diff --git a/flake.lock b/flake.lock index e8da552..06ea950 100644 --- a/flake.lock +++ b/flake.lock @@ -3,18 +3,16 @@ "agenix": { "inputs": { "darwin": "darwin", - "home-manager": "home-manager", "nixpkgs": [ "nixpkgs" - ], - "systems": "systems" + ] }, "locked": { - "lastModified": 1707830867, - "narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=", + "lastModified": 1682101079, + "narHash": "sha256-MdAhtjrLKnk2uiqun1FWABbKpLH090oeqCSiWemtuck=", "owner": "ryantm", "repo": "agenix", - "rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6", + "rev": "2994d002dcff5353ca1ac48ec584c7f6589fe447", "type": "github" }, "original": { @@ -43,22 +41,6 @@ "url": "https://git.clerie.de/clerie/chaosevents.git" } }, - "communities": { - "flake": false, - "locked": { - "lastModified": 1706695952, - "narHash": "sha256-FlbOBX/+/LLmoqMJLvu59XuHYmiohIhDc1VjkZu4Wzo=", - "owner": "NLNOG", - "repo": "lg.ring.nlnog.net", - "rev": "20f9a9f3da8b1bc9d7046e88c62df4b41b4efb99", - "type": "github" - }, - "original": { - "owner": "NLNOG", - "repo": "lg.ring.nlnog.net", - "type": "github" - } - }, "darwin": { "inputs": { "nixpkgs": [ @@ -67,11 +49,11 @@ ] }, "locked": { - "lastModified": 1700795494, - "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "lastModified": 1673295039, + "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", "type": "github" }, "original": { @@ -83,18 +65,17 @@ }, "fernglas": { "inputs": { - "communities": "communities", "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1707317562, - "narHash": "sha256-0wj5AS8RLVr+S/QWWxCsMvmVjmXUWGfR9kPaZimJEss=", + "lastModified": 1700408128, + "narHash": "sha256-PLb/q8kIq0wOinkgADHNY6uOB3b3lXQEbLu6ToIFPsU=", "owner": "wobcom", "repo": "fernglas", - "rev": "25020466957dbe0e193f7857d827020f5c1aa996", + "rev": "407325681e3ad344f6fd05334984a40074aa6347", "type": "github" }, "original": { @@ -109,11 +90,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1703526534, - "narHash": "sha256-enuuJ++jVKXMAUuEeetq02oy2guoJfSMYMvy9U0KGD8=", + "lastModified": 1687119570, + "narHash": "sha256-tZ6hctUdlZzsdg4WA4Fv7C5bNGnotYp0QT+s3rvlIKw=", "ref": "refs/heads/main", - "rev": "3197e4f8d3646a9f7b20a2a38f1abc0a19aa69d2", - "revCount": 55, + "rev": "cc43776e6dd7eb94962e9f23b8e8282d34597a75", + "revCount": 39, "type": "git", "url": "https://git.clerie.de/clerie/fieldpoc.git" }, @@ -124,14 +105,14 @@ }, "flake-utils": { "inputs": { - "systems": "systems_2" + "systems": "systems" }, "locked": { - "lastModified": 1705309234, - "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", "owner": "numtide", "repo": "flake-utils", - "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", "type": "github" }, "original": { @@ -140,27 +121,6 @@ "type": "github" } }, - "home-manager": { - "inputs": { - "nixpkgs": [ - "agenix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1703113217, - "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, "mitel-ommclient2": { "inputs": { "nixpkgs": [ @@ -204,11 +164,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1709147990, - "narHash": "sha256-vpXMWoaCtMYJ7lisJedCRhQG9BSsInEyZnnG5GfY9tQ=", + "lastModified": 1686838567, + "narHash": "sha256-aqKCUD126dRlVSKV6vWuDCitfjFrZlkwNuvj5LtjRRU=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "33a97b5814d36ddd65ad678ad07ce43b1a67f159", + "rev": "429f232fe1dc398c5afea19a51aad6931ee0fb89", "type": "github" }, "original": { @@ -236,11 +196,11 @@ }, "nixpkgs-krypton": { "locked": { - "lastModified": 1709237383, - "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=", + "lastModified": 1707546158, + "narHash": "sha256-nYYJTpzfPMDxI8mzhQsYjIUX+grorqjKEU9Np6Xwy/0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8", + "rev": "d934204a0f8d9198e1e4515dd6fec76a139c87f0", "type": "github" }, "original": { @@ -252,11 +212,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1710451336, - "narHash": "sha256-pP86Pcfu3BrAvRO7R64x7hs+GaQrjFes+mEPowCfkxY=", + "lastModified": 1710631334, + "narHash": "sha256-rL5LSYd85kplL5othxK5lmAtjyMOBg390sGBTb3LRMM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d691274a972b3165335d261cc4671335f5c67de9", + "rev": "c75037bbf9093a2acb617804ee46320d6d1fea5a", "type": "github" }, "original": { @@ -313,21 +273,6 @@ "repo": "default", "type": "github" } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index b1dd8e2..192ddd4 100644 --- a/flake.nix +++ b/flake.nix @@ -112,6 +112,8 @@ }; in { inherit (pkgs) + clerie-system-upgrade + clerie-update-nixfiles chromium-incognito iot-data nix-remove-result-links @@ -119,8 +121,6 @@ nixfiles-auto-install nixfiles-generate-backup-secrets nixfiles-generate-config - nixfiles-system-upgrade - nixfiles-updated-inputs nixfiles-update-ssh-host-keys update-from-hydra uptimestatus; diff --git a/hosts/osmium/nixfiles-updated-inputs.nix b/hosts/osmium/nixfiles-updated-inputs.nix index cff6766..3327e80 100644 --- a/hosts/osmium/nixfiles-updated-inputs.nix +++ b/hosts/osmium/nixfiles-updated-inputs.nix @@ -1,20 +1,20 @@ { config, pkgs, ... }: { - systemd.services.nixfiles-updated-inputs = { + systemd.services.clerie-update-nixfiles = { environment = { - GIT_SSH_COMMAND = "ssh -o UserKnownHostsFile=${pkgs.writeText "known_hosts" "git.clerie.de ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIHQDwfRlw6L+pkLjXDgW2BUWlY1zNEDtVhNEsClgqaL"} -i %d/nixfiles-updated-inputs-ssh"; + GIT_SSH_COMMAND = "ssh -o UserKnownHostsFile=${pkgs.writeText "known_hosts" "git.clerie.de ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIHQDwfRlw6L+pkLjXDgW2BUWlY1zNEDtVhNEsClgqaL"} -i %d/clerie-update-nixfiles-ssh"; # nix likes a home directory to place the cache there - HOME = "/var/lib/nixfiles-updated-inputs"; + HOME = "/var/lib/clerie-update-nixfiles"; }; serviceConfig = { Type = "oneshot"; - ExecStart = pkgs.nixfiles-updated-inputs + "/bin/nixfiles-updated-inputs"; - StateDirectory = "nixfiles-updated-inputs"; - WorkingDirectory = "/var/lib/nixfiles-updated-inputs"; + ExecStart = pkgs.clerie-update-nixfiles + "/bin/clerie-update-nixfiles"; + StateDirectory = "clerie-update-nixfiles"; + WorkingDirectory = "/var/lib/clerie-update-nixfiles"; DynamicUser = true; # this sets the correct file permissions for the ssh key because we use DynamicUser - LoadCredential = "nixfiles-updated-inputs-ssh:${config.age.secrets."nixfiles-updated-inputs-ssh".path}"; + LoadCredential = "clerie-update-nixfiles-ssh:${config.age.secrets."clerie-update-nixfiles-ssh".path}"; }; startAt = "*-*-* 03:03:00"; }; diff --git a/hosts/osmium/secrets/nixfiles-updated-inputs-ssh.age b/hosts/osmium/secrets/clerie-update-nixfiles-ssh.age similarity index 100% rename from hosts/osmium/secrets/nixfiles-updated-inputs-ssh.age rename to hosts/osmium/secrets/clerie-update-nixfiles-ssh.age diff --git a/modules/clerie-system-upgrade/default.nix b/modules/clerie-system-upgrade/default.nix index 6c3a212..2a83a11 100644 --- a/modules/clerie-system-upgrade/default.nix +++ b/modules/clerie-system-upgrade/default.nix @@ -35,7 +35,7 @@ in serviceConfig = { Type = "oneshot"; - ExecStart = pkgs.nixfiles-system-upgrade + "/bin/nixfiles-system-upgrade --no-confirm${optionalString cfg.allowReboot " --allow-reboot"}${optionalString (config.clerie.monitoring.enable) " --node-exporter-metrics-path /var/lib/prometheus-node-exporter/textfiles/nixfiles-system-upgrade.prom"}"; + ExecStart = pkgs.clerie-system-upgrade + "/bin/clerie-system-upgrade --no-confirm${optionalString cfg.allowReboot " --allow-reboot"}${optionalString (config.clerie.monitoring.enable) " --node-exporter-metrics-path /var/lib/prometheus-node-exporter/textfiles/clerie-system-upgrade.prom"}"; }; }; systemd.timers.clerie-system-auto-upgrade = mkIf cfg.autoUpgrade { @@ -47,7 +47,7 @@ in after = [ "network-online.target" ]; }; environment.systemPackages = with pkgs; [ - nixfiles-system-upgrade + clerie-system-upgrade ]; }; } diff --git a/pkgs/nixfiles/nixfiles-system-upgrade.nix b/pkgs/clerie-system-upgrade/clerie-system-upgrade.nix similarity index 53% rename from pkgs/nixfiles/nixfiles-system-upgrade.nix rename to pkgs/clerie-system-upgrade/clerie-system-upgrade.nix index 9d494f4..5088be4 100644 --- a/pkgs/nixfiles/nixfiles-system-upgrade.nix +++ b/pkgs/clerie-system-upgrade/clerie-system-upgrade.nix @@ -1,8 +1,8 @@ { pkgs, ... }: pkgs.writeShellApplication { - name = "nixfiles-system-upgrade"; - text = builtins.readFile ./nixfiles-system-upgrade.sh; + name = "clerie-system-upgrade"; + text = builtins.readFile ./clerie-system-upgrade.sh; runtimeInputs = with pkgs; [ curl jq diff --git a/pkgs/nixfiles/nixfiles-system-upgrade.sh b/pkgs/clerie-system-upgrade/clerie-system-upgrade.sh similarity index 95% rename from pkgs/nixfiles/nixfiles-system-upgrade.sh rename to pkgs/clerie-system-upgrade/clerie-system-upgrade.sh index 18e8e6b..7e2ad11 100755 --- a/pkgs/nixfiles/nixfiles-system-upgrade.sh +++ b/pkgs/clerie-system-upgrade/clerie-system-upgrade.sh @@ -55,7 +55,7 @@ echo "Set as boot target" if [[ -n "$NODE_EXPORTER_METRICS_PATH" ]]; then echo "Write monitoring check data" - echo "nixfiles_system_upgrade_last_check $(date +%s)" > "$NODE_EXPORTER_METRICS_PATH" + echo "clerie_system_upgrade_last_check $(date +%s)" > "$NODE_EXPORTER_METRICS_PATH" fi BOOTED_SYSTEM_KERNEL="$(readlink /run/booted-system/{initrd,kernel,kernel-modules})" diff --git a/pkgs/nixfiles/nixfiles-updated-inputs.nix b/pkgs/clerie-update-nixfiles/clerie-update-nixfiles.nix similarity index 54% rename from pkgs/nixfiles/nixfiles-updated-inputs.nix rename to pkgs/clerie-update-nixfiles/clerie-update-nixfiles.nix index bab538a..bed20c8 100644 --- a/pkgs/nixfiles/nixfiles-updated-inputs.nix +++ b/pkgs/clerie-update-nixfiles/clerie-update-nixfiles.nix @@ -1,8 +1,8 @@ { pkgs, ... }: pkgs.writeShellApplication { - name = "nixfiles-updated-inputs"; - text = builtins.readFile ./nixfiles-updated-inputs.sh; + name = "clerie-update-nixfiles"; + text = builtins.readFile ./clerie-update-nixfiles.sh; runtimeInputs = with pkgs; [ git nix diff --git a/pkgs/nixfiles/nixfiles-updated-inputs.sh b/pkgs/clerie-update-nixfiles/clerie-update-nixfiles.sh similarity index 76% rename from pkgs/nixfiles/nixfiles-updated-inputs.sh rename to pkgs/clerie-update-nixfiles/clerie-update-nixfiles.sh index de6503a..eac8487 100755 --- a/pkgs/nixfiles/nixfiles-updated-inputs.sh +++ b/pkgs/clerie-update-nixfiles/clerie-update-nixfiles.sh @@ -3,7 +3,7 @@ set -euo pipefail xgit() { - git -c "user.name=Flake Update Bot" -c "user.email=flake-update-bot@clerie.de" "$@" + git -c "user.name=Flake Update Bot" -c "user.email=flake-update-bot@clerie.de" -c "core.pager=cat" "$@" } NOW="$(date --utc +%Y-%m-%d-%H-%M)" @@ -25,8 +25,19 @@ nix flake lock --update-input nixpkgs echo "[!] Commit changes" xgit add flake.lock + xgit commit -m "Update nixpkgs ${NOW}" || true +xgit diff --name-status origin/updated-inputs "${UPDATE_BRANCH}" + +echo "[!] biep" +if xgit diff --quiet origin/updated-inputs "${UPDATE_BRANCH}" +then + echo "[!] Nothing changed, removing branch" + xgit branch -D "${UPDATE_BRANCH}" + exit 0 +fi + echo "[!] Publish ${UPDATE_BRANCH}" xgit push --set-upstream origin "${UPDATE_BRANCH}" diff --git a/pkgs/overlay.nix b/pkgs/overlay.nix index 530c957..5a6c751 100644 --- a/pkgs/overlay.nix +++ b/pkgs/overlay.nix @@ -1,4 +1,6 @@ final: prev: { + clerie-system-upgrade = final.callPackage ./clerie-system-upgrade/clerie-system-upgrade.nix {}; + clerie-update-nixfiles = final.callPackage ./clerie-update-nixfiles/clerie-update-nixfiles.nix {}; chromium-incognito = final.callPackage ./chromium-incognito {}; iot-data = final.python3.pkgs.callPackage ./iot-data {}; nix-remove-result-links = final.callPackage ./nix-remove-result-links {}; @@ -6,8 +8,6 @@ final: prev: { nixfiles-auto-install = final.callPackage ./nixfiles/nixfiles-auto-install.nix {}; nixfiles-generate-backup-secrets = final.callPackage ./nixfiles/nixfiles-generate-backup-secrets.nix {}; nixfiles-generate-config = final.callPackage ./nixfiles/nixfiles-generate-config.nix {}; - nixfiles-system-upgrade = final.callPackage ./nixfiles/nixfiles-system-upgrade.nix {}; - nixfiles-updated-inputs = final.callPackage ./nixfiles/nixfiles-updated-inputs.nix {}; nixfiles-update-ssh-host-keys = final.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {}; update-from-hydra = final.callPackage ./update-from-hydra {}; uptimestatus = final.python3.pkgs.callPackage ./uptimestatus {};