add konsens module

2018-08-25 16:54:13 +02:00 · 2018-08-25 16:54:13 +02:00 · af2753507d
commit af2753507d
parent 61e6552da3
2 changed files with 81 additions and 0 deletions
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@ -26,6 +26,7 @@ let
      ./iana-etc.nix
      ./iptables.nix
      ./kapacitor.nix
+      ./konsens.nix
      ./monit.nix
      ./newsbot-js.nix
      ./nixpkgs.nix
--- a/krebs/3modules/konsens.nix
+++ b/krebs/3modules/konsens.nix
@ -0,0 +1,80 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+
+let
+  cfg = config.krebs.konsens;
+
+  out = {
+    options.krebs.konsens = api;
+    config = lib.mkIf cfg.enable imp;
+  };
+
+  api = {
+    enable = mkEnableOption "git konsens finder";
+    repos = mkOption {
+      type = types.attrsOf (types.submodule ({ config, ...}: {
+        options = {
+          url = mkOption {
+            type = types.str;
+            default = "git@localhost:${config._module.args.name}";
+          };
+          branchesToCheck = mkOption {
+            type = types.listOf types.str;
+            default = [ "lassulus" "makefu" "tv" ];
+          };
+          target = mkOption {
+            type = types.str;
+            default = "master";
+          };
+          timerConfig = mkOption {
+            type = types.attrsOf types.str;
+            default = {
+              OnCalendar = "*:00,15,30,45";
+            };
+          };
+        };
+      }));
+    };
+  };
+
+  imp = {
+    users.users.konsens = rec {
+      name = "konsens";
+      uid = genid name;
+      home = "/var/lib/konsens";
+      createHome = true;
+    };
+
+    systemd.timers = mapAttrs' (name: repo:
+      nameValuePair "konsens-${name}" {
+        description = "konsens timer";
+        wantedBy = [ "timers.target" ];
+        timerConfig = repo.timerConfig;
+      }
+    ) cfg.repos;
+
+    systemd.services = mapAttrs' (name: repo:
+      nameValuePair "konsens-${name}" {
+        after = [ "network.target" "secret.service" ];
+        path = [ pkgs.git ];
+        restartIfChanged = false;
+        serviceConfig = {
+          Type = "simple";
+          PermissionsStartOnly = true;
+          ExecStart = pkgs.writeDash "konsens-${name}" ''
+            if ! test -e ${name}; then
+              git clone ${repo.url} ${name}
+            fi
+            cd ${name}
+            git fetch origin
+            git push origin $(git merge-base ${concatMapStringsSep " " (branch: "origin/${branch}") repo.branchesToCheck}):refs/heads/master
+          '';
+          WorkingDirectory = /var/lib/konsens;
+          User = "konsens";
+        };
+      }
+    ) cfg.repos;
+  };
+
+in out