k 3 repo-sync: refactor, allow multiple repos

This commit is contained in:
lassulus 2016-06-24 15:24:42 +02:00
parent 93567fa818
commit edcc01d8e3

View File

@ -11,38 +11,39 @@ let
api = { api = {
enable = mkEnableOption "repo-sync"; enable = mkEnableOption "repo-sync";
config = mkOption { repos = mkOption {
type = with types;attrsOf (attrsOf (attrsOf str)); type = with types;attrsOf (attrsOf (attrsOf (attrsOf str)));
example = literalExample '' example = literalExample ''
# see `repo-sync --help` # see `repo-sync --help`
# `ref` provides sane defaults and can be omitted # `ref` provides sane defaults and can be omitted
# attrset will be converted to json and be used as config # attrset will be converted to json and be used as config
{ { repo = {
makefu = { makefu = {
origin = { origin = {
url = http://github.com/makefu/repo ; url = http://github.com/makefu/repo ;
ref = "heads/dev" ; ref = "heads/dev" ;
}; };
mirror = { mirror = {
url = "git@internal:mirror" ; url = "git@internal:mirror" ;
ref = "heads/github-mirror-dev" ; ref = "heads/github-mirror-dev" ;
}; };
}; };
lass = { lass = {
origin = { origin = {
url = http://github.com/lass/repo ; url = http://github.com/lass/repo ;
}; };
mirror = { mirror = {
url = "git@internal:mirror" ; url = "git@internal:mirror" ;
}; };
}; };
"@latest" = { "@latest" = {
mirror = { mirror = {
url = "git@internal:mirror"; url = "git@internal:mirror";
ref = "heads/master"; ref = "heads/master";
}; };
}; };
};
}; };
''; '';
}; };
@ -56,53 +57,62 @@ let
type = types.str; type = types.str;
default = "/var/lib/repo-sync"; default = "/var/lib/repo-sync";
}; };
privateKeyFile = mkOption {
type = types.str; user = mkOption {
description = '' type = types.user;
used by repo-sync to identify with ssh service default = {
''; name = "repo-sync";
default = toString <secrets/wolf-repo-sync.rsa_key.priv>; home = cfg.stateDir;
};
}; };
privateKeyFile = mkOption {
type = types.secret-file;
default = {
path = "${cfg.stateDir}/ssh.priv";
owner = cfg.user;
source-path = toString <secrets> + "/repo-sync.ssh.key";
};
};
}; };
repo-sync-config = pkgs.writeText "repo-sync-config.json"
(builtins.toJSON cfg.config);
imp = { imp = {
users.users.repo-sync = { users.users.${cfg.user.name} = {
name = "repo-sync"; inherit (cfg.user) home name uid;
uid = genid "repo-sync";
description = "repo-sync user";
home = cfg.stateDir;
createHome = true; createHome = true;
description = "repo-sync user";
}; };
systemd.timers.repo-sync = { systemd.timers = mapAttrs' (name: repo:
description = "repo-sync timer"; nameValuePair "repo-sync-${name}" {
wantedBy = [ "timers.target" ]; description = "repo-sync timer";
wantedBy = [ "timers.target" ];
timerConfig = cfg.timerConfig; timerConfig = cfg.timerConfig;
}; }
systemd.services.repo-sync = { ) cfg.repos;
description = "repo-sync";
after = [ "network.target" ];
path = with pkgs; [ ]; systemd.services = mapAttrs' (name: repo:
let
repo-sync-config = pkgs.writeText "repo-sync-config-${name}.json"
(builtins.toJSON repo);
in nameValuePair "repo-sync-${name}" {
description = "repo-sync";
after = [ "network.target" "secret.service" ];
environment = { environment = {
GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.stateDir}/ssh.priv"; GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.stateDir}/ssh.priv";
}; };
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
PermissionsStartOnly = true; PermissionsStartOnly = true;
ExecStartPre = pkgs.writeDash "prepare-repo-sync-user" '' ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}";
cp -v ${shell.escape cfg.privateKeyFile} ${cfg.stateDir}/ssh.priv WorkingDirectory = cfg.stateDir;
chown repo-sync ${cfg.stateDir}/ssh.priv User = "repo-sync";
''; };
ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}"; }
WorkingDirectory = cfg.stateDir; ) cfg.repos;
User = "repo-sync";
};
};
}; };
in out in out