sercanto/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

build01: add initial nixpkgs-update configuration ()

Browse source 
* build01: add initial nixpkgs-update configuration

* use niv for nixpkgs-update

* nixpkgs-update: now it works!

Having to make r-ryantm a normal user is lame, but `hub` needs a
regular home directory to work. Eventually I should move away from
using hub. The XDG_CONFIG env variables are because nixpkgs-update
doesn't detec the systemd XDG-like env variables yet.

* nixpkgs-update: add r-ryantm as trusted user and logging config

* nixpkgs-update: add cachix

* nixpkgs-update: update with niv

* nixpkgs-update: fixup cachix config
This commit is contained in:
Ryan Mulligan 2020-01-15 00:15:23 -08:00 committed by zimbatm
parent 5b309342cc
commit 612b75f0a3
5 changed files with 113 additions and 0 deletions

1
build01/configuration.nix
View file

@ -10,6 +10,7 @@ in {
./buildkite.nix ./buildkite.nix
./gitlab.nix ./gitlab.nix
./hydra.nix ./hydra.nix
./nixpkgs-update.nix
../profiles/common.nix ../profiles/common.nix
../profiles/docker.nix ../profiles/docker.nix

76
build01/nixpkgs-update.nix Normal file
View file

@ -0,0 +1,76 @@
{ pkgs, lib, config, ... }:
let
userLib = import ../users/lib.nix { inherit lib; };
sources = import ../nix/sources.nix;
nixpkgs-update = import sources.nixpkgs-update { returnShellEnv = false; };
nixpkgsUpdateSystemDependencies = with pkgs; [
nix
git
getent
gitAndTools.hub
jq
tree
gist
cachix
];
nixpkgsUpdateServiceConfigCommon = {
Type = "oneshot";
User = "r-ryantm";
Group = "r-ryantm";
WorkingDirectory = "/var/lib/nixpkgs-update";
StateDirectory = "nixpkgs-update";
StateDirectoryMode = "700";
RuntimeDirectory = "nixpkgs-update";
RuntimeDirectoryMode = "700";
CacheDirectory = "nixpkgs-update";
CacheDirectoryMode = "700";
StandardOutput="journal";
};
in {
users.users.r-ryantm.packages = [ pkgs.cachix ];
users.groups.r-ryantm = { };
users.users.r-ryantm = {
useDefaultShell = true;
isNormalUser = true; # The hub cli seems to really want stuff to be set up like a normal user
uid = userLib.mkUid "rrtm";
extraGroups = [ "r-ryantm" ];
};
nix.trustedUsers = [
"r-ryantm"
];
systemd.services.nixpkgs-update = {
description = "nixpkgs-update service";
enable = true;
path = nixpkgsUpdateSystemDependencies;
environment.XDG_CONFIG_HOME = "/var/lib/nixpkgs-update";
environment.XDG_RUNTIME_DIR = "/run/nixpkgs-update";
environment.XDG_CACHE_HOME = "/var/cache/nixpkgs-update";
serviceConfig = nixpkgsUpdateServiceConfigCommon;
script = "${nixpkgs-update}/bin/nixpkgs-update update";
};
systemd.services.nixpkgs-update-delete-done = {
description = "nixpkgs-update delete done branches";
enable = true;
path = nixpkgsUpdateSystemDependencies;
environment.XDG_CONFIG_HOME = "/var/lib/nixpkgs-update";
environment.XDG_RUNTIME_DIR = "/run/nixpkgs-update";
environment.XDG_CACHE_HOME = "/var/cache/nixpkgs-update";
serviceConfig = nixpkgsUpdateServiceConfigCommon;
script = "${nixpkgs-update}/bin/nixpkgs-update delete-done";
};
systemd.timers.nixpkgs-update-delete-done = {
description = "nixpkgs-update delete done branches";
enable = true;
timerConfig = { OnCalendar = "daily"; };
};
}

24
deployment.nix
View file

@ -39,6 +39,30 @@ in {
permissions = "0600"; permissions = "0600";
}; };
deployment.keys."id_rsa" = {
text = secrets.github-r-ryantm-key;
destDir = "/home/r-ryantm/.ssh";
user = "r-ryantm";
group = "r-ryantm";
permissions = "0600";
};
deployment.keys."github_token.txt" = {
text = secrets.github-r-ryantm-token;
destDir = "/var/lib/nixpkgs-update";
user = "r-ryantm";
group = "r-ryantm";
permissions = "0600";
};
deployment.keys."cachix.dhall" = {
text = secrets."cachix.dhall";
destDir = "/var/lib/nixpkgs-update/cachix";
user = "r-ryantm";
group = "r-ryantm";
permissions = "0600";
};
}; };
} }

12
nix/sources.json
View file

@ -11,6 +11,18 @@
"url": "https://github.com/NixOS/nixpkgs-channels/archive/aa561c6fb4f48974639a9e2b76fdd3e15b2abfd4.tar.gz", "url": "https://github.com/NixOS/nixpkgs-channels/archive/aa561c6fb4f48974639a9e2b76fdd3e15b2abfd4.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
}, },
"nixpkgs-update": {
"branch": "master",
"description": "Semi-automatically updating nixpkgs packages since 2018",
"homepage": "",
"owner": "ryantm",
"repo": "nixpkgs-update",
"rev": "3f559eb4c24aab547447c248d32ee791fe937cf0",
"sha256": "1xyaja08cv57gbnzyal9iryb0dc4yg986hdm6yy9mg5fajgh7gr9",
"type": "tarball",
"url": "https://github.com/ryantm/nixpkgs-update/archive/3f559eb4c24aab547447c248d32ee791fe937cf0.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"simple-hydra": { "simple-hydra": {
"branch": "master", "branch": "master",
"description": "A simple module for enabling Hydra", "description": "A simple module for enabling Hydra",

BIN
secrets/cachix.dhall Normal file
View file

Binary file not shown.