to define conditions and assertions for the unit";
example = literalExample ''
# do not start when running on umts
{ ConditionPathExists = "!/var/run/ppp0.pid"; }
'';
default = {};
};
};
imp = {
users.users.${cfg.user.name} = {
inherit (cfg.user) home name uid;
createHome = true;
2021-12-23 23:49:02 +00:00
group = cfg.user.name;
description = "repo-sync user";
2021-06-15 13:54:46 +00:00
isSystemUser = true;
};
2021-12-23 23:49:02 +00:00
users.groups.${cfg.user.name} = {};
systemd.timers = mapAttrs' (name: repo:
nameValuePair "repo-sync-${name}" {
description = "repo-sync timer";
wantedBy = [ "timers.target" ];
timerConfig = repo.timerConfig;
}
) cfg.repos;
2021-12-23 23:47:41 +00:00
krebs.systemd.services = mapAttrs' (name: _:
nameValuePair "repo-sync-${name}" {
restartIfCredentialsChange = true;
}
2021-12-23 23:47:41 +00:00
) cfg.repos;
systemd.services = mapAttrs' (name: repo:
let
repo-sync-config = pkgs.writeJSON "repo-sync-config-${name}.json"
(repo.branches // optionalAttrs (repo.latest != null) {
"@latest".mirror = repo.latest;
});
in nameValuePair "repo-sync-${name}" {
description = "repo-sync";
2021-12-23 23:47:41 +00:00
after = [ "network.target" ];
environment = {
2021-12-23 23:47:41 +00:00
GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i $CREDENTIALS_DIRECTORY/ssh_key";
REPONAME = "${name}.git";
};
restartIfChanged = false;
serviceConfig = {
Type = "simple";
PermissionsStartOnly = true;
2021-12-23 23:47:41 +00:00
LoadCredential = "ssh_key:${cfg.privateKeyFile}";
ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}";
WorkingDirectory = cfg.stateDir;
User = "repo-sync";
};
2016-06-26 15:53:11 +00:00
unitConfig = cfg.unitConfig;
}
) cfg.repos;
};
in out