Add autopull service for testing & pre-commit-hooks (#4)

* configure programs for photon * sops fix * Add flake-update-service for testing Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Add sops config Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * add photon password * Fix user password Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * actually fix user config Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * change password for user dennis * removed user password * fixed yaml secrets * yaml is silly, fix my yamls pls Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * quickfix * Enforce systemdboot on palatine-hill Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * reconfigure photon * Fix ZFS config on palatine-hill Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Fix systemd-boot on palatine-hill Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * sops update-keys Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Fix botched merge Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Add custom ssh command Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Fix option name, add package dependency Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Fix option name, add dependency Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * ssh-key path to str Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Fix git command Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Set up nixpkgs.fmt Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Allow autopull to trigger a rebuild Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Revert triggerRebuild on palatine-hill, add clarifying comment Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Attempt pre-commit hooks Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Increase pull frequency Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Fix duplicate flake-utils url Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Add fmt hook Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * add nix-flake-check hook Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Remove unnecessary flake-utils import by name Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Trying to setup inputs for nix-pre-commit Co-authored-by: Dennis <52411861+DerDennisOP@users.noreply.github.com> * Fixing input with flake inputs Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * make autopull service default and fix flake check hook Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Remove pre-commit-config.yml from gitignore that decision seems to be something from one of my previous attempts at this. Given that the config is needed for this to work it only makes sense to have it. /.pre-commit-config.yaml /.pre-commit-config.yaml Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Rollback previous commit. yml file is a softlink Signed-off-by: ahuston-0 <aliceghuston@gmail.com> --------- Signed-off-by: ahuston-0 <aliceghuston@gmail.com> Co-authored-by: Dennis Wuitz <dennish@wuitz.de> Co-authored-by: Dennis <52411861+DerDennisOP@users.noreply.github.com>
2024-01-01 12:41:32 -05:00
parent d5bd40ed67
commit 477b4cf466
5 changed files with 148 additions and 8 deletions
--- a/.gitignore
+++ b/.gitignore
@ -5,3 +5,5 @@
 *.retry
 result
 result-*
+
+/.pre-commit-config.yaml
--- a/flake.lock
+++ b/flake.lock
@ -2,7 +2,9 @@
  "nodes": {
    "flake-utils": {
      "inputs": {
-        "systems": "systems"
+        "systems": [
+          "systems"
+        ]
      },
      "locked": {
        "lastModified": 1701680307,
@ -38,6 +40,29 @@
        "type": "github"
      }
    },
+    "nix-pre-commit": {
+      "inputs": {
+        "flake-utils": [
+          "flake-utils"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1653259102,
+        "narHash": "sha256-XfCEu4zur/N2Dk4v8wFiQAgJ7bgNqPqwWp1vBXkeczM=",
+        "owner": "jmgilman",
+        "repo": "nix-pre-commit",
+        "rev": "6a99b2711c7eac9960939d8eb91e84322b22d50c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "jmgilman",
+        "repo": "nix-pre-commit",
+        "type": "github"
+      }
+    },
    "nixos-hardware": {
      "locked": {
        "lastModified": 1703879120,
@ -110,11 +135,13 @@
      "inputs": {
        "flake-utils": "flake-utils",
        "home-manager": "home-manager",
+        "nix-pre-commit": "nix-pre-commit",
        "nixos-hardware": "nixos-hardware",
        "nixos-modules": "nixos-modules",
        "nixpkgs": "nixpkgs",
        "patch-bitwarden-directory-connector": "patch-bitwarden-directory-connector",
-        "sops-nix": "sops-nix"
+        "sops-nix": "sops-nix",
+        "systems": "systems"
      }
    },
    "sops-nix": {
--- a/flake.nix
+++ b/flake.nix
@ -7,7 +7,15 @@
    patch-bitwarden-directory-connector.url = "github:Silver-Golden/nixpkgs/bitwarden-directory-connector_pkgs";

    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
-    flake-utils.url = "github:numtide/flake-utils";
+
+    flake-utils = {
+      url = "github:numtide/flake-utils";
+      inputs.systems.follows = "systems";
+    };
+
+    systems = {
+      url = "github:nix-systems/default";
+    };

    nixos-modules = {
      url = "github:SuperSandro2000/nixos-modules";
@ -26,16 +34,48 @@
        nixpkgs-stable.follows = "nixpkgs";
      };
    };
+    nix-pre-commit = {
+      url = "github:jmgilman/nix-pre-commit";
+      inputs = {
+        nixpkgs.follows = "nixpkgs";
+        flake-utils.follows = "flake-utils";
+      };
+    };
  };

-  outputs = { nixpkgs, nixos-modules, home-manager, sops-nix, ... }@inputs:
+  outputs = { nixpkgs, nixos-modules, home-manager, sops-nix, nix-pre-commit, ... }@inputs:
    let
      inherit (nixpkgs) lib;
      src = builtins.filterSource (path: type: type == "directory" || lib.hasSuffix ".nix" (baseNameOf path)) ./.;
      ls = dir: lib.attrNames (builtins.readDir (src + "/${dir}"));
      fileList = dir: map (file: ./. + "/${dir}/${file}") (ls dir);
+
+
+      config = {
+        repos = [
+          {
+            repo = "local";
+            hooks = [
+              {
+                id = "nixpkgs-fmt";
+                entry = "${nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt}/bin/nixpkgs-fmt";
+                language = "system";
+                files = "\\.nix";
+              }
+              {
+                id = "nix-flake-check";
+                entry = "nix flake check";
+                language = "system";
+                files = "\\.nix";
+                pass_filenames = false;
+              }
+            ];
+          }
+        ];
+      };
    in
    {
+      formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
      nixosConfigurations =
        let
          constructSystem =
@ -108,7 +148,6 @@
            ];
          };
        };
-
      devShell = lib.mapAttrs
        (system: sopsPkgs:
          with nixpkgs.legacyPackages.${system};
@ -118,6 +157,9 @@
              apacheHttpd
              sopsPkgs.sops-import-keys-hook
            ];
+            shellHook = (nix-pre-commit.lib.${system}.mkConfig {
+              inherit pkgs config;
+            }).shellHook;
          }
        )
        sops-nix.packages;
--- a/modules/flake-update-service.nix
+++ b/modules/flake-update-service.nix
@ -0,0 +1,64 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.services.autopull;
+in
+{
+  options = {
+    services.autopull = {
+      enable = lib.mkEnableOption "autopull";
+      name = lib.mkOption {
+        type = lib.types.str;
+        default = "dotfiles";
+        description = "A name for the service which needs to be pulled";
+      };
+      path = lib.mkOption {
+        type = lib.types.nullOr lib.types.path;
+        default = null;
+        description = "Path that needs to be updated via git pull";
+      };
+      frequency = lib.mkOption {
+        type = lib.types.str;
+        description = "systemd-timer compatible time between pulls";
+        default = "1h";
+      };
+      ssh-key = lib.mkOption {
+        type = lib.types.str;
+        description = "ssh-key used to pull the repository";
+      };
+      triggersRebuild = lib.mkOption {
+        type = lib.types.bool;
+        default = false;
+        description = ''Whether or not the rebuild service should be triggered after pulling. Note that system.autoUpgrade must be pointed at the same directory as this service if you'd like to use this option.'';
+      };
+    };
+  };
+
+  # implementation
+  config = lib.mkIf (cfg.enable && !(builtins.isNull cfg.path)) {
+    systemd.services."autopull@${cfg.name}" = {
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+      description = "Pull the latest data for ${cfg.name}";
+      serviceConfig = {
+        Type = "oneshot";
+        # TODO: See how we can migrate this to DynamicUser=yes instead
+        User = "root";
+        WorkingDirectory = cfg.path;
+        Environment = lib.mkIf (cfg.ssh-key != "") "GIT_SSH_COMMAND=${pkgs.openssh}/bin/ssh -i ${cfg.ssh-key} -o IdentitiesOnly=yes";
+        ExecStart = "${pkgs.git}/bin/git pull --all";
+        Before = "nixos-upgrade.service";
+        Wants = "nixos-upgrade.service";
+      };
+    };
+    systemd.timers."autopull@${cfg.name}" = {
+      wantedBy = [ "timers.target" ];
+      timerConfig = {
+        OnBootSec = cfg.frequency;
+        OnUnitActiveSec = cfg.frequency;
+        Unit = "autopull@${cfg.name}.service";
+      };
+    };
+    environment.systemPackages = [ pkgs.openssh pkgs.git ];
+  };
+}
--- a/systems/configuration.nix
+++ b/systems/configuration.nix
@ -85,6 +85,11 @@
        ];
      };
    };
+    autopull = {
+      enable = true;
+      path = /root/dotfiles;
+      ssh-key = "/root/.ssh/id_ed25519_ghdeploy";
+    };
  };

  nixpkgs.config.allowUnfree = true;