1
0

Compare commits

...

11 Commits

34 changed files with 170 additions and 27 deletions

View File

@ -10,6 +10,8 @@
colmena
vim
agenix
jq
curl
];
programs.mtr.enable = true;

View File

@ -3,5 +3,5 @@
{
services.printing.enable = true;
services.avahi.enable = true;
services.avahi.nssmdns = true;
services.avahi.nssmdns4 = true;
}

View File

@ -212,11 +212,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1710631334,
"narHash": "sha256-rL5LSYd85kplL5othxK5lmAtjyMOBg390sGBTb3LRMM=",
"lastModified": 1710806803,
"narHash": "sha256-qrxvLS888pNJFwJdK+hf1wpRCSQcqA6W5+Ox202NDa0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c75037bbf9093a2acb617804ee46320d6d1fea5a",
"rev": "b06025f1533a1e07b6db3e75151caa155d1c7eb3",
"type": "github"
},
"original": {

View File

@ -113,6 +113,7 @@
in {
inherit (pkgs)
clerie-system-upgrade
clerie-merge-nixfiles-update
clerie-update-nixfiles
chromium-incognito
iot-data
@ -122,6 +123,7 @@
nixfiles-generate-backup-secrets
nixfiles-generate-config
nixfiles-update-ssh-host-keys
print-afra
update-from-hydra
uptimestatus;
});

View File

@ -11,7 +11,6 @@
boot.kernelParams = [ "console=ttyS0,115200n8" ];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
boot.loader.grub.extraConfig = "
serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1

View File

@ -14,7 +14,6 @@
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";

View File

@ -11,7 +11,6 @@
];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/vda";
networking.hostName = "backup-4";

View File

@ -9,7 +9,6 @@
boot.kernelParams = [ "console=ttyS0,115200n8" ];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
boot.loader.grub.extraConfig = "
serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1

View File

@ -10,7 +10,6 @@
boot.kernelParams = [ "console=ttyS0,115200n8" ];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
boot.loader.grub.extraConfig = "
serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1

View File

@ -10,7 +10,6 @@
];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/vda";
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];

View File

@ -9,7 +9,6 @@
];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/vda";
networking.hostName = "dn42-il-gw1";

View File

@ -9,7 +9,6 @@
];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/vda";
networking.hostName = "dn42-il-gw5";

View File

@ -9,7 +9,6 @@
];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/vda";
networking.hostName = "dn42-il-gw6";

View File

@ -8,7 +8,6 @@
];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/vda";
networking.hostName = "dn42-ildix-clerie";

View File

@ -11,7 +11,6 @@
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";

View File

@ -8,7 +8,6 @@
];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
networking.hostName = "gatekeeper";

View File

@ -8,7 +8,6 @@
];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/vda";
boot.binfmt.emulatedSystems = [

View File

@ -8,7 +8,6 @@
];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/vda";
boot.binfmt.emulatedSystems = [

View File

@ -26,6 +26,8 @@
okular
chromium-incognito
print-afra
];
# Wireshark

View File

@ -10,7 +10,6 @@
];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
networking.hostName = "mail-2";

View File

@ -15,7 +15,6 @@ in {
];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
networking.hostName = "minecraft-2";

View File

@ -14,7 +14,6 @@
];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
networking.hostName = "monitoring-3";

View File

@ -9,7 +9,6 @@
];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/vda";
networking.hostName = "nonat";

View File

@ -11,7 +11,6 @@
];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/vda";
boot.binfmt.emulatedSystems = [

View File

@ -8,7 +8,6 @@
];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
networking.hostName = "porter";

View File

@ -12,7 +12,6 @@
];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/vda";
networking.hostName = "storage-2";

View File

@ -29,7 +29,6 @@
];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
networking.hostName = "web-2";

View File

@ -29,6 +29,7 @@ let
in
nameValuePair "clerie-backup-${jobName}-${targetName}" {
requires = [ "network.target" "local-fs.target" ];
after = [ "network.target" "local-fs.target" ];
path = [ pkgs.restic ];
serviceConfig = {
@ -63,6 +64,7 @@ let
OnCalendar = "hourly";
RandomizedDelaySec = "1h";
};
requires = [ "network-online.target" ];
after = [ "network-online.target" ];
}
) jobTargetPairs);

View File

@ -26,7 +26,6 @@ let
OnCalendar = "hourly";
RandomizedDelaySec = "1h";
};
after = [ "network-online.target" ];
}
) cfg.dirs;

View File

@ -29,6 +29,9 @@ in
};
config = mkIf cfg.enable {
systemd.services.clerie-system-auto-upgrade = {
requires = [ "network-online.target" ];
after = [ "network-online.target" ];
# Make sure this unit does not stop themself while upgrading
restartIfChanged = false;
unitConfig.X-StopOnRemoval = false;
@ -44,6 +47,7 @@ in
OnCalendar = if cfg.startAt == null then "*-*-* 05:37:00" else cfg.startAt;
RandomizedDelaySec = if cfg.startAt == null then "2h" else "10m";
};
requires = [ "network-online.target" ];
after = [ "network-online.target" ];
};
environment.systemPackages = with pkgs; [

View File

@ -0,0 +1,13 @@
{ pkgs, ... }:
pkgs.writeShellApplication {
name = "clerie-merge-nixfiles-update";
text = builtins.readFile ./clerie-merge-nixfiles-update.sh;
runtimeInputs = with pkgs; [
curl
git
jq
openssh
];
}

View File

@ -0,0 +1,128 @@
#!/usr/bin/env bash
set -euo pipefail
xgit() {
git -c "user.name=Flake Update Bot" -c "user.email=flake-update-bot@clerie.de" "$@"
}
xgit_parent_commits() {
xgit show -q --format="%P" "$@" | sed "s/ /\n/g"
}
xgit_refs_for_commit() {
xgit show -q --format="%D" "$@" | sed "s/, /\n/g" | sed -E "s/((.+) -> )?(.+)/\3/g"
}
commit_is_head_of_branch() {
COMMIT="$1"
BRANCH="$2"
xgit_refs_for_commit "${COMMIT}" | grep -E "^${BRANCH}$" > /dev/null
}
no_confirm=""
while [[ $# -gt 0 ]]; do
case $1 in
--no-confirm)
no_confirm=1
shift
;;
*)
echo "unknown option: $1"
exit 1
;;
esac
done
echo "[!] Init git repo"
xgit status > /dev/null || xgit clone gitea@git.clerie.de:clerie/nixfiles.git .
echo "[!] Make sure git repo is up to date"
xgit fetch --all
echo "[!] Checkout master"
xgit checkout master
echo "[!] Update master"
set +e
if ! xgit merge --ff-only origin/master; then
echo "[!] Merging failed"
echo "[!] Please clean up master branch and try again"
exit 1
fi
set -e
echo "[!] Fetch git commit of last hydra run"
echo "[!] Checking https://hydra.clerie.de/jobset/nixfiles/nixfiles-updated-inputs/latest-eval"
GIT_REV_OF_LAST_HYDRA_RUN=$(curl --json "" -X GET -L https://hydra.clerie.de/jobset/nixfiles/nixfiles-updated-inputs/latest-eval 2> /dev/null | \
jq -r .flake | sed -E "s/.+&rev=(.*)/\1/g")
echo "[!] Last hydra ran from ${GIT_REV_OF_LAST_HYDRA_RUN} (https://git.clerie.de/clerie/nixfiles/commit/${GIT_REV_OF_LAST_HYDRA_RUN})"
echo "[!] Check if commit is current head of origin/updated-inputs"
set +e
if ! commit_is_head_of_branch "${GIT_REV_OF_LAST_HYDRA_RUN}" "origin/updated-inputs"; then
echo "[!] Commit is not head of origin/updated-inputs"
echo "[!] Hydra seem to still process the current head of origin/updated-inputs"
exit 0
fi
set -e
echo "[!] Find out update branch"
PARENT_COMMITS=$(xgit_parent_commits "${GIT_REV_OF_LAST_HYDRA_RUN}")
update_branch=
for commit in $PARENT_COMMITS; do
set +e
if update_branch=$(xgit_refs_for_commit "${commit}" | sort -d | grep -E "^origin/updated-inputs-.+$" | head -1); then
break
fi
set -e
done
if [[ -z "$update_branch" ]]; then
echo "[!] No update branch found"
exit 0
fi
echo "[!] Update branch $update_branch"
echo "[!] Check if update branch forks from current master"
contains_current_master_head=
for commit in $(git rev-list "${update_branch}"); do
set +e
if xgit_refs_for_commit "${commit}" | sort -d | grep -E "^master$" | head -1 > /dev/null; then
contains_current_master_head=1
break
fi
set -e
done
if [[ -z "$contains_current_master_head" ]]; then
echo "[!] ${update_branch} does not contain the current master head"
echo "[!] Cannot merge ${update_branch}"
exit 0
fi
echo "[!] ${update_branch} can be merged into master"
merge_diff=$(xgit diff --color master "${update_branch}")
if [[ -z $merge_diff ]]; then
echo "[!] Nothing changes, nothing to merge"
exit 0
fi
echo "${merge_diff}"
if [[ -z $no_confirm ]]; then
read -e -r -p "[?] Merge ${update_branch} into master?" confirm
echo "$confirm" > /dev/null
fi
echo "[!] Merging ${update_branch} into master"
xgit merge --ff-only "${update_branch}"
echo "[!] Merge successful"

View File

@ -1,5 +1,6 @@
final: prev: {
clerie-system-upgrade = final.callPackage ./clerie-system-upgrade/clerie-system-upgrade.nix {};
clerie-merge-nixfiles-update = final.callPackage ./clerie-update-nixfiles/clerie-merge-nixfiles-update.nix {};
clerie-update-nixfiles = final.callPackage ./clerie-update-nixfiles/clerie-update-nixfiles.nix {};
chromium-incognito = final.callPackage ./chromium-incognito {};
iot-data = final.python3.pkgs.callPackage ./iot-data {};
@ -9,6 +10,7 @@ final: prev: {
nixfiles-generate-backup-secrets = final.callPackage ./nixfiles/nixfiles-generate-backup-secrets.nix {};
nixfiles-generate-config = final.callPackage ./nixfiles/nixfiles-generate-config.nix {};
nixfiles-update-ssh-host-keys = final.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {};
print-afra = final.callPackage ./print-afra {};
update-from-hydra = final.callPackage ./update-from-hydra {};
uptimestatus = final.python3.pkgs.callPackage ./uptimestatus {};
}

View File

@ -0,0 +1,11 @@
{ pkgs, ... }:
pkgs.writeShellApplication {
name = "print-afra";
text = ''
cat "$@" | nc -N 172.23.42.215 9100
'';
runtimeInputs = with pkgs; [
netcat
];
}