Update from master 2023-12-11T02:03+00:00
This commit is contained in:
Flake Update Bot
commit
460f31591b
@ -10,7 +10,6 @@
|
||||
colmena
|
||||
vim
|
||||
agenix
|
||||
nixos-firewall-tool
|
||||
nixfiles-system-upgrade
|
||||
];
|
||||
|
||||
|
||||
@ -26,7 +26,8 @@
|
||||
};
|
||||
};
|
||||
outputs = { self, agenix, nixpkgs, nixos-hardware, chaosevents, fernglas, nixos-exporter, solid-xmpp-alarm, ... }@inputs: let
|
||||
helper = (import ./lib/flake-helper.nix) inputs;
|
||||
lib = import ./lib inputs;
|
||||
helper = lib.flake-helper;
|
||||
in {
|
||||
clerie.hosts = {
|
||||
aluminium = {
|
||||
@ -116,7 +117,6 @@
|
||||
nixfiles-system-upgrade
|
||||
nixfiles-updated-inputs
|
||||
nixfiles-update-ssh-host-keys
|
||||
nixos-firewall-tool
|
||||
pyexcel-xlsx
|
||||
pyexcel-webio
|
||||
update-from-hydra
|
||||
|
||||
20
lib/default.nix
Normal file
20
lib/default.nix
Normal file
@ -0,0 +1,20 @@
|
||||
inputs:
|
||||
|
||||
let
|
||||
|
||||
callLibs = file: import file ({
|
||||
inherit lib inputs;
|
||||
} // inputs);
|
||||
|
||||
lib = {
|
||||
flake-helper = callLibs ./flake-helper.nix;
|
||||
inherit ("flake-helper")
|
||||
generateNixosSystem
|
||||
mapToNixosConfigurations
|
||||
generateColmenaHost
|
||||
mapToColmenaHosts
|
||||
buildHosts;
|
||||
};
|
||||
|
||||
in
|
||||
lib
|
||||
@ -25,7 +25,7 @@ in
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = pkgs.nixfiles-system-upgrade + "/bin/nixfiles-system-upgrade --no-confirm${optionalString cfg.allowReboot " --allow-reboot"}";
|
||||
ExecStart = pkgs.nixfiles-system-upgrade + "/bin/nixfiles-system-upgrade --no-confirm${optionalString cfg.allowReboot " --allow-reboot"}${optionalString (config.clerie.monitoring.enable) " --node-exporter-metrics-path /var/lib/prometheus-node-exporter/textfiles/nixfiles-system-upgrade.prom"}";
|
||||
};
|
||||
};
|
||||
systemd.timers.nixfiles-system-auto-upgrade = {
|
||||
|
||||
@ -4,6 +4,7 @@ set -euo pipefail
|
||||
|
||||
ALLOW_REBOOT=
|
||||
NO_CONFIRM=
|
||||
NODE_EXPORTER_METRICS_PATH=
|
||||
|
||||
while [[ $# -gt 0 ]]; do
|
||||
case $1 in
|
||||
@ -15,6 +16,11 @@ while [[ $# -gt 0 ]]; do
|
||||
NO_CONFIRM=1
|
||||
shift
|
||||
;;
|
||||
--node-exporter-metrics-path)
|
||||
NODE_EXPORTER_METRICS_PATH=$2
|
||||
shift
|
||||
shift
|
||||
;;
|
||||
*)
|
||||
echo "Unknown option $1"
|
||||
exit 1
|
||||
@ -47,6 +53,11 @@ nix-env -p "/nix/var/nix/profiles/system" --set "${STORE_PATH}"
|
||||
echo "Set as boot target"
|
||||
/nix/var/nix/profiles/system/bin/switch-to-configuration boot
|
||||
|
||||
if [[ -n "$NODE_EXPORTER_METRICS_PATH" ]]; then
|
||||
echo "Write monitoring check data"
|
||||
echo "nixfiles_system_upgrade_last_check $(date +%s)" > "$NODE_EXPORTER_METRICS_PATH"
|
||||
fi
|
||||
|
||||
BOOTED_SYSTEM_KERNEL="$(readlink /run/booted-system/{initrd,kernel,kernel-modules})"
|
||||
ACTIVATING_SYSTEM_KERNEL="$(readlink /nix/var/nix/profiles/system/{initrd,kernel,kernel-modules})"
|
||||
|
||||
|
||||
@ -1,10 +0,0 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
pkgs.writeShellApplication {
|
||||
name = "nixos-firewall-tool";
|
||||
text = builtins.readFile ./nixos-firewall-tool.sh;
|
||||
runtimeInputs = with pkgs; [
|
||||
iptables
|
||||
];
|
||||
}
|
||||
|
||||
@ -1,55 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
ip46tables() {
|
||||
iptables -w "$@"
|
||||
ip6tables -w "$@"
|
||||
|
||||
}
|
||||
|
||||
show_help() {
|
||||
echo "nixos-firewall-tool"
|
||||
echo ""
|
||||
echo "Can temporarily manipulate the NixOS firewall"
|
||||
echo ""
|
||||
echo "Open TCP port:"
|
||||
echo " nixos-firewall-tool open tcp 8888"
|
||||
echo ""
|
||||
echo "Show all firewall rules:"
|
||||
echo " nixos-firewall-tool show"
|
||||
echo ""
|
||||
echo "Open UDP port:"
|
||||
echo " nixos-firewall-tool open udp 51820"
|
||||
echo ""
|
||||
echo "Reset firewall configuration to system settings:"
|
||||
echo " nixos-firewall-tool reset"
|
||||
}
|
||||
|
||||
if [[ -z ${1+x} ]]; then
|
||||
show_help
|
||||
exit 1
|
||||
fi
|
||||
|
||||
case $1 in
|
||||
"open")
|
||||
protocol="$2"
|
||||
port="$3"
|
||||
|
||||
ip46tables -I nixos-fw -p "$protocol" --dport "$port" -j nixos-fw-accept
|
||||
;;
|
||||
"show")
|
||||
ip46tables --numeric --list nixos-fw
|
||||
;;
|
||||
"reset")
|
||||
systemctl restart firewall.service
|
||||
;;
|
||||
-h|--help|help)
|
||||
show_help
|
||||
exit 0
|
||||
;;
|
||||
*)
|
||||
show_help
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
@ -9,7 +9,6 @@ final: prev: {
|
||||
nixfiles-system-upgrade = final.callPackage ./nixfiles/nixfiles-system-upgrade.nix {};
|
||||
nixfiles-updated-inputs = final.callPackage ./nixfiles/nixfiles-updated-inputs.nix {};
|
||||
nixfiles-update-ssh-host-keys = final.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {};
|
||||
nixos-firewall-tool = final.callPackage ./nixos-firewall-tool {};
|
||||
pyexcel-xlsx = final.python3.pkgs.callPackage ./pyexcel-xlsx {};
|
||||
pyexcel-webio = final.python3.pkgs.callPackage ./pyexcel-webio {};
|
||||
update-from-hydra = final.callPackage ./update-from-hydra {};
|
||||
|
||||
Loading…
Reference in New Issue
Block a user