Merge pull request #25 from timokau/marvin-mk2-init

build01: add initial marvin-mk2 configuration

build01/configuration.nix

@@ -23,6 +23,7 @@ in
     ./hydra-declarative-projects.nix
     ./cache.nix
     ./nixpkgs-update.nix
+    ./marvin-mk2.nix
 
     ../profiles/common.nix
     ../profiles/docker.nix

build01/marvin-mk2.nix

@@ -0,0 +1,58 @@
+{ pkgs, lib, config, ... }:
+let
+  userLib = import ../users/lib.nix { inherit lib; };
+  sources = import ../nix/sources.nix;
+
+  marvinNixpkgs = (import (sources.marvin-mk2.outPath + "/definitions.nix") {}).pkgs;
+
+  marvin-mk2 = marvinNixpkgs.python3.pkgs.buildPythonApplication rec {
+    pname = "marvin-mk2";
+    version = "rolling";
+    src = sources.marvin-mk2;
+
+    propagatedBuildInputs = with marvinNixpkgs.python3.pkgs; [
+      aiohttp
+      gidgethub
+    ];
+  };
+in
+{
+  users.groups.marvin-mk2 = { };
+  users.users.marvin-mk2 = {
+    useDefaultShell = true;
+    uid = userLib.mkUid "mmkt";
+    extraGroups = [ "marvin-mk2" ];
+  };
+
+  systemd.services.marvin-mk2 = {
+    description = "marvin-mk2 service";
+    enable = true;
+    path = [
+      marvin-mk2
+    ];
+    environment.BOT_NAME = "marvin-mk2";
+    environment.PORT = "3001";
+    environment.GH_PRIVATE_KEY_FILE = "/var/lib/marvin-mk2/marvin-mk2-key.pem";
+    environment.GH_APP_ID_FILE = "/var/lib/marvin-mk2/marvin_mk2_id.txt";
+    environment.WEBHOOK_SECRET_FILE = "/var/lib/marvin-mk2/marvin-mk2-webhook-secret.txt";
+
+    serviceConfig = {
+      User = "marvin-mk2";
+      Group = "marvin-mk2";
+      WorkingDirectory = "/var/lib/marvin-mk2";
+      StateDirectory = "marvin-mk2";
+      StateDirectoryMode = "700";
+      CacheDirectory = "marvin-mk2";
+      CacheDirectoryMode = "700";
+      LogsDirectory = "marvin-mk2";
+      LogsDirectoryMode = "755";
+      StandardOutput = "journal";
+    };
+
+    script = ''
+      marvin
+    '';
+
+    wantedBy = [ "multi-user.target" ];
+  };
+}

deployment.nix

@@ -78,6 +78,30 @@ in
           permissions = "0600";
         };
 
+        deployment.keys."marvin-mk2-key.pem" = {
+          text = secrets."marvin-mk2-key.pem";
+          destDir = "/var/lib/marvin-mk2";
+          user = "marvin-mk2";
+          group = "marvin-mk2";
+          permissions = "0600";
+        };
+
+        deployment.keys."marvin_mk2_id.txt" = {
+          text = secrets."marvin_mk2_id.txt";
+          destDir = "/var/lib/marvin-mk2";
+          user = "marvin-mk2";
+          group = "marvin-mk2";
+          permissions = "0600";
+        };
+
+        deployment.keys."marvin-mk2-webhook-secret.txt" = {
+          text = secrets."marvin-mk2-webhook-secret.txt";
+          destDir = "/var/lib/marvin-mk2";
+          user = "marvin-mk2";
+          group = "marvin-mk2";
+          permissions = "0600";
+        };
+
         deployment.keys."cachix.dhall" = {
           text = secrets."cachix.dhall";
           destDir = "/var/lib/nixpkgs-update/cachix";

nix/sources.json

@@ -1,4 +1,16 @@
 {
+    "marvin-mk2": {
+        "branch": "master",
+        "description": "Helpful nixpkgs PR bot with an improved Genuine People Personality",
+        "homepage": "https://github.com/timokau/marvin-mk2",
+        "owner": "timokau",
+        "repo": "marvin-mk2",
+        "rev": "112ce885daa8de41f41a9891f6f70f15fd5552ce",
+        "sha256": "0fgi699dasmijbs15yjhbfrb5yqbas9rfycrp2a3kz3m5c910mrh",
+        "type": "tarball",
+        "url": "https://github.com/timokau/marvin-mk2/archive/112ce885daa8de41f41a9891f6f70f15fd5552ce.tar.gz",
+        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
+    },
     "nixpkgs": {
         "branch": "nixos-unstable",
         "description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to",