updater

2023-07-28 15:37:19 +03:00 · 2023-07-28 15:37:19 +03:00 · e588514c07
commit e588514c07
parent a030ae0879
3 changed files with 46 additions and 2 deletions
--- a/flake.nix
+++ b/flake.nix
@ -97,7 +97,7 @@
      };

      deploy.nodes.hel1-a = {
-        hostname = "hel1-a.servers.jakst";
+        hostname = myData.hosts."hel1-a.servers.jakst".jakstIP;
        profiles = {
          system = {
            sshUser = "motiejus";
@ -109,7 +109,7 @@
      };

      deploy.nodes.vno1-oh2 = {
-        hostname = "vno1-oh2.servers.jakst";
+        hostname = myData.hosts."vno1-oh2.servers.jakst".jakstIP;
        profiles = {
          system = {
            sshUser = "motiejus";
@ -125,6 +125,11 @@
    // flake-utils.lib.eachDefaultSystem (system: let
      pkgs = import nixpkgs {inherit system;};
    in {
+
+      apps.deploy-rs = {
+        type = "app";
+        program = "${deploy-rs.packages."${system}".default}/bin/deploy";
+      };
      devShells.default = with pkgs;
        mkShell {
          packages = [
--- a/hosts/vno1-oh2/configuration.nix
+++ b/hosts/vno1-oh2/configuration.nix
@ -66,6 +66,8 @@
      updaterbot = {
        enable = true;
        uidgid = myData.uidgid.updaterbot;
+        repo = "git@git.jakstys.lt:motiejus/config";
+        deployDerivations = [".#vno1-oh2"];
      };

      postfix = {
--- a/modules/services/updaterbot/default.nix
+++ b/modules/services/updaterbot/default.nix
@ -1,6 +1,7 @@
 {
  config,
  lib,
+  pkgs,
  ...
 }: {
  options.mj.services.updaterbot = with lib.types; {
@ -31,6 +32,42 @@
      };
    };

+    systemd.services.updaterbot = {
+      description = "Update all known systems";
+      preStart = ''
+        if [[ -f .ssh/id_ed25519 ]]; then exit; fi
+
+        ${pkgs.openssh}/bin/ssh-keygen -N "" -t ed25519 -f .ssh/id_ed25519
+      '';
+      serviceConfig = {
+        Type = "oneshot";
+        User = "updaterbot";
+        WorkingDirectory = config.users.users.updaterbot.home;
+      };
+      script = let
+        deployDerivations = builtins.concatStringsSep " " config.mj.services.updaterbot.deployDerivations;
+      in ''
+        set -x
+        export GIT_SSH_COMMAND="${pkgs.openssh}/bin/ssh -i $HOME/.ssh/id_ed25519"
+        if [[ ! -d config ]]; then
+          ${pkgs.git}/bin/git clone ${config.mj.services.updaterbot.repo} config
+          cd config
+        else
+          cd config
+          ${pkgs.git}/bin/git fetch origin
+          ${pkgs.git}/bin/git reset --hard origin/main
+        fi
+
+        export PATH=$PATH:${pkgs.git}/bin
+        ${pkgs.nix}/bin/nix flake update --accept-flake-config --commit-lock-file
+        ${pkgs.git}/bin/git push origin main
+
+        exec ${pkgs.nix}/bin/nix run .#deploy-rs ${deployDerivations}
+      '';
+    };
+
+    mj.base.unitstatus.units = ["updaterbot"];
+
    nix.settings.trusted-users = ["updaterbot"];
  };
 }