k 3 repo-sync: init module, add git dependency

2016-02-15 14:01:20 +01:00 · 2016-02-15 14:01:20 +01:00 · 0457cd1bb9
commit 0457cd1bb9
parent e62a0475cd
3 changed files with 113 additions and 0 deletions
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@ -29,6 +29,7 @@ let
      ./retiolum.nix
      ./tinc_graphs.nix
      ./urlwatch.nix
+      ./repo-sync.nix
    ];
    options.krebs = api;
    config = mkIf cfg.enable imp;
--- a/krebs/3modules/repo-sync.nix
+++ b/krebs/3modules/repo-sync.nix
@ -0,0 +1,110 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.krebs.repo-sync;
+
+  out = {
+    options.krebs.repo-sync = api;
+    config = mkIf cfg.enable imp;
+  };
+
+  api = {
+    enable = mkEnableOption "repo-sync";
+    config = mkOption {
+      type = with types;attrsOf (attrsOf (attrsOf str));
+      example = literalExample ''
+        # see `repo-sync --help`
+        #   `ref` provides sane defaults and can be omitted
+
+        # attrset will be converted to json and be used as config
+        {
+            makefu = {
+                origin = {
+                    url = http://github.com/makefu/repo ;
+                    ref = "heads/dev" ;
+                };
+                mirror = {
+                    url = "git@internal:mirror" ;
+                    ref = "heads/github-mirror-dev" ;
+                };
+            };
+            lass = {
+                origin = {
+                    url = http://github.com/lass/repo ;
+                };
+                mirror = {
+                    url = "git@internal:mirror" ;
+                };
+            };
+            "@latest" = {
+                mirror = {
+                    url = "git@internal:mirror";
+                    ref = "heads/master";
+                };
+            };
+        };
+      '';
+    };
+    timerConfig = mkOption {
+      type = types.attrsOf types.str;
+      default = {
+        OnCalendar = "*:00,15,30,45";
+      };
+    };
+    stateDir = mkOption {
+      type = types.str;
+      default = "/var/lib/repo-sync";
+    };
+    privateKeyFile = mkOption {
+      type = types.str;
+      description = ''
+        used by repo-sync to identify with ssh service
+      '';
+      default = toString <secrets/wolf-repo-sync.rsa_key.priv>;
+    };
+  };
+  repo-sync-config = pkgs.writeText "repo-sync-config.json"
+    (builtins.toJSON cfg.config);
+
+  imp = {
+    users.users.repo-sync = {
+      name = "repo-sync";
+      uid = genid "repo-sync";
+      description = "repo-sync user";
+      home = cfg.stateDir;
+      createHome = true;
+    };
+
+    systemd.timers.repo-sync = {
+      description = "repo-sync timer";
+      wantedBy = [ "timers.target" ];
+
+      timerConfig = cfg.timerConfig;
+    };
+    systemd.services.repo-sync = {
+      description = "repo-sync";
+      after = [ "network.target" ];
+
+      path = with pkgs; [ ];
+
+      environment = {
+        GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.stateDir}/ssh.priv";
+      };
+
+      serviceConfig = {
+        Type = "simple";
+        PermissionsStartOnly = true;
+        ExecStartPre = pkgs.writeScript "prepare-repo-sync-user" ''
+          #! /bin/sh
+          cp -v ${lib.shell.escape cfg.privateKeyFile} ${cfg.stateDir}/ssh.priv
+          chown repo-sync ${cfg.stateDir}/ssh.priv
+        '';
+        ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}";
+        WorkingDirectory = cfg.stateDir;
+        User = "repo-sync";
+      };
+    };
+  };
+in out
--- a/krebs/5pkgs/repo-sync/default.nix
+++ b/krebs/5pkgs/repo-sync/default.nix
@ -1,4 +1,5 @@
 { lib, pkgs, python3Packages, fetchurl, ... }:
+
 with python3Packages; buildPythonPackage rec {
  name = "repo-sync-${version}";
  version = "0.2.5";
@ -6,6 +7,7 @@ with python3Packages; buildPythonPackage rec {
  propagatedBuildInputs = [
    docopt
    GitPython
+    pkgs.git
  ];
  src = fetchurl {
    url = "https://pypi.python.org/packages/source/r/repo-sync/repo-sync-${version}.tar.gz";