diff options
-rw-r--r-- | krebs/3modules/github-hosts-sync.nix | 25 | ||||
-rw-r--r-- | krebs/5pkgs/simple/github-hosts-sync/default.nix | 36 | ||||
-rwxr-xr-x | krebs/5pkgs/simple/github-hosts-sync/src/hosts-sync | 81 |
3 files changed, 56 insertions, 86 deletions
diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix index 3b626dc46..233cea68d 100644 --- a/krebs/3modules/github-hosts-sync.nix +++ b/krebs/3modules/github-hosts-sync.nix @@ -11,17 +11,25 @@ let api = { enable = mkEnableOption "krebs.github-hosts-sync"; - port = mkOption { - type = types.int; # TODO port type - default = 1028; - }; dataDir = mkOption { type = types.str; # TODO path (but not just into store) default = "/var/lib/github-hosts-sync"; }; + srcDir = mkOption { + type = types.str; + default = "${config.krebs.tinc.retiolum.confDir}/hosts"; + }; ssh-identity-file = mkOption { type = types.suffixed-str [".ssh.id_ed25519" ".ssh.id_rsa"]; - default = toString <secrets/github-hosts-sync.ssh.id_rsa>; + default = toString <secrets/github-hosts-sync.ssh.id_ed25519>; + }; + url = mkOption { + type = types.str; + default = "git@github.com:krebscode/hosts.git"; + }; + workTree = mkOption { + type = types.absolute-pathname; + default = "${cfg.dataDir}/cache"; }; }; @@ -30,13 +38,16 @@ let after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; environment = { - port = toString cfg.port; + GITHUB_HOST_SYNC_SRCDIR = cfg.srcDir; + GITHUB_HOST_SYNC_WORKTREE = cfg.workTree; + GITHUB_HOST_SYNC_URL = cfg.url; }; serviceConfig = { PermissionsStartOnly = "true"; SyslogIdentifier = "github-hosts-sync"; User = user.name; - Restart = "always"; + Type = "oneshot"; + RemainAfterExit = true; ExecStartPre = pkgs.writeDash "github-hosts-sync-init" '' set -euf install -m 0711 -o ${user.name} -d ${cfg.dataDir} diff --git a/krebs/5pkgs/simple/github-hosts-sync/default.nix b/krebs/5pkgs/simple/github-hosts-sync/default.nix index 8caa5e1ef..5caf225cb 100644 --- a/krebs/5pkgs/simple/github-hosts-sync/default.nix +++ b/krebs/5pkgs/simple/github-hosts-sync/default.nix @@ -1,7 +1,8 @@ { pkgs, stdenv, ... }: -stdenv.mkDerivation { - name = "github-hosts-sync"; +stdenv.mkDerivation rec { + name = "github-hosts-sync-${version}"; + version = "2.0.0"; src = ./src; @@ -10,28 +11,21 @@ stdenv.mkDerivation { "installPhase" ]; - installPhase = - let - ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; - path = stdenv.lib.makeBinPath (with pkgs; [ - coreutils - findutils - git - gnugrep - gnused - nettools - openssh - socat - ]); - in + installPhase = let + ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + path = stdenv.lib.makeBinPath [ + pkgs.git + pkgs.openssh + pkgs.rsync + ]; + in '' mkdir -p $out/bin - sed \ - 's,^main() {$,&\n export PATH=${path} GIT_SSL_CAINFO=${ca-bundle},' \ - < hosts-sync \ - > $out/bin/github-hosts-sync + cp hosts-sync $out/bin/github-hosts-sync - chmod +x $out/bin/github-hosts-sync + sed -i \ + '1s,$,\nPATH=${path}''${PATH+:$PATH} GIT_SSL_CAINFO=${ca-bundle},' \ + $out/bin/github-hosts-sync ''; } diff --git a/krebs/5pkgs/simple/github-hosts-sync/src/hosts-sync b/krebs/5pkgs/simple/github-hosts-sync/src/hosts-sync index f36c700d8..4bae44bef 100755 --- a/krebs/5pkgs/simple/github-hosts-sync/src/hosts-sync +++ b/krebs/5pkgs/simple/github-hosts-sync/src/hosts-sync @@ -1,66 +1,31 @@ #! /bin/sh -# TODO do_work should retry until success -set -euf +set -efu +exec >&2 -port=${port-1028} -local_painload=$HOME/painload -remote_painload="https://github.com/krebscode/painload" -local_hosts=$HOME/hosts -remote_hosts="git@github.com:krebscode/hosts.git" +hosts_srcdir=$GITHUB_HOST_SYNC_SRCDIR +hosts_worktree=${GITHUB_HOST_SYNC_WORKTREE-/tmp/hosts} +hosts_url=${GITHUB_HOST_SYNC_URL-git@github.com:krebscode/hosts.git} -main() { - ensure_local_painload - ensure_local_hosts - is_worker && do_work || become_server -} +test -d "$hosts_worktree" || git clone "$hosts_url" "$hosts_worktree" -ensure_local_painload() { - test -d "$local_painload" || git clone "$remote_painload" "$local_painload" -} +cd "$hosts_worktree" -ensure_local_hosts() { - test -d "$local_hosts" || git clone "$remote_hosts" "$local_hosts" -} +git pull -become_server() { - exec socat "TCP-LISTEN:$port,reuseaddr,fork" "EXEC:$0" -} +rsync \ + --chmod D755,F644 \ + --delete-excluded \ + --filter 'protect .git' \ + --recursive \ + --verbose \ + "$hosts_srcdir/" \ + . -is_worker() { - test "${SOCAT_SOCKPORT-}" = "$port" -} +git add . -do_work() { - # read request - req_line="$(read line && echo "$line")" - req_hdrs="$(sed -n '/^\r$/q;p')" - - set -x - - cd "$local_hosts" - git pull >&2 - - cd "$local_hosts" - find . -name .git -prune -o -type f -exec git rm \{\} \; >/dev/null - - cd "$local_painload" - git pull >&2 - - find "$local_painload/retiolum/hosts" -type f -exec cp \{\} "$local_hosts" \; - - cd "$local_hosts" - find . -name .git -prune -o -type f -exec git add \{\} \; >&2 - if git status --porcelain | grep -q .; then - git config user.email "$LOGNAME@$(hostname)" - git config user.name "$LOGNAME" - git commit -m bump >&2 - git push >&2 - fi - - echo "HTTP/1.1 200 OK" - echo - echo "https://github.com/krebscode/hosts/archive/master.tar.gz" - echo "https://github.com/krebscode/hosts/archive/master.zip" -} - -main "$@" +if test -n "$(git status --porcelain)"; then + git config user.email "$LOGNAME@$(hostname)" + git config user.name "$LOGNAME" + git commit -m bump + git push +fi |