nixos/modules/services/version_tracker.nix

{ config, pkgs, lib, ... }:

let
  cfg = config.custom.services.version_tracker;
in
{
  options.custom.services.version_tracker = {
    enable = lib.mkEnableOption "version_tracker";
  };

  config = lib.mkIf cfg.enable {
    age.secrets."version_tracker/ssh.key".file = ../../secrets/version_tracker/ssh.key.age;

    systemd.services.version_tracker = {
      description = "NixOS version tracker.";

      serviceConfig = {
        DynamicUser = true;

        CacheDirectory = "version_tracker";
        WorkingDirectory = "%C/version_tracker";

        LoadCredential = "id_ecdsa:${config.age.secrets."version_tracker/ssh.key".path}";
      };

      environment = {
        GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i %d/id_ecdsa";
      };

      script = with pkgs; ''
        PORT=30653

        if ! test -d repo/.git; then
            ${git}/bin/git clone git@ssh.gitea.hillion.co.uk:JakeHillion/nixos.git repo
        fi
        cd repo
        ${git}/bin/git fetch
        ${git}/bin/git switch --detach origin/main

        code=0
        for path in hosts/*
        do
            hostname=''${path##*/}

            if rev=$(${curl}/bin/curl -s --connect-timeout 15 http://$hostname:30653/current/nixos/system/configurationRevision); then
                echo "$hostname: $rev (current)"
                if ${git}/bin/git tag -f "current/$hostname" "$rev"; then
                    ${git}/bin/git push -f origin "current/$hostname"
                else
                    echo "WARNING: $hostname points to invalid ref!"
                fi
            else
                echo "$hostname: failed to reach"
            fi

            if rev=$(${curl}/bin/curl -s --connect-timeout 15 http://$hostname:30653/booted/nixos/system/configurationRevision); then
                echo "$hostname: $rev (booted)"
                if ${git}/bin/git tag -f "booted/$hostname" "$rev"; then
                    ${git}/bin/git push -f origin "booted/$hostname"
                else
                    echo "WARNING: $hostname points to invalid ref!"
                fi
                
            else
                echo "$hostname: failed to reach"
            fi
        done
      '';
    };
    systemd.timers.version_tracker = {
      wantedBy = [ "timers.target" ];
      timerConfig = {
        OnBootSec = "5m";
        OnUnitInactiveSec = "15m";
        Unit = "version_tracker.service";
      };
    };
  };
}
drone: track current version of each nixos host 2023-06-17 13:47:47 +01:00			`{ config, pkgs, lib, ... }:`

			`let`
			`cfg = config.custom.services.version_tracker;`
			`in`
			`{`
			`options.custom.services.version_tracker = {`
			`enable = lib.mkEnableOption "version_tracker";`
			`};`

			`config = lib.mkIf cfg.enable {`
version_tracker: switch to DynamicUser 2023-07-03 22:22:32 +01:00			`age.secrets."version_tracker/ssh.key".file = ../../secrets/version_tracker/ssh.key.age;`
drone: track current version of each nixos host 2023-06-17 13:47:47 +01:00
			`systemd.services.version_tracker = {`
			`description = "NixOS version tracker.";`

version_tracker: switch to DynamicUser 2023-07-03 22:22:32 +01:00			`serviceConfig = {`
			`DynamicUser = true;`

			`CacheDirectory = "version_tracker";`
			`WorkingDirectory = "%C/version_tracker";`

			`LoadCredential = "id_ecdsa:${config.age.secrets."version_tracker/ssh.key".path}";`
			`};`

drone: track current version of each nixos host 2023-06-17 13:47:47 +01:00			`environment = {`
version_tracker: switch to DynamicUser 2023-07-03 22:22:32 +01:00			`GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i %d/id_ecdsa";`
drone: track current version of each nixos host 2023-06-17 13:47:47 +01:00			`};`

version_tracker: switch to DynamicUser 2023-07-03 22:22:32 +01:00			`script = with pkgs; ''`
			`PORT=30653`

drone: track current version of each nixos host 2023-06-17 13:47:47 +01:00			`if ! test -d repo/.git; then`
			`${git}/bin/git clone git@ssh.gitea.hillion.co.uk:JakeHillion/nixos.git repo`
			`fi`
			`cd repo`
			`${git}/bin/git fetch`
version_tracker: switch to main 2023-09-10 14:19:45 +01:00			`${git}/bin/git switch --detach origin/main`
drone: track current version of each nixos host 2023-06-17 13:47:47 +01:00
			`code=0`
			`for path in hosts/*`
			`do`
			`hostname=''${path##*/}`

hostinfo: save version to file for extraction 2023-06-21 20:37:03 +01:00			`if rev=$(${curl}/bin/curl -s --connect-timeout 15 http://$hostname:30653/current/nixos/system/configurationRevision); then`
			`echo "$hostname: $rev (current)"`
			`if ${git}/bin/git tag -f "current/$hostname" "$rev"; then`
			`${git}/bin/git push -f origin "current/$hostname"`
			`else`
drone: track current version of each nixos host 2023-06-17 13:47:47 +01:00			`echo "WARNING: $hostname points to invalid ref!"`
			`fi`
hostinfo: save version to file for extraction 2023-06-21 20:37:03 +01:00			`else`
			`echo "$hostname: failed to reach"`
			`fi`

			`if rev=$(${curl}/bin/curl -s --connect-timeout 15 http://$hostname:30653/booted/nixos/system/configurationRevision); then`
			`echo "$hostname: $rev (booted)"`
			`if ${git}/bin/git tag -f "booted/$hostname" "$rev"; then`
			`${git}/bin/git push -f origin "booted/$hostname"`
			`else`
			`echo "WARNING: $hostname points to invalid ref!"`
			`fi`

drone: track current version of each nixos host 2023-06-17 13:47:47 +01:00			`else`
			`echo "$hostname: failed to reach"`
			`fi`
			`done`
			`'';`
			`};`
			`systemd.timers.version_tracker = {`
			`wantedBy = [ "timers.target" ];`
			`timerConfig = {`
			`OnBootSec = "5m";`
			`OnUnitInactiveSec = "15m";`
			`Unit = "version_tracker.service";`
			`};`
			`};`
			`};`
			`}`