l blue-host: sync state, start only when safe
This commit is contained in:
parent
81c18a4f44
commit
9807d6823b
|
@ -1,11 +1,28 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
all_hosts = [
|
||||
"icarus"
|
||||
"shodan"
|
||||
"daedalus"
|
||||
"skynet"
|
||||
"prism"
|
||||
];
|
||||
remote_hosts = filter (h: h != config.networking.hostName) all_hosts;
|
||||
|
||||
{
|
||||
in {
|
||||
imports = [
|
||||
<stockholm/lass/2configs/container-networking.nix>
|
||||
{ #hack for already defined
|
||||
systemd.services."container@blue".reloadIfChanged = mkForce false;
|
||||
systemd.services."container@blue".preStart = ''
|
||||
${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q '^encfs on /var/lib/containers/blue'
|
||||
'';
|
||||
systemd.services."container@blue".preStop = ''
|
||||
/run/wrappers/bin/fusermount -u /var/lib/containers/blue
|
||||
'';
|
||||
}
|
||||
];
|
||||
systemd.services."container@blue".reloadIfChanged = mkForce false;
|
||||
containers.blue = {
|
||||
config = { ... }: {
|
||||
environment.systemPackages = [
|
||||
|
@ -23,10 +40,56 @@ with import <stockholm/lib>;
|
|||
hostAddress = "10.233.2.9";
|
||||
localAddress = "10.233.2.10";
|
||||
};
|
||||
|
||||
|
||||
systemd.services = builtins.listToAttrs (map (host:
|
||||
let
|
||||
in nameValuePair "sync-blue-${host}" {
|
||||
bindsTo = [ "container@blue.service" ];
|
||||
wantedBy = [ "container@blue.service" ];
|
||||
# ssh needed for rsync
|
||||
path = [ pkgs.openssh ];
|
||||
serviceConfig = {
|
||||
Restart = "always";
|
||||
RestartSec = 10;
|
||||
ExecStart = pkgs.writeDash "sync-blue-${host}" ''
|
||||
set -efu
|
||||
#make sure blue is running
|
||||
/run/wrappers/bin/ping -c1 blue.r > /dev/null
|
||||
|
||||
#make sure the container is unlocked
|
||||
${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q '^encfs on /var/lib/containers/blue'
|
||||
|
||||
#make sure our target is reachable
|
||||
${pkgs.untilport}/bin/untilport ${host}.r 22 2>/dev/null
|
||||
|
||||
#start sync
|
||||
${pkgs.lsyncd}/bin/lsyncd -log scarce ${pkgs.writeText "lsyncd-config.lua" ''
|
||||
settings {
|
||||
nodaemon = true,
|
||||
inotifyMode = "CloseWrite or Modify",
|
||||
}
|
||||
sync {
|
||||
default.rsyncssh,
|
||||
source = "/var/lib/containers/.blue",
|
||||
host = "${host}.r",
|
||||
targetdir = "/var/lib/containers/.blue",
|
||||
ssh = {
|
||||
binary = "${pkgs.openssh}/bin/ssh";
|
||||
identityFile = "/var/lib/containers/blue/home/lass/.ssh/id_rsa",
|
||||
},
|
||||
}
|
||||
''}
|
||||
'';
|
||||
};
|
||||
unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
|
||||
}
|
||||
) remote_hosts);
|
||||
|
||||
environment.systemPackages = [
|
||||
(pkgs.writeDashBin "start-blue" ''
|
||||
set -ef
|
||||
if ping -c1 blue.r; then
|
||||
if ping -c1 blue.r >/dev/null; then
|
||||
echo 'blue is already running. bailing out'
|
||||
exit 23
|
||||
fi
|
||||
|
@ -36,10 +99,5 @@ with import <stockholm/lib>;
|
|||
nixos-container start blue
|
||||
nixos-container run blue -- nixos-rebuild -I /var/src switch
|
||||
'')
|
||||
(pkgs.writeDashBin "stop-blue" ''
|
||||
set -ef
|
||||
nixos-container stop blue
|
||||
fusermount -u /var/lib/containers/blue
|
||||
'')
|
||||
];
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue