2024-07-24 19:05:26 +10:00
|
|
|
{
|
|
|
|
|
pkgs,
|
|
|
|
|
lib,
|
|
|
|
|
inputs,
|
|
|
|
|
config,
|
|
|
|
|
...
|
|
|
|
|
}:
|
2020-01-15 00:15:23 -08:00
|
|
|
let
|
2023-05-17 08:03:45 +10:00
|
|
|
userLib = import "${toString inputs.self}/users/lib.nix" { inherit lib; };
|
2020-01-15 00:15:23 -08:00
|
|
|
|
2022-07-28 20:47:41 -07:00
|
|
|
nixpkgs-update-bin = "/var/lib/nixpkgs-update/bin/nixpkgs-update";
|
2020-08-01 09:54:23 -07:00
|
|
|
|
2020-01-15 00:15:23 -08:00
|
|
|
nixpkgsUpdateSystemDependencies = with pkgs; [
|
2020-07-21 06:28:51 -07:00
|
|
|
nix # for nix-shell used by python packges to update fetchers
|
2020-10-11 07:21:54 -07:00
|
|
|
git # used by update-scripts
|
2023-01-05 22:19:38 -08:00
|
|
|
openssh # used by git
|
2020-03-29 23:59:38 -07:00
|
|
|
gnugrep
|
2021-08-21 10:25:47 -07:00
|
|
|
gnused
|
2020-02-05 20:33:57 -08:00
|
|
|
curl
|
2021-10-26 10:10:29 -07:00
|
|
|
getent # used by hub
|
2023-05-07 11:07:50 +10:00
|
|
|
cachix
|
2023-08-30 17:50:41 -04:00
|
|
|
apacheHttpd # for rotatelogs, used by worker script
|
2023-09-14 14:10:25 -04:00
|
|
|
socat # used by worker script
|
2020-08-01 09:54:23 -07:00
|
|
|
];
|
2020-01-15 00:15:23 -08:00
|
|
|
|
2022-07-27 19:34:53 -07:00
|
|
|
mkWorker = name: {
|
2024-07-24 19:05:26 +10:00
|
|
|
after = [
|
|
|
|
|
"network-online.target"
|
|
|
|
|
"nixpkgs-update-supervisor.service"
|
|
|
|
|
];
|
2024-01-22 13:07:47 +10:00
|
|
|
wants = [ "network-online.target" ];
|
2022-07-27 19:34:53 -07:00
|
|
|
wantedBy = [ "multi-user.target" ];
|
2021-08-12 21:43:34 -07:00
|
|
|
description = "nixpkgs-update ${name} service";
|
2020-06-13 20:23:50 -07:00
|
|
|
enable = true;
|
2022-07-27 19:34:53 -07:00
|
|
|
restartIfChanged = true;
|
2020-01-15 00:15:23 -08:00
|
|
|
path = nixpkgsUpdateSystemDependencies;
|
2022-07-27 19:34:53 -07:00
|
|
|
environment.XDG_CONFIG_HOME = "/var/lib/nixpkgs-update/worker";
|
|
|
|
|
environment.XDG_CACHE_HOME = "/var/cache/nixpkgs-update/worker";
|
2022-09-07 15:53:26 -07:00
|
|
|
environment.XDG_RUNTIME_DIR = "/run/nixpkgs-update-worker"; # for nix-update update scripts
|
2020-01-15 00:15:23 -08:00
|
|
|
|
2021-01-03 00:07:49 +01:00
|
|
|
serviceConfig = {
|
2020-10-11 10:07:31 -07:00
|
|
|
Type = "simple";
|
|
|
|
|
User = "r-ryantm";
|
|
|
|
|
Group = "r-ryantm";
|
2023-10-01 12:49:28 +10:00
|
|
|
Restart = "on-failure";
|
2022-07-27 19:34:53 -07:00
|
|
|
RestartSec = "5s";
|
|
|
|
|
WorkingDirectory = "/var/lib/nixpkgs-update/worker";
|
|
|
|
|
StateDirectory = "nixpkgs-update/worker";
|
2020-10-11 10:07:31 -07:00
|
|
|
StateDirectoryMode = "700";
|
2022-07-27 19:34:53 -07:00
|
|
|
CacheDirectory = "nixpkgs-update/worker";
|
2020-10-11 10:07:31 -07:00
|
|
|
CacheDirectoryMode = "700";
|
2022-07-27 19:34:53 -07:00
|
|
|
LogsDirectory = "nixpkgs-update/";
|
2020-10-11 10:07:31 -07:00
|
|
|
LogsDirectoryMode = "755";
|
2022-09-07 15:53:26 -07:00
|
|
|
RuntimeDirectory = "nixpkgs-update-worker";
|
2020-10-24 14:00:47 -07:00
|
|
|
RuntimeDirectoryMode = "700";
|
2020-10-11 10:07:31 -07:00
|
|
|
StandardOutput = "journal";
|
|
|
|
|
};
|
2022-07-27 19:34:53 -07:00
|
|
|
|
|
|
|
|
script = ''
|
2023-08-30 17:50:41 -04:00
|
|
|
mkdir -p "$LOGS_DIRECTORY/~workers/"
|
2024-04-27 20:00:24 +10:00
|
|
|
# This is for public logs at nixpkgs-update-logs.nix-community.org/~workers
|
2023-08-30 17:50:41 -04:00
|
|
|
exec > >(rotatelogs -eD "$LOGS_DIRECTORY"'/~workers/%Y-%m-%d-${name}.stdout.log' 86400)
|
|
|
|
|
exec 2> >(rotatelogs -eD "$LOGS_DIRECTORY"'/~workers/%Y-%m-%d-${name}.stderr.log' 86400 >&2)
|
|
|
|
|
|
2023-09-14 14:10:25 -04:00
|
|
|
socket=/run/nixpkgs-update-supervisor/work.sock
|
|
|
|
|
|
|
|
|
|
function run-nixpkgs-update {
|
|
|
|
|
exit_code=0
|
|
|
|
|
set -x
|
2024-01-30 10:48:22 +10:00
|
|
|
timeout 6h ${nixpkgs-update-bin} update-batch --pr --outpaths --nixpkgs-review "$attr_path $payload" || exit_code=$?
|
2023-09-14 14:10:25 -04:00
|
|
|
set +x
|
2023-11-10 22:16:54 -05:00
|
|
|
if [ $exit_code -eq 124 ]; then
|
|
|
|
|
echo "Update was interrupted because it was taking too long."
|
|
|
|
|
fi
|
2023-09-14 14:10:25 -04:00
|
|
|
msg="DONE $attr_path $exit_code"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
msg=READY
|
|
|
|
|
while true; do
|
2023-10-14 19:29:03 -04:00
|
|
|
response=$(echo "$msg" | socat -t5 UNIX-CONNECT:"$socket" - || true)
|
2023-09-14 14:10:25 -04:00
|
|
|
case "$response" in
|
|
|
|
|
"") # connection error; retry
|
|
|
|
|
sleep 5
|
|
|
|
|
;;
|
|
|
|
|
NOJOBS)
|
|
|
|
|
msg=READY
|
|
|
|
|
sleep 60
|
|
|
|
|
;;
|
|
|
|
|
JOB\ *)
|
|
|
|
|
read -r attr_path payload <<< "''${response#JOB }"
|
|
|
|
|
# If one worker is initializing the nixpkgs clone, the other will
|
|
|
|
|
# try to use the incomplete clone, consuming a bunch of jobs and
|
|
|
|
|
# throwing them away. So we use a crude locking mechanism to
|
|
|
|
|
# run only one worker when there isn't a nixpkgs directory yet.
|
|
|
|
|
# Once the directory exists and this initial lock is released,
|
|
|
|
|
# multiple workers can run concurrently.
|
|
|
|
|
lockdir="$XDG_CACHE_HOME/.nixpkgs.lock"
|
|
|
|
|
if [ ! -e "$XDG_CACHE_HOME/nixpkgs" ] && mkdir "$lockdir"; then
|
|
|
|
|
trap 'rmdir "$lockdir"' EXIT
|
|
|
|
|
run-nixpkgs-update
|
|
|
|
|
rmdir "$lockdir"
|
|
|
|
|
trap - EXIT
|
|
|
|
|
continue
|
|
|
|
|
fi
|
|
|
|
|
while [ -e "$lockdir" ]; do
|
|
|
|
|
sleep 10
|
|
|
|
|
done
|
|
|
|
|
run-nixpkgs-update
|
|
|
|
|
esac
|
2022-07-27 19:34:53 -07:00
|
|
|
done
|
|
|
|
|
'';
|
2021-08-12 21:43:34 -07:00
|
|
|
};
|
|
|
|
|
|
2023-09-14 14:10:25 -04:00
|
|
|
mkFetcher = name: cmd: {
|
2022-09-07 15:53:26 -07:00
|
|
|
after = [ "network-online.target" ];
|
2024-01-22 13:07:47 +10:00
|
|
|
wants = [ "network-online.target" ];
|
2024-03-18 13:53:11 +10:00
|
|
|
path = nixpkgsUpdateSystemDependencies ++ [
|
|
|
|
|
# nixpkgs-update-github-releases
|
2024-07-24 19:05:26 +10:00
|
|
|
(pkgs.python3.withPackages (
|
|
|
|
|
p: with p; [
|
|
|
|
|
requests
|
|
|
|
|
dateutil
|
|
|
|
|
libversion
|
|
|
|
|
cachecontrol
|
|
|
|
|
lockfile
|
|
|
|
|
filelock
|
|
|
|
|
]
|
2024-03-18 13:53:11 +10:00
|
|
|
))
|
|
|
|
|
];
|
2022-07-27 19:34:53 -07:00
|
|
|
# API_TOKEN is used by nixpkgs-update-github-releases
|
2024-02-24 14:00:05 +10:00
|
|
|
# using a token from another account so the rate limit doesn't block opening PRs
|
2024-04-17 14:47:56 +10:00
|
|
|
environment.API_TOKEN_FILE = "${config.sops.secrets.github-token-with-username.path}";
|
2022-07-27 19:34:53 -07:00
|
|
|
environment.XDG_CACHE_HOME = "/var/cache/nixpkgs-update/fetcher/";
|
|
|
|
|
|
|
|
|
|
serviceConfig = {
|
|
|
|
|
Type = "simple";
|
|
|
|
|
User = "r-ryantm";
|
|
|
|
|
Group = "r-ryantm";
|
2023-10-01 12:49:28 +10:00
|
|
|
Restart = "on-failure";
|
2023-09-14 14:10:25 -04:00
|
|
|
RestartSec = "30m";
|
|
|
|
|
LogsDirectory = "nixpkgs-update/";
|
|
|
|
|
LogsDirectoryMode = "755";
|
2022-07-27 19:34:53 -07:00
|
|
|
StateDirectory = "nixpkgs-update";
|
|
|
|
|
StateDirectoryMode = "700";
|
2024-04-17 14:47:09 +10:00
|
|
|
CacheDirectory = "nixpkgs-update/fetcher";
|
2022-09-07 15:53:26 -07:00
|
|
|
CacheDirectoryMode = "700";
|
2022-07-27 19:34:53 -07:00
|
|
|
};
|
|
|
|
|
|
2023-09-14 14:10:25 -04:00
|
|
|
script = ''
|
|
|
|
|
mkdir -p "$LOGS_DIRECTORY/~fetchers"
|
|
|
|
|
cd "$LOGS_DIRECTORY/~fetchers"
|
2024-02-13 08:41:02 +10:00
|
|
|
run_name="${name}.$(date +%s).txt"
|
|
|
|
|
rm -f ${name}.*.txt.part
|
|
|
|
|
${cmd} > "$run_name.part"
|
|
|
|
|
rm -f ${name}.*.txt
|
|
|
|
|
mv "$run_name.part" "$run_name"
|
2022-07-27 19:34:53 -07:00
|
|
|
'';
|
2024-02-13 08:41:02 +10:00
|
|
|
startAt = "0/12:10"; # every 12 hours
|
2022-07-27 19:34:53 -07:00
|
|
|
};
|
2021-08-27 13:17:06 -07:00
|
|
|
|
2021-08-12 21:43:34 -07:00
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
users.groups.r-ryantm = { };
|
|
|
|
|
users.users.r-ryantm = {
|
|
|
|
|
useDefaultShell = true;
|
|
|
|
|
isNormalUser = true; # The hub cli seems to really want stuff to be set up like a normal user
|
|
|
|
|
uid = userLib.mkUid "rrtm";
|
|
|
|
|
extraGroups = [ "r-ryantm" ];
|
|
|
|
|
};
|
|
|
|
|
|
2022-07-27 19:34:53 -07:00
|
|
|
systemd.services.nixpkgs-update-delete-done = {
|
2024-02-13 08:41:02 +10:00
|
|
|
startAt = "0/12:10"; # every 12 hours
|
2022-09-07 15:53:26 -07:00
|
|
|
after = [ "network-online.target" ];
|
2024-01-22 13:07:47 +10:00
|
|
|
wants = [ "network-online.target" ];
|
2022-07-27 19:34:53 -07:00
|
|
|
description = "nixpkgs-update delete done branches";
|
|
|
|
|
restartIfChanged = true;
|
|
|
|
|
path = nixpkgsUpdateSystemDependencies;
|
|
|
|
|
environment.XDG_CONFIG_HOME = "/var/lib/nixpkgs-update/worker";
|
|
|
|
|
environment.XDG_CACHE_HOME = "/var/cache/nixpkgs-update/worker";
|
2020-01-15 00:15:23 -08:00
|
|
|
|
2022-07-27 19:34:53 -07:00
|
|
|
serviceConfig = {
|
|
|
|
|
Type = "simple";
|
|
|
|
|
User = "r-ryantm";
|
|
|
|
|
Group = "r-ryantm";
|
|
|
|
|
Restart = "on-abort";
|
|
|
|
|
RestartSec = "5s";
|
|
|
|
|
WorkingDirectory = "/var/lib/nixpkgs-update/worker";
|
|
|
|
|
StateDirectory = "nixpkgs-update/worker";
|
|
|
|
|
StateDirectoryMode = "700";
|
|
|
|
|
CacheDirectoryMode = "700";
|
|
|
|
|
LogsDirectory = "nixpkgs-update/";
|
|
|
|
|
LogsDirectoryMode = "755";
|
|
|
|
|
StandardOutput = "journal";
|
|
|
|
|
};
|
2021-08-12 21:43:34 -07:00
|
|
|
|
2022-07-27 19:34:53 -07:00
|
|
|
script = "${nixpkgs-update-bin} delete-done --delete";
|
2021-08-27 13:17:06 -07:00
|
|
|
};
|
|
|
|
|
|
2023-09-14 14:10:25 -04:00
|
|
|
systemd.services.nixpkgs-update-fetch-repology = mkFetcher "repology" "${nixpkgs-update-bin} fetch-repology";
|
2023-10-08 07:48:28 -07:00
|
|
|
|
2024-03-31 09:14:33 +10:00
|
|
|
systemd.services.nixpkgs-update-fetch-updatescript = mkFetcher "updatescript" "${pkgs.nix}/bin/nix eval --raw -f ${./packages-with-update-script.nix}";
|
2024-03-31 08:03:58 +10:00
|
|
|
systemd.services.nixpkgs-update-fetch-github = mkFetcher "github" "${inputs.nixpkgs-update-github-releases}/main.py";
|
2022-07-27 19:34:53 -07:00
|
|
|
|
|
|
|
|
systemd.services.nixpkgs-update-worker1 = mkWorker "worker1";
|
|
|
|
|
systemd.services.nixpkgs-update-worker2 = mkWorker "worker2";
|
2023-11-30 10:08:26 +10:00
|
|
|
systemd.services.nixpkgs-update-worker3 = mkWorker "worker3";
|
2023-12-13 15:58:55 +10:00
|
|
|
systemd.services.nixpkgs-update-worker4 = mkWorker "worker4";
|
2022-11-10 14:42:41 +01:00
|
|
|
# Too many workers cause out-of-memory.
|
2020-01-15 00:15:23 -08:00
|
|
|
|
2023-09-14 14:10:25 -04:00
|
|
|
systemd.services.nixpkgs-update-supervisor = {
|
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
|
description = "nixpkgs-update supervisor service";
|
|
|
|
|
enable = true;
|
|
|
|
|
restartIfChanged = true;
|
|
|
|
|
path = with pkgs; [
|
|
|
|
|
apacheHttpd
|
2024-04-18 11:36:39 +10:00
|
|
|
(python3.withPackages (ps: [ ps.asyncinotify ]))
|
2023-09-14 14:10:25 -04:00
|
|
|
];
|
|
|
|
|
|
|
|
|
|
serviceConfig = {
|
|
|
|
|
Type = "simple";
|
|
|
|
|
User = "r-ryantm";
|
|
|
|
|
Group = "r-ryantm";
|
|
|
|
|
Restart = "on-failure";
|
|
|
|
|
RestartSec = "5s";
|
|
|
|
|
LogsDirectory = "nixpkgs-update/";
|
|
|
|
|
LogsDirectoryMode = "755";
|
|
|
|
|
RuntimeDirectory = "nixpkgs-update-supervisor/";
|
|
|
|
|
RuntimeDirectoryMode = "755";
|
|
|
|
|
StandardOutput = "journal";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
script = ''
|
|
|
|
|
mkdir -p "$LOGS_DIRECTORY/~supervisor"
|
2024-04-27 20:00:24 +10:00
|
|
|
# This is for public logs at nixpkgs-update-logs.nix-community.org/~supervisor
|
2023-09-14 14:10:25 -04:00
|
|
|
exec > >(rotatelogs -eD "$LOGS_DIRECTORY"'/~supervisor/%Y-%m-%d.stdout.log' 86400)
|
|
|
|
|
exec 2> >(rotatelogs -eD "$LOGS_DIRECTORY"'/~supervisor/%Y-%m-%d.stderr.log' 86400 >&2)
|
2024-04-27 20:00:24 +10:00
|
|
|
# Fetcher output is hosted at nixpkgs-update-logs.nix-community.org/~fetchers
|
2024-04-18 11:36:39 +10:00
|
|
|
python3 ${./supervisor.py} "$LOGS_DIRECTORY/~supervisor/state.db" "$LOGS_DIRECTORY/~fetchers" "$RUNTIME_DIRECTORY/work.sock"
|
2023-09-14 14:10:25 -04:00
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2024-01-29 12:01:38 +10:00
|
|
|
systemd.services.nixpkgs-update-delete-old-logs = {
|
2024-04-08 10:20:20 +10:00
|
|
|
startAt = "daily";
|
2024-02-04 21:08:52 +10:00
|
|
|
# delete logs older than 18 months, delete worker logs older than 3 months, delete empty directories
|
2024-02-04 21:04:34 +10:00
|
|
|
script = ''
|
2024-01-29 12:01:38 +10:00
|
|
|
${pkgs.findutils}/bin/find /var/log/nixpkgs-update -type f -mtime +548 -delete
|
2024-02-04 21:08:52 +10:00
|
|
|
${pkgs.findutils}/bin/find /var/log/nixpkgs-update/~workers -type f -mtime +90 -delete
|
2024-01-29 12:01:38 +10:00
|
|
|
${pkgs.findutils}/bin/find /var/log/nixpkgs-update -type d -empty -delete
|
|
|
|
|
'';
|
2024-04-16 10:47:18 +10:00
|
|
|
serviceConfig.Type = "oneshot";
|
2024-01-29 12:01:38 +10:00
|
|
|
};
|
|
|
|
|
|
2021-09-22 21:21:09 -07:00
|
|
|
systemd.tmpfiles.rules = [
|
2022-08-13 07:33:20 -07:00
|
|
|
"L+ /home/r-ryantm/.gitconfig - - - - ${./gitconfig.txt}"
|
2021-10-26 17:24:07 -07:00
|
|
|
"d /home/r-ryantm/.ssh 700 r-ryantm r-ryantm - -"
|
2022-07-27 19:34:53 -07:00
|
|
|
|
|
|
|
|
"e /var/cache/nixpkgs-update/worker/nixpkgs-review - - - 1d -"
|
|
|
|
|
|
2022-12-21 07:22:45 -08:00
|
|
|
"d /var/lib/nixpkgs-update/bin/ 700 r-ryantm r-ryantm - -"
|
2024-07-24 19:05:26 +10:00
|
|
|
"L+ ${nixpkgs-update-bin} - - - - ${
|
|
|
|
|
inputs.nixpkgs-update.packages.${pkgs.system}.default
|
|
|
|
|
}/bin/nixpkgs-update"
|
2022-07-27 19:34:53 -07:00
|
|
|
];
|
2021-12-05 18:08:09 -08:00
|
|
|
|
2021-10-26 10:10:29 -07:00
|
|
|
sops.secrets.github-r-ryantm-key = {
|
|
|
|
|
path = "/home/r-ryantm/.ssh/id_rsa";
|
|
|
|
|
owner = "r-ryantm";
|
|
|
|
|
group = "r-ryantm";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
sops.secrets.github-r-ryantm-token = {
|
2024-04-17 14:48:38 +10:00
|
|
|
path = "/var/lib/nixpkgs-update/worker/github_token.txt";
|
2021-10-26 10:10:29 -07:00
|
|
|
owner = "r-ryantm";
|
|
|
|
|
group = "r-ryantm";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
sops.secrets.github-token-with-username = {
|
|
|
|
|
owner = "r-ryantm";
|
|
|
|
|
group = "r-ryantm";
|
|
|
|
|
};
|
|
|
|
|
|
2021-12-05 12:18:21 -08:00
|
|
|
sops.secrets.nix-community-cachix = {
|
2024-04-17 16:51:33 +10:00
|
|
|
path = "/var/lib/nixpkgs-update/worker/cachix/cachix.dhall";
|
2021-12-05 18:08:09 -08:00
|
|
|
owner = "r-ryantm";
|
|
|
|
|
group = "r-ryantm";
|
2021-12-05 12:18:21 -08:00
|
|
|
};
|
|
|
|
|
|
2024-05-21 11:10:51 +10:00
|
|
|
# autoindex is truncated on some browsers
|
|
|
|
|
services.nginx.recommendedZstdSettings = false;
|
|
|
|
|
|
2024-04-27 20:00:24 +10:00
|
|
|
services.nginx.virtualHosts."nixpkgs-update-logs.nix-community.org" = {
|
|
|
|
|
forceSSL = true;
|
|
|
|
|
enableACME = true;
|
|
|
|
|
locations."/" = {
|
|
|
|
|
alias = "/var/log/nixpkgs-update/";
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
charset utf-8;
|
|
|
|
|
autoindex on;
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# TODO: permanent redirect r.ryantm.com/log/ -> nixpkgs-update-logs.nix-community.org
|
2020-03-21 19:05:01 -07:00
|
|
|
services.nginx.virtualHosts."r.ryantm.com" = {
|
|
|
|
|
forceSSL = true;
|
|
|
|
|
enableACME = true;
|
|
|
|
|
locations."/log/" = {
|
|
|
|
|
alias = "/var/log/nixpkgs-update/";
|
2020-07-03 20:26:52 -07:00
|
|
|
extraConfig = ''
|
|
|
|
|
charset utf-8;
|
|
|
|
|
autoindex on;
|
|
|
|
|
'';
|
2020-03-21 19:05:01 -07:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2020-01-15 00:15:23 -08:00
|
|
|
}
|
