From 477b4cf4666178813320256acf53f66173ea3366 Mon Sep 17 00:00:00 2001 From: Alice Huston Date: Mon, 1 Jan 2024 12:41:32 -0500 Subject: [PATCH] Add autopull service for testing & pre-commit-hooks (#4) * configure programs for photon * sops fix * Add flake-update-service for testing Signed-off-by: ahuston-0 * Add sops config Signed-off-by: ahuston-0 * add photon password * Fix user password Signed-off-by: ahuston-0 * actually fix user config Signed-off-by: ahuston-0 * change password for user dennis * removed user password * fixed yaml secrets * yaml is silly, fix my yamls pls Signed-off-by: ahuston-0 * quickfix * Enforce systemdboot on palatine-hill Signed-off-by: ahuston-0 * reconfigure photon * Fix ZFS config on palatine-hill Signed-off-by: ahuston-0 * Fix systemd-boot on palatine-hill Signed-off-by: ahuston-0 * sops update-keys Signed-off-by: ahuston-0 * Fix botched merge Signed-off-by: ahuston-0 * Add custom ssh command Signed-off-by: ahuston-0 * Fix option name, add package dependency Signed-off-by: ahuston-0 * Fix option name, add dependency Signed-off-by: ahuston-0 * ssh-key path to str Signed-off-by: ahuston-0 * Fix git command Signed-off-by: ahuston-0 * Set up nixpkgs.fmt Signed-off-by: ahuston-0 * Allow autopull to trigger a rebuild Signed-off-by: ahuston-0 * Revert triggerRebuild on palatine-hill, add clarifying comment Signed-off-by: ahuston-0 * Attempt pre-commit hooks Signed-off-by: ahuston-0 * Increase pull frequency Signed-off-by: ahuston-0 * Fix duplicate flake-utils url Signed-off-by: ahuston-0 * Add fmt hook Signed-off-by: ahuston-0 * add nix-flake-check hook Signed-off-by: ahuston-0 * Remove unnecessary flake-utils import by name Signed-off-by: ahuston-0 * Trying to setup inputs for nix-pre-commit Co-authored-by: Dennis <52411861+DerDennisOP@users.noreply.github.com> * Fixing input with flake inputs Signed-off-by: ahuston-0 * make autopull service default and fix flake check hook Signed-off-by: ahuston-0 * Remove pre-commit-config.yml from gitignore that decision seems to be something from one of my previous attempts at this. Given that the config is needed for this to work it only makes sense to have it. /.pre-commit-config.yaml /.pre-commit-config.yaml Signed-off-by: ahuston-0 * Rollback previous commit. yml file is a softlink Signed-off-by: ahuston-0 --------- Signed-off-by: ahuston-0 Co-authored-by: Dennis Wuitz Co-authored-by: Dennis <52411861+DerDennisOP@users.noreply.github.com> --- .gitignore | 4 +- flake.lock | 31 +++++++++++++++- flake.nix | 52 +++++++++++++++++++++++--- modules/flake-update-service.nix | 64 ++++++++++++++++++++++++++++++++ systems/configuration.nix | 5 +++ 5 files changed, 148 insertions(+), 8 deletions(-) create mode 100644 modules/flake-update-service.nix diff --git a/.gitignore b/.gitignore index 250e145..2d32595 100644 --- a/.gitignore +++ b/.gitignore @@ -4,4 +4,6 @@ .*.swp *.retry result -result-* \ No newline at end of file +result-* + +/.pre-commit-config.yaml diff --git a/flake.lock b/flake.lock index bfd4a8f..af24457 100644 --- a/flake.lock +++ b/flake.lock @@ -2,7 +2,9 @@ "nodes": { "flake-utils": { "inputs": { - "systems": "systems" + "systems": [ + "systems" + ] }, "locked": { "lastModified": 1701680307, @@ -38,6 +40,29 @@ "type": "github" } }, + "nix-pre-commit": { + "inputs": { + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1653259102, + "narHash": "sha256-XfCEu4zur/N2Dk4v8wFiQAgJ7bgNqPqwWp1vBXkeczM=", + "owner": "jmgilman", + "repo": "nix-pre-commit", + "rev": "6a99b2711c7eac9960939d8eb91e84322b22d50c", + "type": "github" + }, + "original": { + "owner": "jmgilman", + "repo": "nix-pre-commit", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1703879120, @@ -110,11 +135,13 @@ "inputs": { "flake-utils": "flake-utils", "home-manager": "home-manager", + "nix-pre-commit": "nix-pre-commit", "nixos-hardware": "nixos-hardware", "nixos-modules": "nixos-modules", "nixpkgs": "nixpkgs", "patch-bitwarden-directory-connector": "patch-bitwarden-directory-connector", - "sops-nix": "sops-nix" + "sops-nix": "sops-nix", + "systems": "systems" } }, "sops-nix": { diff --git a/flake.nix b/flake.nix index dc0bf01..f76264d 100644 --- a/flake.nix +++ b/flake.nix @@ -3,11 +3,19 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - + patch-bitwarden-directory-connector.url = "github:Silver-Golden/nixpkgs/bitwarden-directory-connector_pkgs"; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; - flake-utils.url = "github:numtide/flake-utils"; + + flake-utils = { + url = "github:numtide/flake-utils"; + inputs.systems.follows = "systems"; + }; + + systems = { + url = "github:nix-systems/default"; + }; nixos-modules = { url = "github:SuperSandro2000/nixos-modules"; @@ -26,16 +34,48 @@ nixpkgs-stable.follows = "nixpkgs"; }; }; + nix-pre-commit = { + url = "github:jmgilman/nix-pre-commit"; + inputs = { + nixpkgs.follows = "nixpkgs"; + flake-utils.follows = "flake-utils"; + }; + }; }; - outputs = { nixpkgs, nixos-modules, home-manager, sops-nix, ... }@inputs: + outputs = { nixpkgs, nixos-modules, home-manager, sops-nix, nix-pre-commit, ... }@inputs: let inherit (nixpkgs) lib; src = builtins.filterSource (path: type: type == "directory" || lib.hasSuffix ".nix" (baseNameOf path)) ./.; ls = dir: lib.attrNames (builtins.readDir (src + "/${dir}")); fileList = dir: map (file: ./. + "/${dir}/${file}") (ls dir); + + + config = { + repos = [ + { + repo = "local"; + hooks = [ + { + id = "nixpkgs-fmt"; + entry = "${nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt}/bin/nixpkgs-fmt"; + language = "system"; + files = "\\.nix"; + } + { + id = "nix-flake-check"; + entry = "nix flake check"; + language = "system"; + files = "\\.nix"; + pass_filenames = false; + } + ]; + } + ]; + }; in { + formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt; nixosConfigurations = let constructSystem = @@ -46,7 +86,7 @@ , }: lib.nixosSystem { inherit system lib; - + modules = [ { nixpkgs.overlays = [ @@ -108,7 +148,6 @@ ]; }; }; - devShell = lib.mapAttrs (system: sopsPkgs: with nixpkgs.legacyPackages.${system}; @@ -118,6 +157,9 @@ apacheHttpd sopsPkgs.sops-import-keys-hook ]; + shellHook = (nix-pre-commit.lib.${system}.mkConfig { + inherit pkgs config; + }).shellHook; } ) sops-nix.packages; diff --git a/modules/flake-update-service.nix b/modules/flake-update-service.nix new file mode 100644 index 0000000..e11c6f4 --- /dev/null +++ b/modules/flake-update-service.nix @@ -0,0 +1,64 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.services.autopull; +in +{ + options = { + services.autopull = { + enable = lib.mkEnableOption "autopull"; + name = lib.mkOption { + type = lib.types.str; + default = "dotfiles"; + description = "A name for the service which needs to be pulled"; + }; + path = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; + description = "Path that needs to be updated via git pull"; + }; + frequency = lib.mkOption { + type = lib.types.str; + description = "systemd-timer compatible time between pulls"; + default = "1h"; + }; + ssh-key = lib.mkOption { + type = lib.types.str; + description = "ssh-key used to pull the repository"; + }; + triggersRebuild = lib.mkOption { + type = lib.types.bool; + default = false; + description = ''Whether or not the rebuild service should be triggered after pulling. Note that system.autoUpgrade must be pointed at the same directory as this service if you'd like to use this option.''; + }; + }; + }; + + # implementation + config = lib.mkIf (cfg.enable && !(builtins.isNull cfg.path)) { + systemd.services."autopull@${cfg.name}" = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + description = "Pull the latest data for ${cfg.name}"; + serviceConfig = { + Type = "oneshot"; + # TODO: See how we can migrate this to DynamicUser=yes instead + User = "root"; + WorkingDirectory = cfg.path; + Environment = lib.mkIf (cfg.ssh-key != "") "GIT_SSH_COMMAND=${pkgs.openssh}/bin/ssh -i ${cfg.ssh-key} -o IdentitiesOnly=yes"; + ExecStart = "${pkgs.git}/bin/git pull --all"; + Before = "nixos-upgrade.service"; + Wants = "nixos-upgrade.service"; + }; + }; + systemd.timers."autopull@${cfg.name}" = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnBootSec = cfg.frequency; + OnUnitActiveSec = cfg.frequency; + Unit = "autopull@${cfg.name}.service"; + }; + }; + environment.systemPackages = [ pkgs.openssh pkgs.git ]; + }; +} diff --git a/systems/configuration.nix b/systems/configuration.nix index 4d4c681..2561d8d 100644 --- a/systems/configuration.nix +++ b/systems/configuration.nix @@ -85,6 +85,11 @@ ]; }; }; + autopull = { + enable = true; + path = /root/dotfiles; + ssh-key = "/root/.ssh/id_ed25519_ghdeploy"; + }; }; nixpkgs.config.allowUnfree = true;