config

NixOS config
Log | Files | Refs | README | LICENSE
commit e588514c07fa6f2917d3ccbaaf519fbdb8dc38b2 (tree)
parent a030ae0879143fcfb86424c7c5c04a9c9b06d142
Author: Motiejus Jakštys <motiejus@jakstys.lt>
Date:   Fri, 28 Jul 2023 15:37:19 +0300

updater

Diffstat:

Mflake.nix | 9+++++++--


Mhosts/vno1-oh2/configuration.nix | 2++


Mmodules/services/updaterbot/default.nix | 37+++++++++++++++++++++++++++++++++++++


3 files changed, 46 insertions(+), 2 deletions(-)

diff --git a/flake.nix b/flake.nix
@@ -97,7 +97,7 @@
       };
 
       deploy.nodes.hel1-a = {
-        hostname = "hel1-a.servers.jakst";
+        hostname = myData.hosts."hel1-a.servers.jakst".jakstIP;
         profiles = {
           system = {
             sshUser = "motiejus";
@@ -109,7 +109,7 @@
       };
 
       deploy.nodes.vno1-oh2 = {
-        hostname = "vno1-oh2.servers.jakst";
+        hostname = myData.hosts."vno1-oh2.servers.jakst".jakstIP;
         profiles = {
           system = {
             sshUser = "motiejus";
@@ -125,6 +125,11 @@
     // flake-utils.lib.eachDefaultSystem (system: let
       pkgs = import nixpkgs {inherit system;};
     in {
+
+      apps.deploy-rs = {
+        type = "app";
+        program = "${deploy-rs.packages."${system}".default}/bin/deploy";
+      };
       devShells.default = with pkgs;
         mkShell {
           packages = [
diff --git a/hosts/vno1-oh2/configuration.nix b/hosts/vno1-oh2/configuration.nix
@@ -66,6 +66,8 @@
       updaterbot = {
         enable = true;
         uidgid = myData.uidgid.updaterbot;
+        repo = "git@git.jakstys.lt:motiejus/config";
+        deployDerivations = [".#vno1-oh2"];
       };
 
       postfix = {
diff --git a/modules/services/updaterbot/default.nix b/modules/services/updaterbot/default.nix
@@ -1,6 +1,7 @@
 {
   config,
   lib,
+  pkgs,
   ...
 }: {
   options.mj.services.updaterbot = with lib.types; {
@@ -31,6 +32,42 @@
       };
     };
 
+    systemd.services.updaterbot = {
+      description = "Update all known systems";
+      preStart = ''
+        if [[ -f .ssh/id_ed25519 ]]; then exit; fi
+
+        ${pkgs.openssh}/bin/ssh-keygen -N "" -t ed25519 -f .ssh/id_ed25519
+      '';
+      serviceConfig = {
+        Type = "oneshot";
+        User = "updaterbot";
+        WorkingDirectory = config.users.users.updaterbot.home;
+      };
+      script = let
+        deployDerivations = builtins.concatStringsSep " " config.mj.services.updaterbot.deployDerivations;
+      in ''
+        set -x
+        export GIT_SSH_COMMAND="${pkgs.openssh}/bin/ssh -i $HOME/.ssh/id_ed25519"
+        if [[ ! -d config ]]; then
+          ${pkgs.git}/bin/git clone ${config.mj.services.updaterbot.repo} config
+          cd config
+        else
+          cd config
+          ${pkgs.git}/bin/git fetch origin
+          ${pkgs.git}/bin/git reset --hard origin/main
+        fi
+
+        export PATH=$PATH:${pkgs.git}/bin
+        ${pkgs.nix}/bin/nix flake update --accept-flake-config --commit-lock-file
+        ${pkgs.git}/bin/git push origin main
+
+        exec ${pkgs.nix}/bin/nix run .#deploy-rs ${deployDerivations}
+      '';
+    };
+
+    mj.base.unitstatus.units = ["updaterbot"];
+
     nix.settings.trusted-users = ["updaterbot"];
   };
 }