summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/repo-sync.nix110
-rw-r--r--krebs/5pkgs/repo-sync/default.nix2
3 files changed, 113 insertions, 0 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 3d51076cf..060b4445d 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -29,6 +29,7 @@ let
./retiolum.nix
./tinc_graphs.nix
./urlwatch.nix
+ ./repo-sync.nix
];
options.krebs = api;
config = mkIf cfg.enable imp;
diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix
new file mode 100644
index 000000000..c92d458dd
--- /dev/null
+++ b/krebs/3modules/repo-sync.nix
@@ -0,0 +1,110 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+ cfg = config.krebs.repo-sync;
+
+ out = {
+ options.krebs.repo-sync = api;
+ config = mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "repo-sync";
+ config = mkOption {
+ type = with types;attrsOf (attrsOf (attrsOf str));
+ example = literalExample ''
+ # see `repo-sync --help`
+ # `ref` provides sane defaults and can be omitted
+
+ # attrset will be converted to json and be used as config
+ {
+ makefu = {
+ origin = {
+ url = http://github.com/makefu/repo ;
+ ref = "heads/dev" ;
+ };
+ mirror = {
+ url = "git@internal:mirror" ;
+ ref = "heads/github-mirror-dev" ;
+ };
+ };
+ lass = {
+ origin = {
+ url = http://github.com/lass/repo ;
+ };
+ mirror = {
+ url = "git@internal:mirror" ;
+ };
+ };
+ "@latest" = {
+ mirror = {
+ url = "git@internal:mirror";
+ ref = "heads/master";
+ };
+ };
+ };
+ '';
+ };
+ timerConfig = mkOption {
+ type = types.attrsOf types.str;
+ default = {
+ OnCalendar = "*:00,15,30,45";
+ };
+ };
+ stateDir = mkOption {
+ type = types.str;
+ default = "/var/lib/repo-sync";
+ };
+ privateKeyFile = mkOption {
+ type = types.str;
+ description = ''
+ used by repo-sync to identify with ssh service
+ '';
+ default = toString <secrets/wolf-repo-sync.rsa_key.priv>;
+ };
+ };
+ repo-sync-config = pkgs.writeText "repo-sync-config.json"
+ (builtins.toJSON cfg.config);
+
+ imp = {
+ users.users.repo-sync = {
+ name = "repo-sync";
+ uid = genid "repo-sync";
+ description = "repo-sync user";
+ home = cfg.stateDir;
+ createHome = true;
+ };
+
+ systemd.timers.repo-sync = {
+ description = "repo-sync timer";
+ wantedBy = [ "timers.target" ];
+
+ timerConfig = cfg.timerConfig;
+ };
+ systemd.services.repo-sync = {
+ description = "repo-sync";
+ after = [ "network.target" ];
+
+ path = with pkgs; [ ];
+
+ environment = {
+ GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.stateDir}/ssh.priv";
+ };
+
+ serviceConfig = {
+ Type = "simple";
+ PermissionsStartOnly = true;
+ ExecStartPre = pkgs.writeScript "prepare-repo-sync-user" ''
+ #! /bin/sh
+ cp -v ${lib.shell.escape cfg.privateKeyFile} ${cfg.stateDir}/ssh.priv
+ chown repo-sync ${cfg.stateDir}/ssh.priv
+ '';
+ ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}";
+ WorkingDirectory = cfg.stateDir;
+ User = "repo-sync";
+ };
+ };
+ };
+in out
diff --git a/krebs/5pkgs/repo-sync/default.nix b/krebs/5pkgs/repo-sync/default.nix
index 28fc3970d..789c03f36 100644
--- a/krebs/5pkgs/repo-sync/default.nix
+++ b/krebs/5pkgs/repo-sync/default.nix
@@ -1,4 +1,5 @@
{ lib, pkgs, python3Packages, fetchurl, ... }:
+
with python3Packages; buildPythonPackage rec {
name = "repo-sync-${version}";
version = "0.2.5";
@@ -6,6 +7,7 @@ with python3Packages; buildPythonPackage rec {
propagatedBuildInputs = [
docopt
GitPython
+ pkgs.git
];
src = fetchurl {
url = "https://pypi.python.org/packages/source/r/repo-sync/repo-sync-${version}.tar.gz";