k 3 repo-sync: refactor, allow multiple repos
This commit is contained in:
parent
93567fa818
commit
edcc01d8e3
@ -11,38 +11,39 @@ let
|
|||||||
|
|
||||||
api = {
|
api = {
|
||||||
enable = mkEnableOption "repo-sync";
|
enable = mkEnableOption "repo-sync";
|
||||||
config = mkOption {
|
repos = mkOption {
|
||||||
type = with types;attrsOf (attrsOf (attrsOf str));
|
type = with types;attrsOf (attrsOf (attrsOf (attrsOf str)));
|
||||||
example = literalExample ''
|
example = literalExample ''
|
||||||
# see `repo-sync --help`
|
# see `repo-sync --help`
|
||||||
# `ref` provides sane defaults and can be omitted
|
# `ref` provides sane defaults and can be omitted
|
||||||
|
|
||||||
# attrset will be converted to json and be used as config
|
# attrset will be converted to json and be used as config
|
||||||
{
|
{ repo = {
|
||||||
makefu = {
|
makefu = {
|
||||||
origin = {
|
origin = {
|
||||||
url = http://github.com/makefu/repo ;
|
url = http://github.com/makefu/repo ;
|
||||||
ref = "heads/dev" ;
|
ref = "heads/dev" ;
|
||||||
};
|
};
|
||||||
mirror = {
|
mirror = {
|
||||||
url = "git@internal:mirror" ;
|
url = "git@internal:mirror" ;
|
||||||
ref = "heads/github-mirror-dev" ;
|
ref = "heads/github-mirror-dev" ;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
lass = {
|
lass = {
|
||||||
origin = {
|
origin = {
|
||||||
url = http://github.com/lass/repo ;
|
url = http://github.com/lass/repo ;
|
||||||
};
|
};
|
||||||
mirror = {
|
mirror = {
|
||||||
url = "git@internal:mirror" ;
|
url = "git@internal:mirror" ;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
"@latest" = {
|
"@latest" = {
|
||||||
mirror = {
|
mirror = {
|
||||||
url = "git@internal:mirror";
|
url = "git@internal:mirror";
|
||||||
ref = "heads/master";
|
ref = "heads/master";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
@ -56,53 +57,62 @@ let
|
|||||||
type = types.str;
|
type = types.str;
|
||||||
default = "/var/lib/repo-sync";
|
default = "/var/lib/repo-sync";
|
||||||
};
|
};
|
||||||
privateKeyFile = mkOption {
|
|
||||||
type = types.str;
|
user = mkOption {
|
||||||
description = ''
|
type = types.user;
|
||||||
used by repo-sync to identify with ssh service
|
default = {
|
||||||
'';
|
name = "repo-sync";
|
||||||
default = toString <secrets/wolf-repo-sync.rsa_key.priv>;
|
home = cfg.stateDir;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
privateKeyFile = mkOption {
|
||||||
|
type = types.secret-file;
|
||||||
|
default = {
|
||||||
|
path = "${cfg.stateDir}/ssh.priv";
|
||||||
|
owner = cfg.user;
|
||||||
|
source-path = toString <secrets> + "/repo-sync.ssh.key";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
repo-sync-config = pkgs.writeText "repo-sync-config.json"
|
|
||||||
(builtins.toJSON cfg.config);
|
|
||||||
|
|
||||||
imp = {
|
imp = {
|
||||||
users.users.repo-sync = {
|
users.users.${cfg.user.name} = {
|
||||||
name = "repo-sync";
|
inherit (cfg.user) home name uid;
|
||||||
uid = genid "repo-sync";
|
|
||||||
description = "repo-sync user";
|
|
||||||
home = cfg.stateDir;
|
|
||||||
createHome = true;
|
createHome = true;
|
||||||
|
description = "repo-sync user";
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.timers.repo-sync = {
|
systemd.timers = mapAttrs' (name: repo:
|
||||||
description = "repo-sync timer";
|
nameValuePair "repo-sync-${name}" {
|
||||||
wantedBy = [ "timers.target" ];
|
description = "repo-sync timer";
|
||||||
|
wantedBy = [ "timers.target" ];
|
||||||
|
|
||||||
timerConfig = cfg.timerConfig;
|
timerConfig = cfg.timerConfig;
|
||||||
};
|
}
|
||||||
systemd.services.repo-sync = {
|
) cfg.repos;
|
||||||
description = "repo-sync";
|
|
||||||
after = [ "network.target" ];
|
|
||||||
|
|
||||||
path = with pkgs; [ ];
|
systemd.services = mapAttrs' (name: repo:
|
||||||
|
let
|
||||||
|
repo-sync-config = pkgs.writeText "repo-sync-config-${name}.json"
|
||||||
|
(builtins.toJSON repo);
|
||||||
|
in nameValuePair "repo-sync-${name}" {
|
||||||
|
description = "repo-sync";
|
||||||
|
after = [ "network.target" "secret.service" ];
|
||||||
|
|
||||||
environment = {
|
environment = {
|
||||||
GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.stateDir}/ssh.priv";
|
GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.stateDir}/ssh.priv";
|
||||||
};
|
};
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
PermissionsStartOnly = true;
|
PermissionsStartOnly = true;
|
||||||
ExecStartPre = pkgs.writeDash "prepare-repo-sync-user" ''
|
ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}";
|
||||||
cp -v ${shell.escape cfg.privateKeyFile} ${cfg.stateDir}/ssh.priv
|
WorkingDirectory = cfg.stateDir;
|
||||||
chown repo-sync ${cfg.stateDir}/ssh.priv
|
User = "repo-sync";
|
||||||
'';
|
};
|
||||||
ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}";
|
}
|
||||||
WorkingDirectory = cfg.stateDir;
|
) cfg.repos;
|
||||||
User = "repo-sync";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
in out
|
in out
|
||||||
|
Loading…
Reference in New Issue
Block a user