infra/build01/nixpkgs-update.nix

{ pkgs, lib, config, ... }:

let
  userLib = import ../users/lib.nix { inherit lib; };

  sources = import ../nix/sources.nix;
  nixpkgs-update = (import sources.nixpkgs-update {}).overrideAttrs(old: {
    patches = old.patches or [] ++ [
      ./nixpkgs-update-disable-post-build-hook.patch
    ];
  });

  nixpkgsUpdateSystemDependencies = with pkgs; [
    gnugrep
    cachix
    curl
  ] ++ [ nixpkgs-update ] ++ nixpkgs-update.propagatedBuildInputs;

  nixpkgs-update-github-releases = "${sources.nixpkgs-update-github-releases}/main.py";
  nixpkgs-update-pypi-releases = "${sources.nixpkgs-update-pypi-releases}/main.py";

  nixpkgsUpdateServiceConfigCommon = {
    Type = "oneshot";
    User = "r-ryantm";
    Group = "r-ryantm";
    WorkingDirectory = "/var/lib/nixpkgs-update";
    StateDirectory = "nixpkgs-update";
    StateDirectoryMode = "700";
    CacheDirectory = "nixpkgs-update";
    CacheDirectoryMode = "700";
    LogsDirectory = "nixpkgs-update";
    LogsDirectoryMode = "755";
    StandardOutput = "journal";
  };
in
{
  users.users.r-ryantm.packages = [ pkgs.cachix ];
  users.groups.r-ryantm = {};
  users.users.r-ryantm = {
    useDefaultShell = true;
    isNormalUser = true; # The hub cli seems to really want stuff to be set up like a normal user
    uid = userLib.mkUid "rrtm";
    extraGroups = [ "r-ryantm" ];
  };
  nix.trustedUsers = [
    "r-ryantm"
  ];

  systemd.services.nixpkgs-update = {
    description = "nixpkgs-update service";
    enable = true;
    restartIfChanged = false;
    path = nixpkgsUpdateSystemDependencies;
    environment.XDG_CONFIG_HOME = "/var/lib/nixpkgs-update";
    environment.XDG_CACHE_HOME = "/var/cache/nixpkgs-update";
    # API_TOKEN is used by nixpkgs-update-github-releases
    environment.API_TOKEN_FILE = "/var/lib/nixpkgs-update/github_token_with_username.txt";
    # Used by nixpkgs-update-github-releases to install python dependencies
    # Used by nixpkgs-update-pypi-releases
    environment.NIX_PATH = "nixpkgs=/var/cache/nixpkgs-update/nixpkgs";

    serviceConfig = nixpkgsUpdateServiceConfigCommon;

    script = ''
      nixpkgs-update delete-done --delete
      grep -rl $XDG_CACHE_HOME/nixpkgs -e buildPython | grep default | \
        ${nixpkgs-update-pypi-releases} > /var/lib/nixpkgs-update/packages-to-update.txt
      nixpkgs-update update-list --pr --cve --cachix --outpaths --nixpkgs-review
      nixpkgs-update delete-done --delete
      ${nixpkgs-update-github-releases} > /var/lib/nixpkgs-update/packages-to-update.txt
      nixpkgs-update update-list --pr --cve --cachix --outpaths --nixpkgs-review
      nixpkgs-update delete-done --delete
      nixpkgs-update fetch-repology > /var/lib/nixpkgs-update/packages-to-update.txt
      nixpkgs-update update-list --pr --cve --cachix --outpaths --nixpkgs-review
    '';
  };

  systemd.timers.nixpkgs-update = {
    description = "nixpkgs-update";
    enable = true;
    timerConfig = { OnCalendar = "daily"; };
    wantedBy = [ "timers.target" ];
  };

  services.nginx.virtualHosts."r.ryantm.com" = {
    forceSSL = true;
    enableACME = true;
    locations."/log/" = {
      alias = "/var/log/nixpkgs-update/";
      extraConfig = ''
        charset utf-8;
        autoindex on;
      '';
    };
  };

}
build01: add initial nixpkgs-update configuration (#6) * build01: add initial nixpkgs-update configuration * use niv for nixpkgs-update * nixpkgs-update: now it works! Having to make r-ryantm a normal user is lame, but `hub` needs a regular home directory to work. Eventually I should move away from using hub. The XDG_CONFIG env variables are because nixpkgs-update doesn't detec the systemd XDG-like env variables yet. * nixpkgs-update: add r-ryantm as trusted user and logging config * nixpkgs-update: add cachix * nixpkgs-update: update with niv * nixpkgs-update: fixup cachix config 2020-01-15 00:15:23 -08:00			`{ pkgs, lib, config, ... }:`

			`let`
			`userLib = import ../users/lib.nix { inherit lib; };`

			`sources = import ../nix/sources.nix;`
nixpkgs-update: Disable post build hook with a patch We want to avoid pushing to multiple cachix caches and r-ryantm has it's own already. 2020-04-17 17:34:57 +01:00			`nixpkgs-update = (import sources.nixpkgs-update {}).overrideAttrs(old: {`
			`patches = old.patches or [] ++ [`
			`./nixpkgs-update-disable-post-build-hook.patch`
			`];`
			`});`

build01: add initial nixpkgs-update configuration (#6) * build01: add initial nixpkgs-update configuration * use niv for nixpkgs-update * nixpkgs-update: now it works! Having to make r-ryantm a normal user is lame, but `hub` needs a regular home directory to work. Eventually I should move away from using hub. The XDG_CONFIG env variables are because nixpkgs-update doesn't detec the systemd XDG-like env variables yet. * nixpkgs-update: add r-ryantm as trusted user and logging config * nixpkgs-update: add cachix * nixpkgs-update: update with niv * nixpkgs-update: fixup cachix config 2020-01-15 00:15:23 -08:00			`nixpkgsUpdateSystemDependencies = with pkgs; [`
Add nixpkgs-update-pypi-release 2020-03-29 23:59:38 -07:00			`gnugrep`
build01: add initial nixpkgs-update configuration (#6) * build01: add initial nixpkgs-update configuration * use niv for nixpkgs-update * nixpkgs-update: now it works! Having to make r-ryantm a normal user is lame, but `hub` needs a regular home directory to work. Eventually I should move away from using hub. The XDG_CONFIG env variables are because nixpkgs-update doesn't detec the systemd XDG-like env variables yet. * nixpkgs-update: add r-ryantm as trusted user and logging config * nixpkgs-update: add cachix * nixpkgs-update: update with niv * nixpkgs-update: fixup cachix config 2020-01-15 00:15:23 -08:00			`cachix`
nixpkgs-update: add curl dependency 2020-02-05 20:33:57 -08:00			`curl`
fix nixpkgs-update dependencies and other bugfixes 2020-04-14 21:10:41 -07:00			`] ++ [ nixpkgs-update ] ++ nixpkgs-update.propagatedBuildInputs;`
build01: add initial nixpkgs-update configuration (#6) * build01: add initial nixpkgs-update configuration * use niv for nixpkgs-update * nixpkgs-update: now it works! Having to make r-ryantm a normal user is lame, but `hub` needs a regular home directory to work. Eventually I should move away from using hub. The XDG_CONFIG env variables are because nixpkgs-update doesn't detec the systemd XDG-like env variables yet. * nixpkgs-update: add r-ryantm as trusted user and logging config * nixpkgs-update: add cachix * nixpkgs-update: update with niv * nixpkgs-update: fixup cachix config 2020-01-15 00:15:23 -08:00
[nixpkgs-update] add github source 2020-01-25 15:05:09 -08:00			`nixpkgs-update-github-releases = "${sources.nixpkgs-update-github-releases}/main.py";`
Add nixpkgs-update-pypi-release 2020-03-29 23:59:38 -07:00			`nixpkgs-update-pypi-releases = "${sources.nixpkgs-update-pypi-releases}/main.py";`
[nixpkgs-update] add github source 2020-01-25 15:05:09 -08:00
build01: add initial nixpkgs-update configuration (#6) * build01: add initial nixpkgs-update configuration * use niv for nixpkgs-update * nixpkgs-update: now it works! Having to make r-ryantm a normal user is lame, but `hub` needs a regular home directory to work. Eventually I should move away from using hub. The XDG_CONFIG env variables are because nixpkgs-update doesn't detec the systemd XDG-like env variables yet. * nixpkgs-update: add r-ryantm as trusted user and logging config * nixpkgs-update: add cachix * nixpkgs-update: update with niv * nixpkgs-update: fixup cachix config 2020-01-15 00:15:23 -08:00			`nixpkgsUpdateServiceConfigCommon = {`
			`Type = "oneshot";`
			`User = "r-ryantm";`
			`Group = "r-ryantm";`
			`WorkingDirectory = "/var/lib/nixpkgs-update";`
			`StateDirectory = "nixpkgs-update";`
			`StateDirectoryMode = "700";`
			`CacheDirectory = "nixpkgs-update";`
			`CacheDirectoryMode = "700";`
[nixpkgs-update] automatically run (#8) 2020-01-21 01:55:01 -08:00			`LogsDirectory = "nixpkgs-update";`
nixpkgs-update: serve logs 2020-03-21 19:05:01 -07:00			`LogsDirectoryMode = "755";`
format wiht nixpkgs-fmt 2020-01-22 12:37:13 +01:00			`StandardOutput = "journal";`
build01: add initial nixpkgs-update configuration (#6) * build01: add initial nixpkgs-update configuration * use niv for nixpkgs-update * nixpkgs-update: now it works! Having to make r-ryantm a normal user is lame, but `hub` needs a regular home directory to work. Eventually I should move away from using hub. The XDG_CONFIG env variables are because nixpkgs-update doesn't detec the systemd XDG-like env variables yet. * nixpkgs-update: add r-ryantm as trusted user and logging config * nixpkgs-update: add cachix * nixpkgs-update: update with niv * nixpkgs-update: fixup cachix config 2020-01-15 00:15:23 -08:00			`};`
format wiht nixpkgs-fmt 2020-01-22 12:37:13 +01:00			`in`
			`{`
build01: add initial nixpkgs-update configuration (#6) * build01: add initial nixpkgs-update configuration * use niv for nixpkgs-update * nixpkgs-update: now it works! Having to make r-ryantm a normal user is lame, but `hub` needs a regular home directory to work. Eventually I should move away from using hub. The XDG_CONFIG env variables are because nixpkgs-update doesn't detec the systemd XDG-like env variables yet. * nixpkgs-update: add r-ryantm as trusted user and logging config * nixpkgs-update: add cachix * nixpkgs-update: update with niv * nixpkgs-update: fixup cachix config 2020-01-15 00:15:23 -08:00			`users.users.r-ryantm.packages = [ pkgs.cachix ];`
format wiht nixpkgs-fmt 2020-01-22 12:37:13 +01:00			`users.groups.r-ryantm = {};`
build01: add initial nixpkgs-update configuration (#6) * build01: add initial nixpkgs-update configuration * use niv for nixpkgs-update * nixpkgs-update: now it works! Having to make r-ryantm a normal user is lame, but `hub` needs a regular home directory to work. Eventually I should move away from using hub. The XDG_CONFIG env variables are because nixpkgs-update doesn't detec the systemd XDG-like env variables yet. * nixpkgs-update: add r-ryantm as trusted user and logging config * nixpkgs-update: add cachix * nixpkgs-update: update with niv * nixpkgs-update: fixup cachix config 2020-01-15 00:15:23 -08:00			`users.users.r-ryantm = {`
			`useDefaultShell = true;`
			`isNormalUser = true; # The hub cli seems to really want stuff to be set up like a normal user`
			`uid = userLib.mkUid "rrtm";`
			`extraGroups = [ "r-ryantm" ];`
			`};`
			`nix.trustedUsers = [`
			`"r-ryantm"`
			`];`

			`systemd.services.nixpkgs-update = {`
			`description = "nixpkgs-update service";`
update nixpkgs-update - fix delete-done 2020-06-13 20:23:50 -07:00			`enable = true;`
fix new nixpkgs-update github source it is now working! 2020-01-25 18:33:04 -08:00			`restartIfChanged = false;`
build01: add initial nixpkgs-update configuration (#6) * build01: add initial nixpkgs-update configuration * use niv for nixpkgs-update * nixpkgs-update: now it works! Having to make r-ryantm a normal user is lame, but `hub` needs a regular home directory to work. Eventually I should move away from using hub. The XDG_CONFIG env variables are because nixpkgs-update doesn't detec the systemd XDG-like env variables yet. * nixpkgs-update: add r-ryantm as trusted user and logging config * nixpkgs-update: add cachix * nixpkgs-update: update with niv * nixpkgs-update: fixup cachix config 2020-01-15 00:15:23 -08:00			`path = nixpkgsUpdateSystemDependencies;`
			`environment.XDG_CONFIG_HOME = "/var/lib/nixpkgs-update";`
			`environment.XDG_CACHE_HOME = "/var/cache/nixpkgs-update";`
[nixpkgs-update] add github source 2020-01-25 15:05:09 -08:00			`# API_TOKEN is used by nixpkgs-update-github-releases`
use token file with nixpkgs-update-github-releases 2020-01-25 15:15:27 -08:00			`environment.API_TOKEN_FILE = "/var/lib/nixpkgs-update/github_token_with_username.txt";`
fix new nixpkgs-update github source it is now working! 2020-01-25 18:33:04 -08:00			`# Used by nixpkgs-update-github-releases to install python dependencies`
nixpkgs-update: use XDG_CACHE_HOME for NIX_PATH 2020-05-03 09:00:11 -07:00			`# Used by nixpkgs-update-pypi-releases`
update nixpkgs-update * fix redirectedUrls writer (hopefully) * don't display nixpkgs-review description if no review done 2020-05-06 08:03:22 -07:00			`environment.NIX_PATH = "nixpkgs=/var/cache/nixpkgs-update/nixpkgs";`
build01: add initial nixpkgs-update configuration (#6) * build01: add initial nixpkgs-update configuration * use niv for nixpkgs-update * nixpkgs-update: now it works! Having to make r-ryantm a normal user is lame, but `hub` needs a regular home directory to work. Eventually I should move away from using hub. The XDG_CONFIG env variables are because nixpkgs-update doesn't detec the systemd XDG-like env variables yet. * nixpkgs-update: add r-ryantm as trusted user and logging config * nixpkgs-update: add cachix * nixpkgs-update: update with niv * nixpkgs-update: fixup cachix config 2020-01-15 00:15:23 -08:00
			`serviceConfig = nixpkgsUpdateServiceConfigCommon;`
Add nixpkgs-update-pypi-release 2020-03-29 23:59:38 -07:00
[nixpkgs-update] automatically run (#8) 2020-01-21 01:55:01 -08:00			`script = ''`
nixpkgs-update: enable deletion again 2020-07-03 15:24:05 -07:00			`nixpkgs-update delete-done --delete`
re-enable pypi releases 2020-04-16 13:04:50 -07:00			`grep -rl $XDG_CACHE_HOME/nixpkgs -e buildPython \| grep default \| \`
			`${nixpkgs-update-pypi-releases} > /var/lib/nixpkgs-update/packages-to-update.txt`
			`nixpkgs-update update-list --pr --cve --cachix --outpaths --nixpkgs-review`
nixpkgs-update: enable deletion again 2020-07-03 15:24:05 -07:00			`nixpkgs-update delete-done --delete`
fix new nixpkgs-update github source it is now working! 2020-01-25 18:33:04 -08:00			`${nixpkgs-update-github-releases} > /var/lib/nixpkgs-update/packages-to-update.txt`
update nixpkgs-update * run nixpkgs-review on everything * github token fetching changes * increase python package rebuild limit from 10 to 25 2020-04-13 20:46:33 -07:00			`nixpkgs-update update-list --pr --cve --cachix --outpaths --nixpkgs-review`
nixpkgs-update: enable deletion again 2020-07-03 15:24:05 -07:00			`nixpkgs-update delete-done --delete`
Add nixpkgs-update-pypi-release 2020-03-29 23:59:38 -07:00			`nixpkgs-update fetch-repology > /var/lib/nixpkgs-update/packages-to-update.txt`
update nixpkgs-update * run nixpkgs-review on everything * github token fetching changes * increase python package rebuild limit from 10 to 25 2020-04-13 20:46:33 -07:00			`nixpkgs-update update-list --pr --cve --cachix --outpaths --nixpkgs-review`
[nixpkgs-update] automatically run (#8) 2020-01-21 01:55:01 -08:00			`'';`
build01: add initial nixpkgs-update configuration (#6) * build01: add initial nixpkgs-update configuration * use niv for nixpkgs-update * nixpkgs-update: now it works! Having to make r-ryantm a normal user is lame, but `hub` needs a regular home directory to work. Eventually I should move away from using hub. The XDG_CONFIG env variables are because nixpkgs-update doesn't detec the systemd XDG-like env variables yet. * nixpkgs-update: add r-ryantm as trusted user and logging config * nixpkgs-update: add cachix * nixpkgs-update: update with niv * nixpkgs-update: fixup cachix config 2020-01-15 00:15:23 -08:00			`};`

[nixpkgs-update] automatically run (#8) 2020-01-21 01:55:01 -08:00			`systemd.timers.nixpkgs-update = {`
			`description = "nixpkgs-update";`
update nixpkgs-update - fix delete-done 2020-06-13 20:23:50 -07:00			`enable = true;`
build01: add initial nixpkgs-update configuration (#6) * build01: add initial nixpkgs-update configuration * use niv for nixpkgs-update * nixpkgs-update: now it works! Having to make r-ryantm a normal user is lame, but `hub` needs a regular home directory to work. Eventually I should move away from using hub. The XDG_CONFIG env variables are because nixpkgs-update doesn't detec the systemd XDG-like env variables yet. * nixpkgs-update: add r-ryantm as trusted user and logging config * nixpkgs-update: add cachix * nixpkgs-update: update with niv * nixpkgs-update: fixup cachix config 2020-01-15 00:15:23 -08:00			`timerConfig = { OnCalendar = "daily"; };`
nixpkgs-update: add missing wantedBy to timer Timers need to have wantedBy timers.target to be automatically started by switch-to-configuration. 2020-06-22 21:16:58 -07:00			`wantedBy = [ "timers.target" ];`
build01: add initial nixpkgs-update configuration (#6) * build01: add initial nixpkgs-update configuration * use niv for nixpkgs-update * nixpkgs-update: now it works! Having to make r-ryantm a normal user is lame, but `hub` needs a regular home directory to work. Eventually I should move away from using hub. The XDG_CONFIG env variables are because nixpkgs-update doesn't detec the systemd XDG-like env variables yet. * nixpkgs-update: add r-ryantm as trusted user and logging config * nixpkgs-update: add cachix * nixpkgs-update: update with niv * nixpkgs-update: fixup cachix config 2020-01-15 00:15:23 -08:00			`};`

nixpkgs-update: serve logs 2020-03-21 19:05:01 -07:00			`services.nginx.virtualHosts."r.ryantm.com" = {`
			`forceSSL = true;`
			`enableACME = true;`
			`locations."/log/" = {`
			`alias = "/var/log/nixpkgs-update/";`
nixpkgs-update logs, set charset 2020-07-03 20:26:52 -07:00			`extraConfig = ''`
			`charset utf-8;`
			`autoindex on;`
			`'';`
nixpkgs-update: serve logs 2020-03-21 19:05:01 -07:00			`};`
			`};`

build01: add initial nixpkgs-update configuration (#6) * build01: add initial nixpkgs-update configuration * use niv for nixpkgs-update * nixpkgs-update: now it works! Having to make r-ryantm a normal user is lame, but `hub` needs a regular home directory to work. Eventually I should move away from using hub. The XDG_CONFIG env variables are because nixpkgs-update doesn't detec the systemd XDG-like env variables yet. * nixpkgs-update: add r-ryantm as trusted user and logging config * nixpkgs-update: add cachix * nixpkgs-update: update with niv * nixpkgs-update: fixup cachix config 2020-01-15 00:15:23 -08:00			`}`
No results found.