Compare commits
5 Commits
d835f49a60
...
b045babff4
Author | SHA1 | Date | |
---|---|---|---|
b045babff4 | |||
|
a9e4cc9760 | ||
7a4177f360 | |||
23d05a3e5d | |||
059aaa760b |
109
flake.lock
109
flake.lock
@ -3,18 +3,16 @@
|
||||
"agenix": {
|
||||
"inputs": {
|
||||
"darwin": "darwin",
|
||||
"home-manager": "home-manager",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"systems": "systems"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1707830867,
|
||||
"narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=",
|
||||
"lastModified": 1682101079,
|
||||
"narHash": "sha256-MdAhtjrLKnk2uiqun1FWABbKpLH090oeqCSiWemtuck=",
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6",
|
||||
"rev": "2994d002dcff5353ca1ac48ec584c7f6589fe447",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -43,22 +41,6 @@
|
||||
"url": "https://git.clerie.de/clerie/chaosevents.git"
|
||||
}
|
||||
},
|
||||
"communities": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1706695952,
|
||||
"narHash": "sha256-FlbOBX/+/LLmoqMJLvu59XuHYmiohIhDc1VjkZu4Wzo=",
|
||||
"owner": "NLNOG",
|
||||
"repo": "lg.ring.nlnog.net",
|
||||
"rev": "20f9a9f3da8b1bc9d7046e88c62df4b41b4efb99",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NLNOG",
|
||||
"repo": "lg.ring.nlnog.net",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"darwin": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
@ -67,11 +49,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1700795494,
|
||||
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
|
||||
"lastModified": 1673295039,
|
||||
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
|
||||
"owner": "lnl7",
|
||||
"repo": "nix-darwin",
|
||||
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
|
||||
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -83,18 +65,17 @@
|
||||
},
|
||||
"fernglas": {
|
||||
"inputs": {
|
||||
"communities": "communities",
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1707317562,
|
||||
"narHash": "sha256-0wj5AS8RLVr+S/QWWxCsMvmVjmXUWGfR9kPaZimJEss=",
|
||||
"lastModified": 1700408128,
|
||||
"narHash": "sha256-PLb/q8kIq0wOinkgADHNY6uOB3b3lXQEbLu6ToIFPsU=",
|
||||
"owner": "wobcom",
|
||||
"repo": "fernglas",
|
||||
"rev": "25020466957dbe0e193f7857d827020f5c1aa996",
|
||||
"rev": "407325681e3ad344f6fd05334984a40074aa6347",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -109,11 +90,11 @@
|
||||
"nixpkgs": "nixpkgs"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1703526534,
|
||||
"narHash": "sha256-enuuJ++jVKXMAUuEeetq02oy2guoJfSMYMvy9U0KGD8=",
|
||||
"lastModified": 1687119570,
|
||||
"narHash": "sha256-tZ6hctUdlZzsdg4WA4Fv7C5bNGnotYp0QT+s3rvlIKw=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "3197e4f8d3646a9f7b20a2a38f1abc0a19aa69d2",
|
||||
"revCount": 55,
|
||||
"rev": "cc43776e6dd7eb94962e9f23b8e8282d34597a75",
|
||||
"revCount": 39,
|
||||
"type": "git",
|
||||
"url": "https://git.clerie.de/clerie/fieldpoc.git"
|
||||
},
|
||||
@ -124,14 +105,14 @@
|
||||
},
|
||||
"flake-utils": {
|
||||
"inputs": {
|
||||
"systems": "systems_2"
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1705309234,
|
||||
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
|
||||
"lastModified": 1694529238,
|
||||
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
|
||||
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -140,27 +121,6 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"home-manager": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"agenix",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1703113217,
|
||||
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"mitel-ommclient2": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
@ -204,11 +164,11 @@
|
||||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1709147990,
|
||||
"narHash": "sha256-vpXMWoaCtMYJ7lisJedCRhQG9BSsInEyZnnG5GfY9tQ=",
|
||||
"lastModified": 1686838567,
|
||||
"narHash": "sha256-aqKCUD126dRlVSKV6vWuDCitfjFrZlkwNuvj5LtjRRU=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "33a97b5814d36ddd65ad678ad07ce43b1a67f159",
|
||||
"rev": "429f232fe1dc398c5afea19a51aad6931ee0fb89",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -236,11 +196,11 @@
|
||||
},
|
||||
"nixpkgs-krypton": {
|
||||
"locked": {
|
||||
"lastModified": 1709237383,
|
||||
"narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=",
|
||||
"lastModified": 1707546158,
|
||||
"narHash": "sha256-nYYJTpzfPMDxI8mzhQsYjIUX+grorqjKEU9Np6Xwy/0=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8",
|
||||
"rev": "d934204a0f8d9198e1e4515dd6fec76a139c87f0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -252,11 +212,11 @@
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1710451336,
|
||||
"narHash": "sha256-pP86Pcfu3BrAvRO7R64x7hs+GaQrjFes+mEPowCfkxY=",
|
||||
"lastModified": 1710631334,
|
||||
"narHash": "sha256-rL5LSYd85kplL5othxK5lmAtjyMOBg390sGBTb3LRMM=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "d691274a972b3165335d261cc4671335f5c67de9",
|
||||
"rev": "c75037bbf9093a2acb617804ee46320d6d1fea5a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -313,21 +273,6 @@
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems_2": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
|
@ -112,6 +112,8 @@
|
||||
};
|
||||
in {
|
||||
inherit (pkgs)
|
||||
clerie-system-upgrade
|
||||
clerie-update-nixfiles
|
||||
chromium-incognito
|
||||
iot-data
|
||||
nix-remove-result-links
|
||||
@ -119,8 +121,6 @@
|
||||
nixfiles-auto-install
|
||||
nixfiles-generate-backup-secrets
|
||||
nixfiles-generate-config
|
||||
nixfiles-system-upgrade
|
||||
nixfiles-updated-inputs
|
||||
nixfiles-update-ssh-host-keys
|
||||
update-from-hydra
|
||||
uptimestatus;
|
||||
|
@ -1,20 +1,20 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
systemd.services.nixfiles-updated-inputs = {
|
||||
systemd.services.clerie-update-nixfiles = {
|
||||
environment = {
|
||||
GIT_SSH_COMMAND = "ssh -o UserKnownHostsFile=${pkgs.writeText "known_hosts" "git.clerie.de ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIHQDwfRlw6L+pkLjXDgW2BUWlY1zNEDtVhNEsClgqaL"} -i %d/nixfiles-updated-inputs-ssh";
|
||||
GIT_SSH_COMMAND = "ssh -o UserKnownHostsFile=${pkgs.writeText "known_hosts" "git.clerie.de ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIHQDwfRlw6L+pkLjXDgW2BUWlY1zNEDtVhNEsClgqaL"} -i %d/clerie-update-nixfiles-ssh";
|
||||
# nix likes a home directory to place the cache there
|
||||
HOME = "/var/lib/nixfiles-updated-inputs";
|
||||
HOME = "/var/lib/clerie-update-nixfiles";
|
||||
};
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = pkgs.nixfiles-updated-inputs + "/bin/nixfiles-updated-inputs";
|
||||
StateDirectory = "nixfiles-updated-inputs";
|
||||
WorkingDirectory = "/var/lib/nixfiles-updated-inputs";
|
||||
ExecStart = pkgs.clerie-update-nixfiles + "/bin/clerie-update-nixfiles";
|
||||
StateDirectory = "clerie-update-nixfiles";
|
||||
WorkingDirectory = "/var/lib/clerie-update-nixfiles";
|
||||
DynamicUser = true;
|
||||
# this sets the correct file permissions for the ssh key because we use DynamicUser
|
||||
LoadCredential = "nixfiles-updated-inputs-ssh:${config.age.secrets."nixfiles-updated-inputs-ssh".path}";
|
||||
LoadCredential = "clerie-update-nixfiles-ssh:${config.age.secrets."clerie-update-nixfiles-ssh".path}";
|
||||
};
|
||||
startAt = "*-*-* 03:03:00";
|
||||
};
|
||||
|
@ -35,7 +35,7 @@ in
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = pkgs.nixfiles-system-upgrade + "/bin/nixfiles-system-upgrade --no-confirm${optionalString cfg.allowReboot " --allow-reboot"}${optionalString (config.clerie.monitoring.enable) " --node-exporter-metrics-path /var/lib/prometheus-node-exporter/textfiles/nixfiles-system-upgrade.prom"}";
|
||||
ExecStart = pkgs.clerie-system-upgrade + "/bin/clerie-system-upgrade --no-confirm${optionalString cfg.allowReboot " --allow-reboot"}${optionalString (config.clerie.monitoring.enable) " --node-exporter-metrics-path /var/lib/prometheus-node-exporter/textfiles/clerie-system-upgrade.prom"}";
|
||||
};
|
||||
};
|
||||
systemd.timers.clerie-system-auto-upgrade = mkIf cfg.autoUpgrade {
|
||||
@ -47,7 +47,7 @@ in
|
||||
after = [ "network-online.target" ];
|
||||
};
|
||||
environment.systemPackages = with pkgs; [
|
||||
nixfiles-system-upgrade
|
||||
clerie-system-upgrade
|
||||
];
|
||||
};
|
||||
}
|
||||
|
@ -1,8 +1,8 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
pkgs.writeShellApplication {
|
||||
name = "nixfiles-system-upgrade";
|
||||
text = builtins.readFile ./nixfiles-system-upgrade.sh;
|
||||
name = "clerie-system-upgrade";
|
||||
text = builtins.readFile ./clerie-system-upgrade.sh;
|
||||
runtimeInputs = with pkgs; [
|
||||
curl
|
||||
jq
|
@ -55,7 +55,7 @@ echo "Set as boot target"
|
||||
|
||||
if [[ -n "$NODE_EXPORTER_METRICS_PATH" ]]; then
|
||||
echo "Write monitoring check data"
|
||||
echo "nixfiles_system_upgrade_last_check $(date +%s)" > "$NODE_EXPORTER_METRICS_PATH"
|
||||
echo "clerie_system_upgrade_last_check $(date +%s)" > "$NODE_EXPORTER_METRICS_PATH"
|
||||
fi
|
||||
|
||||
BOOTED_SYSTEM_KERNEL="$(readlink /run/booted-system/{initrd,kernel,kernel-modules})"
|
@ -1,8 +1,8 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
pkgs.writeShellApplication {
|
||||
name = "nixfiles-updated-inputs";
|
||||
text = builtins.readFile ./nixfiles-updated-inputs.sh;
|
||||
name = "clerie-update-nixfiles";
|
||||
text = builtins.readFile ./clerie-update-nixfiles.sh;
|
||||
runtimeInputs = with pkgs; [
|
||||
git
|
||||
nix
|
@ -3,7 +3,7 @@
|
||||
set -euo pipefail
|
||||
|
||||
xgit() {
|
||||
git -c "user.name=Flake Update Bot" -c "user.email=flake-update-bot@clerie.de" "$@"
|
||||
git -c "user.name=Flake Update Bot" -c "user.email=flake-update-bot@clerie.de" -c "core.pager=cat" "$@"
|
||||
}
|
||||
|
||||
NOW="$(date --utc +%Y-%m-%d-%H-%M)"
|
||||
@ -25,8 +25,19 @@ nix flake lock --update-input nixpkgs
|
||||
|
||||
echo "[!] Commit changes"
|
||||
xgit add flake.lock
|
||||
|
||||
xgit commit -m "Update nixpkgs ${NOW}" || true
|
||||
|
||||
xgit diff --name-status origin/updated-inputs "${UPDATE_BRANCH}"
|
||||
|
||||
echo "[!] biep"
|
||||
if xgit diff --quiet origin/updated-inputs "${UPDATE_BRANCH}"
|
||||
then
|
||||
echo "[!] Nothing changed, removing branch"
|
||||
xgit branch -D "${UPDATE_BRANCH}"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo "[!] Publish ${UPDATE_BRANCH}"
|
||||
xgit push --set-upstream origin "${UPDATE_BRANCH}"
|
||||
|
@ -1,4 +1,6 @@
|
||||
final: prev: {
|
||||
clerie-system-upgrade = final.callPackage ./clerie-system-upgrade/clerie-system-upgrade.nix {};
|
||||
clerie-update-nixfiles = final.callPackage ./clerie-update-nixfiles/clerie-update-nixfiles.nix {};
|
||||
chromium-incognito = final.callPackage ./chromium-incognito {};
|
||||
iot-data = final.python3.pkgs.callPackage ./iot-data {};
|
||||
nix-remove-result-links = final.callPackage ./nix-remove-result-links {};
|
||||
@ -6,8 +8,6 @@ final: prev: {
|
||||
nixfiles-auto-install = final.callPackage ./nixfiles/nixfiles-auto-install.nix {};
|
||||
nixfiles-generate-backup-secrets = final.callPackage ./nixfiles/nixfiles-generate-backup-secrets.nix {};
|
||||
nixfiles-generate-config = final.callPackage ./nixfiles/nixfiles-generate-config.nix {};
|
||||
nixfiles-system-upgrade = final.callPackage ./nixfiles/nixfiles-system-upgrade.nix {};
|
||||
nixfiles-updated-inputs = final.callPackage ./nixfiles/nixfiles-updated-inputs.nix {};
|
||||
nixfiles-update-ssh-host-keys = final.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {};
|
||||
update-from-hydra = final.callPackage ./update-from-hydra {};
|
||||
uptimestatus = final.python3.pkgs.callPackage ./uptimestatus {};
|
||||
|
Loading…
Reference in New Issue
Block a user