1
0

Compare commits

..

No commits in common. "b045babff43f13ff100b6f0cbf853fa9e039d7d4" and "d835f49a60a9ba69e2ed924487165927ca4bc099" have entirely different histories.

10 changed files with 101 additions and 57 deletions

View File

@ -3,16 +3,18 @@
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": [
"nixpkgs"
]
],
"systems": "systems"
},
"locked": {
"lastModified": 1682101079,
"narHash": "sha256-MdAhtjrLKnk2uiqun1FWABbKpLH090oeqCSiWemtuck=",
"lastModified": 1707830867,
"narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=",
"owner": "ryantm",
"repo": "agenix",
"rev": "2994d002dcff5353ca1ac48ec584c7f6589fe447",
"rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6",
"type": "github"
},
"original": {
@ -41,6 +43,22 @@
"url": "https://git.clerie.de/clerie/chaosevents.git"
}
},
"communities": {
"flake": false,
"locked": {
"lastModified": 1706695952,
"narHash": "sha256-FlbOBX/+/LLmoqMJLvu59XuHYmiohIhDc1VjkZu4Wzo=",
"owner": "NLNOG",
"repo": "lg.ring.nlnog.net",
"rev": "20f9a9f3da8b1bc9d7046e88c62df4b41b4efb99",
"type": "github"
},
"original": {
"owner": "NLNOG",
"repo": "lg.ring.nlnog.net",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
@ -49,11 +67,11 @@
]
},
"locked": {
"lastModified": 1673295039,
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
"lastModified": 1700795494,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github"
},
"original": {
@ -65,17 +83,18 @@
},
"fernglas": {
"inputs": {
"communities": "communities",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1700408128,
"narHash": "sha256-PLb/q8kIq0wOinkgADHNY6uOB3b3lXQEbLu6ToIFPsU=",
"lastModified": 1707317562,
"narHash": "sha256-0wj5AS8RLVr+S/QWWxCsMvmVjmXUWGfR9kPaZimJEss=",
"owner": "wobcom",
"repo": "fernglas",
"rev": "407325681e3ad344f6fd05334984a40074aa6347",
"rev": "25020466957dbe0e193f7857d827020f5c1aa996",
"type": "github"
},
"original": {
@ -90,11 +109,11 @@
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1687119570,
"narHash": "sha256-tZ6hctUdlZzsdg4WA4Fv7C5bNGnotYp0QT+s3rvlIKw=",
"lastModified": 1703526534,
"narHash": "sha256-enuuJ++jVKXMAUuEeetq02oy2guoJfSMYMvy9U0KGD8=",
"ref": "refs/heads/main",
"rev": "cc43776e6dd7eb94962e9f23b8e8282d34597a75",
"revCount": 39,
"rev": "3197e4f8d3646a9f7b20a2a38f1abc0a19aa69d2",
"revCount": 55,
"type": "git",
"url": "https://git.clerie.de/clerie/fieldpoc.git"
},
@ -105,14 +124,14 @@
},
"flake-utils": {
"inputs": {
"systems": "systems"
"systems": "systems_2"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
@ -121,6 +140,27 @@
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703113217,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"mitel-ommclient2": {
"inputs": {
"nixpkgs": [
@ -164,11 +204,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1686838567,
"narHash": "sha256-aqKCUD126dRlVSKV6vWuDCitfjFrZlkwNuvj5LtjRRU=",
"lastModified": 1709147990,
"narHash": "sha256-vpXMWoaCtMYJ7lisJedCRhQG9BSsInEyZnnG5GfY9tQ=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "429f232fe1dc398c5afea19a51aad6931ee0fb89",
"rev": "33a97b5814d36ddd65ad678ad07ce43b1a67f159",
"type": "github"
},
"original": {
@ -196,11 +236,11 @@
},
"nixpkgs-krypton": {
"locked": {
"lastModified": 1707546158,
"narHash": "sha256-nYYJTpzfPMDxI8mzhQsYjIUX+grorqjKEU9Np6Xwy/0=",
"lastModified": 1709237383,
"narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d934204a0f8d9198e1e4515dd6fec76a139c87f0",
"rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8",
"type": "github"
},
"original": {
@ -212,11 +252,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1710631334,
"narHash": "sha256-rL5LSYd85kplL5othxK5lmAtjyMOBg390sGBTb3LRMM=",
"lastModified": 1710451336,
"narHash": "sha256-pP86Pcfu3BrAvRO7R64x7hs+GaQrjFes+mEPowCfkxY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c75037bbf9093a2acb617804ee46320d6d1fea5a",
"rev": "d691274a972b3165335d261cc4671335f5c67de9",
"type": "github"
},
"original": {
@ -273,6 +313,21 @@
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",

View File

@ -112,8 +112,6 @@
};
in {
inherit (pkgs)
clerie-system-upgrade
clerie-update-nixfiles
chromium-incognito
iot-data
nix-remove-result-links
@ -121,6 +119,8 @@
nixfiles-auto-install
nixfiles-generate-backup-secrets
nixfiles-generate-config
nixfiles-system-upgrade
nixfiles-updated-inputs
nixfiles-update-ssh-host-keys
update-from-hydra
uptimestatus;

View File

@ -1,20 +1,20 @@
{ config, pkgs, ... }:
{
systemd.services.clerie-update-nixfiles = {
systemd.services.nixfiles-updated-inputs = {
environment = {
GIT_SSH_COMMAND = "ssh -o UserKnownHostsFile=${pkgs.writeText "known_hosts" "git.clerie.de ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIHQDwfRlw6L+pkLjXDgW2BUWlY1zNEDtVhNEsClgqaL"} -i %d/clerie-update-nixfiles-ssh";
GIT_SSH_COMMAND = "ssh -o UserKnownHostsFile=${pkgs.writeText "known_hosts" "git.clerie.de ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIHQDwfRlw6L+pkLjXDgW2BUWlY1zNEDtVhNEsClgqaL"} -i %d/nixfiles-updated-inputs-ssh";
# nix likes a home directory to place the cache there
HOME = "/var/lib/clerie-update-nixfiles";
HOME = "/var/lib/nixfiles-updated-inputs";
};
serviceConfig = {
Type = "oneshot";
ExecStart = pkgs.clerie-update-nixfiles + "/bin/clerie-update-nixfiles";
StateDirectory = "clerie-update-nixfiles";
WorkingDirectory = "/var/lib/clerie-update-nixfiles";
ExecStart = pkgs.nixfiles-updated-inputs + "/bin/nixfiles-updated-inputs";
StateDirectory = "nixfiles-updated-inputs";
WorkingDirectory = "/var/lib/nixfiles-updated-inputs";
DynamicUser = true;
# this sets the correct file permissions for the ssh key because we use DynamicUser
LoadCredential = "clerie-update-nixfiles-ssh:${config.age.secrets."clerie-update-nixfiles-ssh".path}";
LoadCredential = "nixfiles-updated-inputs-ssh:${config.age.secrets."nixfiles-updated-inputs-ssh".path}";
};
startAt = "*-*-* 03:03:00";
};

View File

@ -35,7 +35,7 @@ in
serviceConfig = {
Type = "oneshot";
ExecStart = pkgs.clerie-system-upgrade + "/bin/clerie-system-upgrade --no-confirm${optionalString cfg.allowReboot " --allow-reboot"}${optionalString (config.clerie.monitoring.enable) " --node-exporter-metrics-path /var/lib/prometheus-node-exporter/textfiles/clerie-system-upgrade.prom"}";
ExecStart = pkgs.nixfiles-system-upgrade + "/bin/nixfiles-system-upgrade --no-confirm${optionalString cfg.allowReboot " --allow-reboot"}${optionalString (config.clerie.monitoring.enable) " --node-exporter-metrics-path /var/lib/prometheus-node-exporter/textfiles/nixfiles-system-upgrade.prom"}";
};
};
systemd.timers.clerie-system-auto-upgrade = mkIf cfg.autoUpgrade {
@ -47,7 +47,7 @@ in
after = [ "network-online.target" ];
};
environment.systemPackages = with pkgs; [
clerie-system-upgrade
nixfiles-system-upgrade
];
};
}

View File

@ -1,8 +1,8 @@
{ pkgs, ... }:
pkgs.writeShellApplication {
name = "clerie-system-upgrade";
text = builtins.readFile ./clerie-system-upgrade.sh;
name = "nixfiles-system-upgrade";
text = builtins.readFile ./nixfiles-system-upgrade.sh;
runtimeInputs = with pkgs; [
curl
jq

View File

@ -55,7 +55,7 @@ echo "Set as boot target"
if [[ -n "$NODE_EXPORTER_METRICS_PATH" ]]; then
echo "Write monitoring check data"
echo "clerie_system_upgrade_last_check $(date +%s)" > "$NODE_EXPORTER_METRICS_PATH"
echo "nixfiles_system_upgrade_last_check $(date +%s)" > "$NODE_EXPORTER_METRICS_PATH"
fi
BOOTED_SYSTEM_KERNEL="$(readlink /run/booted-system/{initrd,kernel,kernel-modules})"

View File

@ -1,8 +1,8 @@
{ pkgs, ... }:
pkgs.writeShellApplication {
name = "clerie-update-nixfiles";
text = builtins.readFile ./clerie-update-nixfiles.sh;
name = "nixfiles-updated-inputs";
text = builtins.readFile ./nixfiles-updated-inputs.sh;
runtimeInputs = with pkgs; [
git
nix

View File

@ -3,7 +3,7 @@
set -euo pipefail
xgit() {
git -c "user.name=Flake Update Bot" -c "user.email=flake-update-bot@clerie.de" -c "core.pager=cat" "$@"
git -c "user.name=Flake Update Bot" -c "user.email=flake-update-bot@clerie.de" "$@"
}
NOW="$(date --utc +%Y-%m-%d-%H-%M)"
@ -25,19 +25,8 @@ nix flake lock --update-input nixpkgs
echo "[!] Commit changes"
xgit add flake.lock
xgit commit -m "Update nixpkgs ${NOW}" || true
xgit diff --name-status origin/updated-inputs "${UPDATE_BRANCH}"
echo "[!] biep"
if xgit diff --quiet origin/updated-inputs "${UPDATE_BRANCH}"
then
echo "[!] Nothing changed, removing branch"
xgit branch -D "${UPDATE_BRANCH}"
exit 0
fi
echo "[!] Publish ${UPDATE_BRANCH}"
xgit push --set-upstream origin "${UPDATE_BRANCH}"

View File

@ -1,6 +1,4 @@
final: prev: {
clerie-system-upgrade = final.callPackage ./clerie-system-upgrade/clerie-system-upgrade.nix {};
clerie-update-nixfiles = final.callPackage ./clerie-update-nixfiles/clerie-update-nixfiles.nix {};
chromium-incognito = final.callPackage ./chromium-incognito {};
iot-data = final.python3.pkgs.callPackage ./iot-data {};
nix-remove-result-links = final.callPackage ./nix-remove-result-links {};
@ -8,6 +6,8 @@ final: prev: {
nixfiles-auto-install = final.callPackage ./nixfiles/nixfiles-auto-install.nix {};
nixfiles-generate-backup-secrets = final.callPackage ./nixfiles/nixfiles-generate-backup-secrets.nix {};
nixfiles-generate-config = final.callPackage ./nixfiles/nixfiles-generate-config.nix {};
nixfiles-system-upgrade = final.callPackage ./nixfiles/nixfiles-system-upgrade.nix {};
nixfiles-updated-inputs = final.callPackage ./nixfiles/nixfiles-updated-inputs.nix {};
nixfiles-update-ssh-host-keys = final.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {};
update-from-hydra = final.callPackage ./update-from-hydra {};
uptimestatus = final.python3.pkgs.callPackage ./uptimestatus {};