motiejus/config
1
Fork 0
Code Packages Releases Activity

upgrading fwminex too

Browse Source
This commit is contained in:
Motiejus Jakštys 2023-09-18 19:50:24 +03:00
parent 9cd5d406cf
commit 5a5ffd6f00
3 changed files with 118 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
data.nix
View File

@ -69,7 +69,7 @@ rec {
jakstIP = "100.89.176.5"; jakstIP = "100.89.176.5";
}; };
"fwminex.motiejus.jakst" = rec { "fwminex.motiejus.jakst" = rec {
extraHostNames = [jakstIP]; extraHostNames = [jakstIP vno1IP];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHlWSZ/H6DR5i5aCrlrEQLVF9MXNvls/pjlLPLaav3f+"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHlWSZ/H6DR5i5aCrlrEQLVF9MXNvls/pjlLPLaav3f+";
jakstIP = "100.89.176.6"; jakstIP = "100.89.176.6";
vno1IP = "192.168.189.10"; vno1IP = "192.168.189.10";

6
hosts/vno1-oh2/configuration.nix
View File

@ -186,6 +186,12 @@
".#vno3-rp3b" ".#vno3-rp3b"
".#fra1-a" ".#fra1-a"
]; ];
deployIfPresent = [
{
derivationTarget = ".#fwminex";
altHostname = myData.hosts."fwminex.motiejus.jakst".vno1IP;
}
];
}; };
follower = { follower = {

53
modules/services/deployerbot/default.nix
View File

@ -4,10 +4,37 @@
pkgs, pkgs,
myData, myData,
... ...
}: { }: let
cfg = config.mj.services.deployerbot;
mkOptional = {
derivationTarget,
altHostname,
}: ''
if ping -c 1 ${altHostname}; then
${pkgs.deploy-rs}/bin/deploy \
--ssh-opts="-i ''${CREDENTIALS_DIRECTORY}/ssh-key" \
--ssh-user=deployerbot-follower \
--confirm-timeout 60 \
--hostname ${altHostname} \
--targets ${derivationTarget} -- \
--accept-flake-config
fi
'';
in {
options.mj.services.deployerbot.main = with lib.types; { options.mj.services.deployerbot.main = with lib.types; {
enable = lib.mkEnableOption "Enable system updater orchestrator"; enable = lib.mkEnableOption "Enable system updater orchestrator";
deployDerivations = lib.mkOption {type = listOf str;}; deployDerivations = lib.mkOption {type = listOf str;};
deployIfPresent = lib.mkOption {
type = listOf (submodule (
{...}: {
options = {
derivationTarget = lib.mkOption {type = str;};
altHostname = lib.mkOption {type = str;};
};
}
));
default = [];
};
uidgid = lib.mkOption {type = int;}; uidgid = lib.mkOption {type = int;};
repo = lib.mkOption {type = str;}; repo = lib.mkOption {type = str;};
}; };
@ -19,8 +46,7 @@
}; };
config = lib.mkMerge [ config = lib.mkMerge [
(with config.mj.services.deployerbot.main; (lib.mkIf cfg.main.enable {
lib.mkIf enable {
# TODO: git config --global user.email bot@jakstys.lt # TODO: git config --global user.email bot@jakstys.lt
users.users.deployerbot-main = { users.users.deployerbot-main = {
description = "Deployerbot Main"; description = "Deployerbot Main";
@ -29,9 +55,9 @@
group = "deployerbot-main"; group = "deployerbot-main";
isSystemUser = true; isSystemUser = true;
createHome = true; createHome = true;
uid = uidgid; uid = cfg.main.uidgid;
}; };
users.groups.deployerbot-main.gid = uidgid; users.groups.deployerbot-main.gid = cfg.main.uidgid;
systemd.services.deployerbot = { systemd.services.deployerbot = {
description = "Update all known systems"; description = "Update all known systems";
@ -45,12 +71,12 @@
LoadCredential = ["ssh-key:/etc/ssh/ssh_host_ed25519_key"]; LoadCredential = ["ssh-key:/etc/ssh/ssh_host_ed25519_key"];
}; };
script = let script = let
deployDerivationsStr = builtins.concatStringsSep " " deployDerivations; deployDerivationsStr = builtins.concatStringsSep " " cfg.main.deployDerivations;
in '' in ''
set -x set -x
export GIT_SSH_COMMAND="ssh -i ''${CREDENTIALS_DIRECTORY}/ssh-key" export GIT_SSH_COMMAND="ssh -i ''${CREDENTIALS_DIRECTORY}/ssh-key"
if [[ ! -d config ]]; then if [[ ! -d config ]]; then
git clone ${repo} config git clone ${cfg.main.repo} config
cd config cd config
else else
cd config cd config
@ -67,6 +93,10 @@
--targets ${deployDerivationsStr} -- \ --targets ${deployDerivationsStr} -- \
--accept-flake-config --accept-flake-config
# Optional deployments
${lib.concatLines (map mkOptional cfg.main.deployIfPresent)}
# done
git push origin main git push origin main
''; '';
}; };
@ -84,8 +114,7 @@
nix.settings.trusted-users = ["deployerbot-main"]; nix.settings.trusted-users = ["deployerbot-main"];
}) })
(with config.mj.services.deployerbot.follower; (lib.mkIf cfg.follower.enable {
lib.mkIf enable {
users.users = { users.users = {
deployerbot-follower = { deployerbot-follower = {
description = "Deployerbot Follower"; description = "Deployerbot Follower";
@ -95,13 +124,13 @@
extraGroups = ["wheel"]; extraGroups = ["wheel"];
isSystemUser = true; isSystemUser = true;
createHome = true; createHome = true;
uid = uidgid; uid = cfg.follower.uidgid;
openssh.authorizedKeys.keys = let openssh.authorizedKeys.keys = let
restrictedPubKey = "from=\"${myData.subnets.tailscale.sshPattern}\" " + publicKey; restrictedPubKey = "from=\"${myData.subnets.tailscale.sshPattern}\" " + cfg.follower.publicKey;
in [restrictedPubKey]; in [restrictedPubKey];
}; };
}; };
users.groups.deployerbot-follower.gid = uidgid; users.groups.deployerbot-follower.gid = cfg.follower.uidgid;
nix.settings.trusted-users = ["deployerbot-follower"]; nix.settings.trusted-users = ["deployerbot-follower"];
}) })
]; ];