Compare commits
4 Commits
2e68d00ca4
...
3168a58878
Author | SHA1 | Date | |
---|---|---|---|
3168a58878 | |||
b37bdf88e1 | |||
01b1ce3caa | |||
cff95863fd |
@ -11,6 +11,7 @@
|
||||
vim
|
||||
agenix
|
||||
nixos-firewall-tool
|
||||
nixfiles-system-upgrade
|
||||
];
|
||||
|
||||
programs.mtr.enable = true;
|
||||
|
@ -107,7 +107,7 @@
|
||||
nixfiles-auto-install
|
||||
nixfiles-generate-backup-secrets
|
||||
nixfiles-generate-config
|
||||
nixfiles-system-sync-to-hydra
|
||||
nixfiles-system-upgrade
|
||||
nixfiles-updated-inputs
|
||||
nixfiles-update-ssh-host-keys
|
||||
nixos-firewall-tool
|
||||
|
@ -329,7 +329,7 @@
|
||||
}
|
||||
'';
|
||||
|
||||
clerie.nixfiles.system-auto-sync-to-hydra = {
|
||||
clerie.nixfiles.system-auto-upgrade = {
|
||||
enable = true;
|
||||
allowReboot = true;
|
||||
};
|
||||
|
@ -183,7 +183,7 @@
|
||||
}
|
||||
'';
|
||||
|
||||
clerie.nixfiles.system-auto-sync-to-hydra = {
|
||||
clerie.nixfiles.system-auto-upgrade = {
|
||||
enable = true;
|
||||
allowReboot = true;
|
||||
};
|
||||
|
@ -183,7 +183,7 @@
|
||||
}
|
||||
'';
|
||||
|
||||
clerie.nixfiles.system-auto-sync-to-hydra = {
|
||||
clerie.nixfiles.system-auto-upgrade = {
|
||||
enable = true;
|
||||
allowReboot = true;
|
||||
};
|
||||
|
@ -273,7 +273,7 @@ in {
|
||||
static_configs = [
|
||||
{
|
||||
targets = [
|
||||
"https://matrix.entr0py.de/_matrix/static/"
|
||||
"matrix.entr0py.de"
|
||||
];
|
||||
}
|
||||
];
|
||||
@ -281,9 +281,10 @@ in {
|
||||
{
|
||||
source_labels = [ "__address__" ];
|
||||
target_label = "__param_target";
|
||||
replacement = "https://\${1}/_matrix/static/";
|
||||
}
|
||||
{
|
||||
source_labels = [ "__param_target" ];
|
||||
source_labels = [ "__address__" ];
|
||||
target_label = "target";
|
||||
}
|
||||
{
|
||||
|
@ -57,3 +57,11 @@ groups:
|
||||
annotations:
|
||||
summary: "Kernel of {{ $labels.instance }} changed"
|
||||
description: "The Kernel {{ $labels.instance }} booted with, isn't the target Kernel. A reboot may be required."
|
||||
- alert: SynapseUnavailable
|
||||
expr: last_over_time(probe_success{instance="monitoring-3.net.clerie.de", job="blackbox_local_synapse", target="matrix.entr0py.de"}[5m]) == 0
|
||||
for: 5m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: "Synapse of {{ $labels.target }} unavailable"
|
||||
description: "The Synapse backend of {{ $labels.instance }} is unreachable or returns garbage"
|
||||
|
@ -39,7 +39,7 @@
|
||||
|
||||
networking.firewall.allowedUDPPorts = [];
|
||||
|
||||
clerie.nixfiles.system-auto-sync-to-hydra = {
|
||||
clerie.nixfiles.system-auto-upgrade = {
|
||||
enable = true;
|
||||
allowReboot = true;
|
||||
};
|
||||
|
@ -13,7 +13,7 @@
|
||||
./monitoring
|
||||
./nginx-port-forward
|
||||
./nixfiles
|
||||
./nixfiles/system-auto-sync-to-hydra.nix
|
||||
./nixfiles/nixfiles-system-upgrade.nix
|
||||
./update-from-hydra
|
||||
./wg-clerie
|
||||
./wireguard-initrd
|
||||
|
@ -3,12 +3,12 @@
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.clerie.nixfiles.system-auto-sync-to-hydra;
|
||||
cfg = config.clerie.nixfiles.system-auto-upgrade;
|
||||
in
|
||||
|
||||
{
|
||||
options = {
|
||||
clerie.nixfiles.system-auto-sync-to-hydra = {
|
||||
clerie.nixfiles.system-auto-upgrade = {
|
||||
enable = mkEnableOption "clerie nixfiles tools";
|
||||
allowReboot = mkOption {
|
||||
type = types.bool;
|
||||
@ -18,10 +18,10 @@ in
|
||||
};
|
||||
};
|
||||
config = mkIf cfg.enable {
|
||||
systemd.services.nixfiles-system-auto-sync-to-hydra = {
|
||||
systemd.services.nixfiles-system-auto-upgrade = {
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = pkgs.nixfiles-system-sync-to-hydra + "/bin/nixfiles-system-sync-to-hydra${optionalString cfg.allowReboot " --allow-reboot"}";
|
||||
ExecStart = pkgs.nixfiles-system-upgrade + "/bin/nixfiles-system-upgrade --no-confirm${optionalString cfg.allowReboot " --allow-reboot"}";
|
||||
};
|
||||
startAt = "*-*-* 06:47:00";
|
||||
};
|
@ -1,8 +1,8 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
pkgs.writeShellApplication {
|
||||
name = "nixfiles-system-sync-to-hydra";
|
||||
text = builtins.readFile ./nixfiles-system-sync-to-hydra.sh;
|
||||
name = "nixfiles-system-upgrade";
|
||||
text = builtins.readFile ./nixfiles-system-upgrade.sh;
|
||||
runtimeInputs = with pkgs; [
|
||||
curl
|
||||
jq
|
@ -3,6 +3,7 @@
|
||||
set -euo pipefail
|
||||
|
||||
ALLOW_REBOOT=
|
||||
NO_CONFIRM=
|
||||
|
||||
while [[ $# -gt 0 ]]; do
|
||||
case $1 in
|
||||
@ -10,6 +11,10 @@ while [[ $# -gt 0 ]]; do
|
||||
ALLOW_REBOOT=1
|
||||
shift
|
||||
;;
|
||||
--no-confirm)
|
||||
NO_CONFIRM=1
|
||||
shift
|
||||
;;
|
||||
*)
|
||||
echo "Unknown option $1"
|
||||
exit 1
|
||||
@ -22,6 +27,17 @@ HYDRA_JOB_URL="https://hydra.clerie.de/job/nixfiles/nixfiles/nixosConfigurations
|
||||
echo "Fetching job output from ${HYDRA_JOB_URL}"
|
||||
STORE_PATH="$(curl --fail -s -L -H "Accept: application/json" "${HYDRA_JOB_URL}" | jq -r ".buildoutputs.out.path")"
|
||||
|
||||
if [[ -z $NO_CONFIRM ]]; then
|
||||
echo ""
|
||||
echo " ! WARNING !"
|
||||
echo ""
|
||||
echo " You are about to upgrade ${HOSTNAME} to ${STORE_PATH}."
|
||||
echo " This can be an older version than currently running on this system."
|
||||
echo ""
|
||||
read -e -r -p "Continue?" confirm
|
||||
echo "$confirm" > /dev/null
|
||||
fi
|
||||
|
||||
echo "Download ${STORE_PATH}"
|
||||
nix copy --from "https://nix-cache.clerie.de" "${STORE_PATH}"
|
||||
|
@ -6,7 +6,7 @@ self: super: {
|
||||
nixfiles-auto-install = self.callPackage ./nixfiles/nixfiles-auto-install.nix {};
|
||||
nixfiles-generate-backup-secrets = self.callPackage ./nixfiles/nixfiles-generate-backup-secrets.nix {};
|
||||
nixfiles-generate-config = self.callPackage ./nixfiles/nixfiles-generate-config.nix {};
|
||||
nixfiles-system-sync-to-hydra = self.callPackage ./nixfiles/nixfiles-system-sync-to-hydra.nix {};
|
||||
nixfiles-system-upgrade = self.callPackage ./nixfiles/nixfiles-system-upgrade.nix {};
|
||||
nixfiles-updated-inputs = self.callPackage ./nixfiles/nixfiles-updated-inputs.nix {};
|
||||
nixfiles-update-ssh-host-keys = self.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {};
|
||||
nixos-firewall-tool = self.callPackage ./nixos-firewall-tool {};
|
||||
|
Loading…
Reference in New Issue
Block a user