From 671f5925c1b12a1742327f3b84bf1875dbe0e4f7 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Sun, 10 Dec 2023 18:27:55 +0100
Subject: [PATCH 1/3] lib/default.nix: Refactor lib loading

---
 flake.nix       |  3 ++-
 lib/default.nix | 20 ++++++++++++++++++++
 2 files changed, 22 insertions(+), 1 deletion(-)
 create mode 100644 lib/default.nix

diff --git a/flake.nix b/flake.nix
index e17e005..380ac69 100644
--- a/flake.nix
+++ b/flake.nix
@@ -26,7 +26,8 @@
     };
   };
   outputs = { self, agenix, nixpkgs, nixos-hardware, chaosevents, fernglas, nixos-exporter, solid-xmpp-alarm, ... }@inputs: let
-    helper = (import ./lib/flake-helper.nix) inputs;
+    lib = import ./lib inputs;
+    helper = lib.flake-helper;
   in {
     clerie.hosts = {
       aluminium = {
diff --git a/lib/default.nix b/lib/default.nix
new file mode 100644
index 0000000..ba58fa5
--- /dev/null
+++ b/lib/default.nix
@@ -0,0 +1,20 @@
+inputs:
+
+let
+
+  callLibs = file: import file ({
+    inherit lib inputs;
+  } // inputs);
+
+  lib = {
+    flake-helper = callLibs ./flake-helper.nix;
+    inherit ("flake-helper")
+      generateNixosSystem
+      mapToNixosConfigurations
+      generateColmenaHost
+      mapToColmenaHosts
+      buildHosts;
+  };
+
+in
+  lib

From cb585b9bd508f0b06a138ed59f47409d91813be3 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Sun, 10 Dec 2023 19:51:21 +0100
Subject: [PATCH 2/3] modules/nixfiles: Add metric for last update check

---
 modules/nixfiles/nixfiles-system-upgrade.nix |  2 +-
 pkgs/nixfiles/nixfiles-system-upgrade.sh     | 11 +++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/modules/nixfiles/nixfiles-system-upgrade.nix b/modules/nixfiles/nixfiles-system-upgrade.nix
index a3f29b7..64da51b 100644
--- a/modules/nixfiles/nixfiles-system-upgrade.nix
+++ b/modules/nixfiles/nixfiles-system-upgrade.nix
@@ -25,7 +25,7 @@ in
 
       serviceConfig = {
         Type = "oneshot";
-        ExecStart = pkgs.nixfiles-system-upgrade + "/bin/nixfiles-system-upgrade --no-confirm${optionalString cfg.allowReboot " --allow-reboot"}";
+        ExecStart = pkgs.nixfiles-system-upgrade + "/bin/nixfiles-system-upgrade --no-confirm${optionalString cfg.allowReboot " --allow-reboot"}${optionalString (config.clerie.monitoring.enable) " --node-exporter-metrics-path /var/lib/prometheus-node-exporter/textfiles/nixfiles-system-upgrade.prom"}";
       };
     };
     systemd.timers.nixfiles-system-auto-upgrade = {
diff --git a/pkgs/nixfiles/nixfiles-system-upgrade.sh b/pkgs/nixfiles/nixfiles-system-upgrade.sh
index 9ad1b96..18e8e6b 100755
--- a/pkgs/nixfiles/nixfiles-system-upgrade.sh
+++ b/pkgs/nixfiles/nixfiles-system-upgrade.sh
@@ -4,6 +4,7 @@ set -euo pipefail
 
 ALLOW_REBOOT=
 NO_CONFIRM=
+NODE_EXPORTER_METRICS_PATH=
 
 while [[ $# -gt 0 ]]; do
 	case $1 in
@@ -15,6 +16,11 @@ while [[ $# -gt 0 ]]; do
 			NO_CONFIRM=1
 			shift
 		;;
+		--node-exporter-metrics-path)
+			NODE_EXPORTER_METRICS_PATH=$2
+			shift
+			shift
+		;;
 		*)
 			echo "Unknown option $1"
 			exit 1
@@ -47,6 +53,11 @@ nix-env -p "/nix/var/nix/profiles/system" --set "${STORE_PATH}"
 echo "Set as boot target"
 /nix/var/nix/profiles/system/bin/switch-to-configuration boot
 
+if [[ -n "$NODE_EXPORTER_METRICS_PATH" ]]; then
+	echo "Write monitoring check data"
+	echo "nixfiles_system_upgrade_last_check $(date +%s)" > "$NODE_EXPORTER_METRICS_PATH"
+fi
+
 BOOTED_SYSTEM_KERNEL="$(readlink /run/booted-system/{initrd,kernel,kernel-modules})"
 ACTIVATING_SYSTEM_KERNEL="$(readlink /nix/var/nix/profiles/system/{initrd,kernel,kernel-modules})"
 

From 97cb51e4fb48c57169c491ca6fdf09461c35f7a5 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Sun, 10 Dec 2023 22:59:55 +0100
Subject: [PATCH 3/3] pkgs/nixos-firewall-tool: Remove package as it got
 upstreamed

---
 configuration/common/programs.nix             |  1 -
 flake.nix                                     |  1 -
 pkgs/nixos-firewall-tool/default.nix          | 10 ----
 .../nixos-firewall-tool.sh                    | 55 -------------------
 pkgs/overlay.nix                              |  1 -
 5 files changed, 68 deletions(-)
 delete mode 100644 pkgs/nixos-firewall-tool/default.nix
 delete mode 100755 pkgs/nixos-firewall-tool/nixos-firewall-tool.sh

diff --git a/configuration/common/programs.nix b/configuration/common/programs.nix
index d0e80cc..a10e7fc 100644
--- a/configuration/common/programs.nix
+++ b/configuration/common/programs.nix
@@ -10,7 +10,6 @@
     colmena
     vim
     agenix
-    nixos-firewall-tool
     nixfiles-system-upgrade
   ];
 
diff --git a/flake.nix b/flake.nix
index 380ac69..bff1ede 100644
--- a/flake.nix
+++ b/flake.nix
@@ -117,7 +117,6 @@
         nixfiles-system-upgrade
         nixfiles-updated-inputs
         nixfiles-update-ssh-host-keys
-        nixos-firewall-tool
         pyexcel-xlsx
         pyexcel-webio
         update-from-hydra
diff --git a/pkgs/nixos-firewall-tool/default.nix b/pkgs/nixos-firewall-tool/default.nix
deleted file mode 100644
index b225e93..0000000
--- a/pkgs/nixos-firewall-tool/default.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ pkgs, ... }:
-
-pkgs.writeShellApplication {
-  name = "nixos-firewall-tool";
-  text = builtins.readFile ./nixos-firewall-tool.sh;
-  runtimeInputs = with pkgs; [
-    iptables
-  ];
-}
-
diff --git a/pkgs/nixos-firewall-tool/nixos-firewall-tool.sh b/pkgs/nixos-firewall-tool/nixos-firewall-tool.sh
deleted file mode 100755
index 17e7ce8..0000000
--- a/pkgs/nixos-firewall-tool/nixos-firewall-tool.sh
+++ /dev/null
@@ -1,55 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-ip46tables() {
-  iptables -w "$@"
-  ip6tables -w "$@"
-
-}
-
-show_help() {
-    echo "nixos-firewall-tool"
-    echo ""
-    echo "Can temporarily manipulate the NixOS firewall"
-    echo ""
-    echo "Open TCP port:"
-    echo " nixos-firewall-tool open tcp 8888"
-    echo ""
-    echo "Show all firewall rules:"
-    echo " nixos-firewall-tool show"
-    echo ""
-    echo "Open UDP port:"
-    echo " nixos-firewall-tool open udp 51820"
-    echo ""
-    echo "Reset firewall configuration to system settings:"
-    echo " nixos-firewall-tool reset"
-}
-
-if [[ -z ${1+x} ]]; then
-  show_help
-  exit 1
-fi
-
-case $1 in
-  "open")
-    protocol="$2"
-    port="$3"
-
-    ip46tables -I nixos-fw -p "$protocol" --dport "$port" -j nixos-fw-accept
-  ;;
-  "show")
-    ip46tables --numeric --list nixos-fw
-  ;;
-  "reset")
-    systemctl restart firewall.service
-  ;;
-  -h|--help|help)
-    show_help
-    exit 0
-  ;;
-  *)
-    show_help
-    exit 1
-  ;;
-esac
diff --git a/pkgs/overlay.nix b/pkgs/overlay.nix
index 8b366cb..52b4146 100644
--- a/pkgs/overlay.nix
+++ b/pkgs/overlay.nix
@@ -9,7 +9,6 @@ final: prev: {
   nixfiles-system-upgrade = final.callPackage ./nixfiles/nixfiles-system-upgrade.nix {};
   nixfiles-updated-inputs = final.callPackage ./nixfiles/nixfiles-updated-inputs.nix {};
   nixfiles-update-ssh-host-keys = final.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {};
-  nixos-firewall-tool = final.callPackage ./nixos-firewall-tool {};
   pyexcel-xlsx = final.python3.pkgs.callPackage ./pyexcel-xlsx {};
   pyexcel-webio = final.python3.pkgs.callPackage ./pyexcel-webio {};
   update-from-hydra = final.callPackage ./update-from-hydra {};