jalil/webnsupdate
1
0
Fork 0
Code Issues 1 Pull requests Activity Actions

update-ci #3

Merged
jalil merged 3 commits from update-ci into main 2024-09-30 16:40:19 +02:00
Conversation 0 Commits 3 Files changed 7 +214 -117
7 changed files with 214 additions and 117 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.forgejo/workflows/check.yml
View file

@ -3,12 +3,12 @@ jobs:
check: check:
runs-on: nixos runs-on: nixos
steps: steps:
- uses: https://code.forgejo.org/actions/checkout@v4 - uses: https://git.salame.cl/actions/checkout@v4
- run: nix --version - run: nix --version
- run: nix flake check --keep-going --verbose --print-build-logs - run: nix flake check --keep-going --verbose --print-build-logs
build: build:
runs-on: nixos runs-on: nixos
steps: steps:
- uses: https://code.forgejo.org/actions/checkout@v4 - uses: https://git.salame.cl/actions/checkout@v4
- run: nix --version - run: nix --version
- run: nix build --print-build-logs .# - run: nix build --print-build-logs .#

62
.forgejo/workflows/update.yml Normal file
View file

@ -0,0 +1,62 @@
on:
workflow_dispatch:
schedule:
# 03:42 on Saturdays
- cron: '42 3 * * 6'
env:
PR_TITLE: Weekly `cargo update` of dependencies
PR_MESSAGE: |
Automation to keep dependencies in `Cargo.lock` current.
The following is the output from `cargo update`:
COMMIT_MESSAGE: "chore: cargo update \n\n"
jobs:
update-cargo:
runs-on: nixos
env:
BRANCH_NAME: cargo-update
steps:
- uses: https://git.salame.cl/actions/checkout@v4
- run: nix --version
- run: nix run .#cargo-update
- name: craft PR body and commit message
run: |
set -euo pipefail
echo "${COMMIT_MESSAGE}" > commit.txt
cat cargo_update.log >> commit.txt
echo "${PR_MESSAGE}" > body.md
echo '```txt' >> body.md
cat cargo_update.log >> body.md
echo '```' >> body.md
- name: commit
run: |
set -euo pipefail
git config user.name forgejo-actions
git config user.email forgejo-actions@salame.cl
git switch --force-create "$BRANCH_NAME"
git add ./Cargo.lock
DIFF="$(git diff --staged)"
if [[ "$DIFF" == "" ]]; then
echo >2 "Cargo.lock was not changed, bailing out and not making a PR"
exit 1
fi
git commit --no-verify --file=commit.txt
- name: push
run: |
set -euo pipefail
git push --no-verify --force --set-upstream origin "$BRANCH_NAME"
- name: open new pull request
env:
# We have to use a Personal Access Token (PAT) here.
# PRs opened from a workflow using the standard `GITHUB_TOKEN` in GitHub Actions
# do not automatically trigger more workflows:
# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow
# GITHUB_TOKEN: ${{ secrets.DEPS_UPDATER_GITHUB_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -euo pipefail
tea login add --name "forgejo-actions" --token "$GITHUB_TOKEN"
tea pr create --title "${PR_TITLE}" --description "$(cat body.md)" --repo "$GITHUB_REPOSITORY"

55
default.nix
View file

@ -1,7 +1,8 @@
{ {
lib, lib,
rustPlatform, rustPlatform,
}: let }:
let
readToml = path: builtins.fromTOML (builtins.readFile path); readToml = path: builtins.fromTOML (builtins.readFile path);
cargoToml = readToml ./Cargo.toml; cargoToml = readToml ./Cargo.toml;
pname = cargoToml.package.name; pname = cargoToml.package.name;
@ -11,32 +12,34 @@
name = "${pname}-source"; name = "${pname}-source";
# Adapted from <https://github.com/ipetkov/crane/blob/master/lib/filterCargoSources.nix> # Adapted from <https://github.com/ipetkov/crane/blob/master/lib/filterCargoSources.nix>
# no need to pull in crane for just this # no need to pull in crane for just this
filter = orig_path: type: let filter =
path = toString orig_path; orig_path: type:
base = baseNameOf path; let
parentDir = baseNameOf (dirOf path); path = toString orig_path;
matchesSuffix = lib.any (suffix: lib.hasSuffix suffix base) [ base = baseNameOf path;
# Rust sources parentDir = baseNameOf (dirOf path);
".rs" matchesSuffix = lib.any (suffix: lib.hasSuffix suffix base) [
# TOML files are often used to configure cargo based tools (e.g. .cargo/config.toml) # Rust sources
".toml" ".rs"
]; # TOML files are often used to configure cargo based tools (e.g. .cargo/config.toml)
isCargoLock = base == "Cargo.lock"; ".toml"
# .cargo/config.toml is captured above ];
isOldStyleCargoConfig = parentDir == ".cargo" && base == "config"; isCargoLock = base == "Cargo.lock";
in # .cargo/config.toml is captured above
isOldStyleCargoConfig = parentDir == ".cargo" && base == "config";
in
type == "directory" || matchesSuffix || isCargoLock || isOldStyleCargoConfig; type == "directory" || matchesSuffix || isCargoLock || isOldStyleCargoConfig;
}; };
in in
rustPlatform.buildRustPackage { rustPlatform.buildRustPackage {
inherit pname version src; inherit pname version src;
cargoLock.lockFile = ./Cargo.lock; cargoLock.lockFile = ./Cargo.lock;
useNextest = true; useNextest = true;
meta = { meta = {
inherit description; inherit description;
license = lib.licenses.mit; license = lib.licenses.mit;
homepage = "https://github.com/jalil-salame/webnsupdate"; homepage = "https://github.com/jalil-salame/webnsupdate";
mainProgram = "webnsupdate"; mainProgram = "webnsupdate";
}; };
} }

6
flake.lock
View file

@ -2,11 +2,11 @@
"nodes": { "nodes": {
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1725634671, "lastModified": 1727348695,
"narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", "narHash": "sha256-J+PeFKSDV+pHL7ukkfpVzCOO7mBSrrpJ3svwBFABbhI=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", "rev": "1925c603f17fc89f4c8f6bf6f631a802ad85d784",
"type": "github" "type": "github"
}, },
"original": { "original": {

128
flake.nix
View file

@ -5,59 +5,83 @@
systems.url = "github:nix-systems/default"; systems.url = "github:nix-systems/default";
}; };
outputs = { outputs =
self, {
nixpkgs, self,
systems, nixpkgs,
}: let systems,
forEachSupportedSystem = nixpkgs.lib.genAttrs (import systems); }:
in { let
checks = forEachSupportedSystem (system: let forEachSupportedSystem = nixpkgs.lib.genAttrs (import systems);
pkgs = nixpkgs.legacyPackages.${system}; in
inherit (nixpkgs) lib; {
in { checks = forEachSupportedSystem (
fmtRust = pkgs.callPackage ./run-cmd.nix { system:
src = self; let
name = "fmt-rust"; pkgs = nixpkgs.legacyPackages.${system};
extraNativeBuildInputs = [pkgs.rustfmt]; inherit (nixpkgs) lib;
cmd = "${lib.getExe pkgs.cargo} fmt --all --check --verbose"; in
}; {
fmtNix = pkgs.callPackage ./run-cmd.nix { fmtRust = pkgs.callPackage ./run-cmd.nix {
src = self; src = self;
name = "fmt-nix"; name = "fmt-rust";
cmd = "${lib.getExe pkgs.alejandra} --check ."; extraNativeBuildInputs = [ pkgs.rustfmt ];
}; cmd = "${lib.getExe pkgs.cargo} fmt --all --check --verbose";
lintNix = pkgs.callPackage ./run-cmd.nix { };
src = self; fmtNix = pkgs.callPackage ./run-cmd.nix {
name = "lint-nix"; src = self;
cmd = "${lib.getExe pkgs.statix} check ."; name = "fmt-nix";
}; cmd = "${lib.getExe self.formatter.${system}} --check .";
}); };
formatter = forEachSupportedSystem (system: nixpkgs.legacyPackages.${system}.alejandra); lintNix = pkgs.callPackage ./run-cmd.nix {
src = self;
name = "lint-nix";
cmd = "${lib.getExe pkgs.statix} check .";
};
}
);
formatter = forEachSupportedSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style);
packages = forEachSupportedSystem (system: let packages = forEachSupportedSystem (
webnsupdate = nixpkgs.legacyPackages.${system}.callPackage ./default.nix {}; system:
in { let
inherit webnsupdate; pkgs = nixpkgs.legacyPackages.${system};
default = webnsupdate; webnsupdate = pkgs.callPackage ./default.nix { };
}); in
{
inherit webnsupdate;
default = webnsupdate;
cargo-update = pkgs.writeShellApplication {
name = "cargo-update-lockfile";
runtimeInputs = with pkgs; [
cargo
gnused
];
text = ''
CARGO_TERM_COLOR=never cargo update 2>&1 | sed '/crates.io index/d' | tee -a cargo_update.log
'';
};
}
);
overlays.default = final: prev: { overlays.default = final: prev: { webnsupdate = final.callPackage ./default.nix { }; };
webnsupdate = final.callPackage ./default.nix {};
nixosModules.default = ./module.nix;
devShells = forEachSupportedSystem (
system:
let
pkgs = nixpkgs.legacyPackages.${system};
in
{
default = pkgs.mkShell {
packages = [
pkgs.cargo-insta
pkgs.cargo-udeps
pkgs.mold
];
};
}
);
}; };
nixosModules.default = ./module.nix;
devShells = forEachSupportedSystem (system: let
pkgs = nixpkgs.legacyPackages.${system};
in {
default = pkgs.mkShell {
packages = [
pkgs.cargo-insta
pkgs.cargo-udeps
pkgs.mold
];
};
});
};
} }

72
module.nix
View file

@ -3,13 +3,15 @@
pkgs, pkgs,
config, config,
... ...
}: let }:
let
cfg = config.services.webnsupdate; cfg = config.services.webnsupdate;
inherit (lib) mkOption mkEnableOption types; inherit (lib) mkOption mkEnableOption types;
in { in
{
options.services.webnsupdate = mkOption { options.services.webnsupdate = mkOption {
description = "An HTTP server for nsupdate."; description = "An HTTP server for nsupdate.";
default = {}; default = { };
type = types.submodule { type = types.submodule {
options = { options = {
enable = mkEnableOption "webnsupdate"; enable = mkEnableOption "webnsupdate";
@ -18,8 +20,8 @@ in {
Extra arguments to be passed to the webnsupdate server command. Extra arguments to be passed to the webnsupdate server command.
''; '';
type = types.listOf types.str; type = types.listOf types.str;
default = []; default = [ ];
example = ["--ip-source"]; example = [ "--ip-source" ];
}; };
bindIp = mkOption { bindIp = mkOption {
description = '' description = ''
@ -102,47 +104,53 @@ in {
}; };
}; };
config = let config =
recordsFile = let
if cfg.recordsFile != null recordsFile =
then cfg.recordsFile if cfg.recordsFile != null then cfg.recordsFile else pkgs.writeText "webnsrecords" cfg.records;
else pkgs.writeText "webnsrecords" cfg.records; args = lib.strings.escapeShellArgs (
args = lib.strings.escapeShellArgs ([ [
"--records" "--records"
recordsFile recordsFile
"--key-file" "--key-file"
cfg.keyFile cfg.keyFile
"--password-file" "--password-file"
cfg.passwordFile cfg.passwordFile
"--address" "--address"
cfg.bindIp cfg.bindIp
"--port" "--port"
(builtins.toString cfg.bindPort) (builtins.toString cfg.bindPort)
"--ttl" "--ttl"
(builtins.toString cfg.ttl) (builtins.toString cfg.ttl)
] ]
++ cfg.extraArgs); ++ cfg.extraArgs
cmd = "${lib.getExe pkgs.webnsupdate} ${args}"; );
in cmd = "${lib.getExe pkgs.webnsupdate} ${args}";
in
lib.mkIf cfg.enable { lib.mkIf cfg.enable {
# warnings = # warnings =
# lib.optional (!config.services.bind.enable) "`webnsupdate` is expected to be used alongside `bind`. This is an unsopported configuration."; # lib.optional (!config.services.bind.enable) "`webnsupdate` is expected to be used alongside `bind`. This is an unsopported configuration.";
assertions = [ assertions = [
{ {
assertion = (cfg.records != null || cfg.recordsFile != null) && !(cfg.records != null && cfg.recordsFile != null); assertion =
(cfg.records != null || cfg.recordsFile != null)
&& !(cfg.records != null && cfg.recordsFile != null);
message = "Exactly one of `services.webnsupdate.records` and `services.webnsupdate.recordsFile` must be set."; message = "Exactly one of `services.webnsupdate.records` and `services.webnsupdate.recordsFile` must be set.";
} }
]; ];
systemd.services.webnsupdate = { systemd.services.webnsupdate = {
description = "Web interface for nsupdate."; description = "Web interface for nsupdate.";
wantedBy = ["multi-user.target"]; wantedBy = [ "multi-user.target" ];
after = ["network.target" "bind.service"]; after = [
"network.target"
"bind.service"
];
preStart = "${cmd} verify"; preStart = "${cmd} verify";
path = [pkgs.dig]; path = [ pkgs.dig ];
startLimitIntervalSec = 60; startLimitIntervalSec = 60;
serviceConfig = { serviceConfig = {
ExecStart = [cmd]; ExecStart = [ cmd ];
Type = "exec"; Type = "exec";
Restart = "on-failure"; Restart = "on-failure";
RestartSec = "10s"; RestartSec = "10s";

4
run-cmd.nix
View file

@ -3,8 +3,8 @@
src, src,
name, name,
cmd, cmd,
extraBuildInputs ? [], extraBuildInputs ? [ ],
extraNativeBuildInputs ? [], extraNativeBuildInputs ? [ ],
}: }:
stdenvNoCC.mkDerivation { stdenvNoCC.mkDerivation {
name = "${name}-src"; name = "${name}-src";