1
0

Compare commits

...

5 Commits

10 changed files with 57 additions and 101 deletions

View File

@ -3,18 +3,16 @@
"agenix": { "agenix": {
"inputs": { "inputs": {
"darwin": "darwin", "darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ]
"systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1707830867, "lastModified": 1682101079,
"narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=", "narHash": "sha256-MdAhtjrLKnk2uiqun1FWABbKpLH090oeqCSiWemtuck=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6", "rev": "2994d002dcff5353ca1ac48ec584c7f6589fe447",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -43,22 +41,6 @@
"url": "https://git.clerie.de/clerie/chaosevents.git" "url": "https://git.clerie.de/clerie/chaosevents.git"
} }
}, },
"communities": {
"flake": false,
"locked": {
"lastModified": 1706695952,
"narHash": "sha256-FlbOBX/+/LLmoqMJLvu59XuHYmiohIhDc1VjkZu4Wzo=",
"owner": "NLNOG",
"repo": "lg.ring.nlnog.net",
"rev": "20f9a9f3da8b1bc9d7046e88c62df4b41b4efb99",
"type": "github"
},
"original": {
"owner": "NLNOG",
"repo": "lg.ring.nlnog.net",
"type": "github"
}
},
"darwin": { "darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -67,11 +49,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1700795494, "lastModified": 1673295039,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", "rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -83,18 +65,17 @@
}, },
"fernglas": { "fernglas": {
"inputs": { "inputs": {
"communities": "communities",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1707317562, "lastModified": 1700408128,
"narHash": "sha256-0wj5AS8RLVr+S/QWWxCsMvmVjmXUWGfR9kPaZimJEss=", "narHash": "sha256-PLb/q8kIq0wOinkgADHNY6uOB3b3lXQEbLu6ToIFPsU=",
"owner": "wobcom", "owner": "wobcom",
"repo": "fernglas", "repo": "fernglas",
"rev": "25020466957dbe0e193f7857d827020f5c1aa996", "rev": "407325681e3ad344f6fd05334984a40074aa6347",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -109,11 +90,11 @@
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1703526534, "lastModified": 1687119570,
"narHash": "sha256-enuuJ++jVKXMAUuEeetq02oy2guoJfSMYMvy9U0KGD8=", "narHash": "sha256-tZ6hctUdlZzsdg4WA4Fv7C5bNGnotYp0QT+s3rvlIKw=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "3197e4f8d3646a9f7b20a2a38f1abc0a19aa69d2", "rev": "cc43776e6dd7eb94962e9f23b8e8282d34597a75",
"revCount": 55, "revCount": 39,
"type": "git", "type": "git",
"url": "https://git.clerie.de/clerie/fieldpoc.git" "url": "https://git.clerie.de/clerie/fieldpoc.git"
}, },
@ -124,14 +105,14 @@
}, },
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1705309234, "lastModified": 1694529238,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -140,27 +121,6 @@
"type": "github" "type": "github"
} }
}, },
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703113217,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"mitel-ommclient2": { "mitel-ommclient2": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -204,11 +164,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1709147990, "lastModified": 1686838567,
"narHash": "sha256-vpXMWoaCtMYJ7lisJedCRhQG9BSsInEyZnnG5GfY9tQ=", "narHash": "sha256-aqKCUD126dRlVSKV6vWuDCitfjFrZlkwNuvj5LtjRRU=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "33a97b5814d36ddd65ad678ad07ce43b1a67f159", "rev": "429f232fe1dc398c5afea19a51aad6931ee0fb89",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -236,11 +196,11 @@
}, },
"nixpkgs-krypton": { "nixpkgs-krypton": {
"locked": { "locked": {
"lastModified": 1709237383, "lastModified": 1707546158,
"narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=", "narHash": "sha256-nYYJTpzfPMDxI8mzhQsYjIUX+grorqjKEU9Np6Xwy/0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8", "rev": "d934204a0f8d9198e1e4515dd6fec76a139c87f0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -252,11 +212,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1710451336, "lastModified": 1710631334,
"narHash": "sha256-pP86Pcfu3BrAvRO7R64x7hs+GaQrjFes+mEPowCfkxY=", "narHash": "sha256-rL5LSYd85kplL5othxK5lmAtjyMOBg390sGBTb3LRMM=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d691274a972b3165335d261cc4671335f5c67de9", "rev": "c75037bbf9093a2acb617804ee46320d6d1fea5a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -313,21 +273,6 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

View File

@ -112,6 +112,8 @@
}; };
in { in {
inherit (pkgs) inherit (pkgs)
clerie-system-upgrade
clerie-update-nixfiles
chromium-incognito chromium-incognito
iot-data iot-data
nix-remove-result-links nix-remove-result-links
@ -119,8 +121,6 @@
nixfiles-auto-install nixfiles-auto-install
nixfiles-generate-backup-secrets nixfiles-generate-backup-secrets
nixfiles-generate-config nixfiles-generate-config
nixfiles-system-upgrade
nixfiles-updated-inputs
nixfiles-update-ssh-host-keys nixfiles-update-ssh-host-keys
update-from-hydra update-from-hydra
uptimestatus; uptimestatus;

View File

@ -1,20 +1,20 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
systemd.services.nixfiles-updated-inputs = { systemd.services.clerie-update-nixfiles = {
environment = { environment = {
GIT_SSH_COMMAND = "ssh -o UserKnownHostsFile=${pkgs.writeText "known_hosts" "git.clerie.de ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIHQDwfRlw6L+pkLjXDgW2BUWlY1zNEDtVhNEsClgqaL"} -i %d/nixfiles-updated-inputs-ssh"; GIT_SSH_COMMAND = "ssh -o UserKnownHostsFile=${pkgs.writeText "known_hosts" "git.clerie.de ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIHQDwfRlw6L+pkLjXDgW2BUWlY1zNEDtVhNEsClgqaL"} -i %d/clerie-update-nixfiles-ssh";
# nix likes a home directory to place the cache there # nix likes a home directory to place the cache there
HOME = "/var/lib/nixfiles-updated-inputs"; HOME = "/var/lib/clerie-update-nixfiles";
}; };
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
ExecStart = pkgs.nixfiles-updated-inputs + "/bin/nixfiles-updated-inputs"; ExecStart = pkgs.clerie-update-nixfiles + "/bin/clerie-update-nixfiles";
StateDirectory = "nixfiles-updated-inputs"; StateDirectory = "clerie-update-nixfiles";
WorkingDirectory = "/var/lib/nixfiles-updated-inputs"; WorkingDirectory = "/var/lib/clerie-update-nixfiles";
DynamicUser = true; DynamicUser = true;
# this sets the correct file permissions for the ssh key because we use DynamicUser # this sets the correct file permissions for the ssh key because we use DynamicUser
LoadCredential = "nixfiles-updated-inputs-ssh:${config.age.secrets."nixfiles-updated-inputs-ssh".path}"; LoadCredential = "clerie-update-nixfiles-ssh:${config.age.secrets."clerie-update-nixfiles-ssh".path}";
}; };
startAt = "*-*-* 03:03:00"; startAt = "*-*-* 03:03:00";
}; };

View File

@ -35,7 +35,7 @@ in
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
ExecStart = pkgs.nixfiles-system-upgrade + "/bin/nixfiles-system-upgrade --no-confirm${optionalString cfg.allowReboot " --allow-reboot"}${optionalString (config.clerie.monitoring.enable) " --node-exporter-metrics-path /var/lib/prometheus-node-exporter/textfiles/nixfiles-system-upgrade.prom"}"; ExecStart = pkgs.clerie-system-upgrade + "/bin/clerie-system-upgrade --no-confirm${optionalString cfg.allowReboot " --allow-reboot"}${optionalString (config.clerie.monitoring.enable) " --node-exporter-metrics-path /var/lib/prometheus-node-exporter/textfiles/clerie-system-upgrade.prom"}";
}; };
}; };
systemd.timers.clerie-system-auto-upgrade = mkIf cfg.autoUpgrade { systemd.timers.clerie-system-auto-upgrade = mkIf cfg.autoUpgrade {
@ -47,7 +47,7 @@ in
after = [ "network-online.target" ]; after = [ "network-online.target" ];
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
nixfiles-system-upgrade clerie-system-upgrade
]; ];
}; };
} }

View File

@ -1,8 +1,8 @@
{ pkgs, ... }: { pkgs, ... }:
pkgs.writeShellApplication { pkgs.writeShellApplication {
name = "nixfiles-system-upgrade"; name = "clerie-system-upgrade";
text = builtins.readFile ./nixfiles-system-upgrade.sh; text = builtins.readFile ./clerie-system-upgrade.sh;
runtimeInputs = with pkgs; [ runtimeInputs = with pkgs; [
curl curl
jq jq

View File

@ -55,7 +55,7 @@ echo "Set as boot target"
if [[ -n "$NODE_EXPORTER_METRICS_PATH" ]]; then if [[ -n "$NODE_EXPORTER_METRICS_PATH" ]]; then
echo "Write monitoring check data" echo "Write monitoring check data"
echo "nixfiles_system_upgrade_last_check $(date +%s)" > "$NODE_EXPORTER_METRICS_PATH" echo "clerie_system_upgrade_last_check $(date +%s)" > "$NODE_EXPORTER_METRICS_PATH"
fi fi
BOOTED_SYSTEM_KERNEL="$(readlink /run/booted-system/{initrd,kernel,kernel-modules})" BOOTED_SYSTEM_KERNEL="$(readlink /run/booted-system/{initrd,kernel,kernel-modules})"

View File

@ -1,8 +1,8 @@
{ pkgs, ... }: { pkgs, ... }:
pkgs.writeShellApplication { pkgs.writeShellApplication {
name = "nixfiles-updated-inputs"; name = "clerie-update-nixfiles";
text = builtins.readFile ./nixfiles-updated-inputs.sh; text = builtins.readFile ./clerie-update-nixfiles.sh;
runtimeInputs = with pkgs; [ runtimeInputs = with pkgs; [
git git
nix nix

View File

@ -3,7 +3,7 @@
set -euo pipefail set -euo pipefail
xgit() { xgit() {
git -c "user.name=Flake Update Bot" -c "user.email=flake-update-bot@clerie.de" "$@" git -c "user.name=Flake Update Bot" -c "user.email=flake-update-bot@clerie.de" -c "core.pager=cat" "$@"
} }
NOW="$(date --utc +%Y-%m-%d-%H-%M)" NOW="$(date --utc +%Y-%m-%d-%H-%M)"
@ -25,8 +25,19 @@ nix flake lock --update-input nixpkgs
echo "[!] Commit changes" echo "[!] Commit changes"
xgit add flake.lock xgit add flake.lock
xgit commit -m "Update nixpkgs ${NOW}" || true xgit commit -m "Update nixpkgs ${NOW}" || true
xgit diff --name-status origin/updated-inputs "${UPDATE_BRANCH}"
echo "[!] biep"
if xgit diff --quiet origin/updated-inputs "${UPDATE_BRANCH}"
then
echo "[!] Nothing changed, removing branch"
xgit branch -D "${UPDATE_BRANCH}"
exit 0
fi
echo "[!] Publish ${UPDATE_BRANCH}" echo "[!] Publish ${UPDATE_BRANCH}"
xgit push --set-upstream origin "${UPDATE_BRANCH}" xgit push --set-upstream origin "${UPDATE_BRANCH}"

View File

@ -1,4 +1,6 @@
final: prev: { final: prev: {
clerie-system-upgrade = final.callPackage ./clerie-system-upgrade/clerie-system-upgrade.nix {};
clerie-update-nixfiles = final.callPackage ./clerie-update-nixfiles/clerie-update-nixfiles.nix {};
chromium-incognito = final.callPackage ./chromium-incognito {}; chromium-incognito = final.callPackage ./chromium-incognito {};
iot-data = final.python3.pkgs.callPackage ./iot-data {}; iot-data = final.python3.pkgs.callPackage ./iot-data {};
nix-remove-result-links = final.callPackage ./nix-remove-result-links {}; nix-remove-result-links = final.callPackage ./nix-remove-result-links {};
@ -6,8 +8,6 @@ final: prev: {
nixfiles-auto-install = final.callPackage ./nixfiles/nixfiles-auto-install.nix {}; nixfiles-auto-install = final.callPackage ./nixfiles/nixfiles-auto-install.nix {};
nixfiles-generate-backup-secrets = final.callPackage ./nixfiles/nixfiles-generate-backup-secrets.nix {}; nixfiles-generate-backup-secrets = final.callPackage ./nixfiles/nixfiles-generate-backup-secrets.nix {};
nixfiles-generate-config = final.callPackage ./nixfiles/nixfiles-generate-config.nix {}; nixfiles-generate-config = final.callPackage ./nixfiles/nixfiles-generate-config.nix {};
nixfiles-system-upgrade = final.callPackage ./nixfiles/nixfiles-system-upgrade.nix {};
nixfiles-updated-inputs = final.callPackage ./nixfiles/nixfiles-updated-inputs.nix {};
nixfiles-update-ssh-host-keys = final.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {}; nixfiles-update-ssh-host-keys = final.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {};
update-from-hydra = final.callPackage ./update-from-hydra {}; update-from-hydra = final.callPackage ./update-from-hydra {};
uptimestatus = final.python3.pkgs.callPackage ./uptimestatus {}; uptimestatus = final.python3.pkgs.callPackage ./uptimestatus {};