From acb3f95fa6586a9c9b1b1ffa76368c1b39edb8aa Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 17 May 2019 13:06:36 +0200
Subject: [PATCH] github-hosts-sync: 1.0.0 -> 2.0.0
---
krebs/3modules/github-hosts-sync.nix | 25 ++++--
.../simple/github-hosts-sync/default.nix | 36 ++++-----
.../simple/github-hosts-sync/src/hosts-sync | 81 ++++++-------------
3 files changed, 56 insertions(+), 86 deletions(-)
diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix
index 3b626dc46..233cea68d 100644
--- a/krebs/3modules/github-hosts-sync.nix
+++ b/krebs/3modules/github-hosts-sync.nix
@@ -11,17 +11,25 @@ let
api = {
enable = mkEnableOption "krebs.github-hosts-sync";
- port = mkOption {
- type = types.int; # TODO port type
- default = 1028;
- };
dataDir = mkOption {
type = types.str; # TODO path (but not just into store)
default = "/var/lib/github-hosts-sync";
};
+ srcDir = mkOption {
+ type = types.str;
+ default = "${config.krebs.tinc.retiolum.confDir}/hosts";
+ };
ssh-identity-file = mkOption {
type = types.suffixed-str [".ssh.id_ed25519" ".ssh.id_rsa"];
- default = toString <secrets/github-hosts-sync.ssh.id_rsa>;
+ default = toString <secrets/github-hosts-sync.ssh.id_ed25519>;
+ };
+ url = mkOption {
+ type = types.str;
+ default = "git@github.com:krebscode/hosts.git";
+ };
+ workTree = mkOption {
+ type = types.absolute-pathname;
+ default = "${cfg.dataDir}/cache";
};
};
@@ -30,13 +38,16 @@ let
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment = {
- port = toString cfg.port;
+ GITHUB_HOST_SYNC_SRCDIR = cfg.srcDir;
+ GITHUB_HOST_SYNC_WORKTREE = cfg.workTree;
+ GITHUB_HOST_SYNC_URL = cfg.url;
};
serviceConfig = {
PermissionsStartOnly = "true";
SyslogIdentifier = "github-hosts-sync";
User = user.name;
- Restart = "always";
+ Type = "oneshot";
+ RemainAfterExit = true;
ExecStartPre = pkgs.writeDash "github-hosts-sync-init" ''
set -euf
install -m 0711 -o ${user.name} -d ${cfg.dataDir}
diff --git a/krebs/5pkgs/simple/github-hosts-sync/default.nix b/krebs/5pkgs/simple/github-hosts-sync/default.nix
index 8caa5e1ef..5caf225cb 100644
--- a/krebs/5pkgs/simple/github-hosts-sync/default.nix
+++ b/krebs/5pkgs/simple/github-hosts-sync/default.nix
@@ -1,7 +1,8 @@
{ pkgs, stdenv, ... }:
-stdenv.mkDerivation {
- name = "github-hosts-sync";
+stdenv.mkDerivation rec {
+ name = "github-hosts-sync-${version}";
+ version = "2.0.0";
src = ./src;
@@ -10,28 +11,21 @@ stdenv.mkDerivation {
"installPhase"
];
- installPhase =
- let
- ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
- path = stdenv.lib.makeBinPath (with pkgs; [
- coreutils
- findutils
- git
- gnugrep
- gnused
- nettools
- openssh
- socat
- ]);
- in
+ installPhase = let
+ ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+ path = stdenv.lib.makeBinPath [
+ pkgs.git
+ pkgs.openssh
+ pkgs.rsync
+ ];
+ in
''
mkdir -p $out/bin
- sed \
- 's,^main() {$,&\n export PATH=${path} GIT_SSL_CAINFO=${ca-bundle},' \
- < hosts-sync \
- > $out/bin/github-hosts-sync
+ cp hosts-sync $out/bin/github-hosts-sync
- chmod +x $out/bin/github-hosts-sync
+ sed -i \
+ '1s,$,\nPATH=${path}''${PATH+:$PATH} GIT_SSL_CAINFO=${ca-bundle},' \
+ $out/bin/github-hosts-sync
'';
}
diff --git a/krebs/5pkgs/simple/github-hosts-sync/src/hosts-sync b/krebs/5pkgs/simple/github-hosts-sync/src/hosts-sync
index f36c700d8..4bae44bef 100755
--- a/krebs/5pkgs/simple/github-hosts-sync/src/hosts-sync
+++ b/krebs/5pkgs/simple/github-hosts-sync/src/hosts-sync
@@ -1,66 +1,31 @@
#! /bin/sh
-# TODO do_work should retry until success
-set -euf
+set -efu
+exec >&2
-port=${port-1028}
-local_painload=$HOME/painload
-remote_painload="https://github.com/krebscode/painload"
-local_hosts=$HOME/hosts
-remote_hosts="git@github.com:krebscode/hosts.git"
+hosts_srcdir=$GITHUB_HOST_SYNC_SRCDIR
+hosts_worktree=${GITHUB_HOST_SYNC_WORKTREE-/tmp/hosts}
+hosts_url=${GITHUB_HOST_SYNC_URL-git@github.com:krebscode/hosts.git}
-main() {
- ensure_local_painload
- ensure_local_hosts
- is_worker && do_work || become_server
-}
+test -d "$hosts_worktree" || git clone "$hosts_url" "$hosts_worktree"
-ensure_local_painload() {
- test -d "$local_painload" || git clone "$remote_painload" "$local_painload"
-}
+cd "$hosts_worktree"
-ensure_local_hosts() {
- test -d "$local_hosts" || git clone "$remote_hosts" "$local_hosts"
-}
+git pull
-become_server() {
- exec socat "TCP-LISTEN:$port,reuseaddr,fork" "EXEC:$0"
-}
+rsync \
+ --chmod D755,F644 \
+ --delete-excluded \
+ --filter 'protect .git' \
+ --recursive \
+ --verbose \
+ "$hosts_srcdir/" \
+ .
-is_worker() {
- test "${SOCAT_SOCKPORT-}" = "$port"
-}
+git add .
-do_work() {
- # read request
- req_line="$(read line && echo "$line")"
- req_hdrs="$(sed -n '/^\r$/q;p')"
-
- set -x
-
- cd "$local_hosts"
- git pull >&2
-
- cd "$local_hosts"
- find . -name .git -prune -o -type f -exec git rm \{\} \; >/dev/null
-
- cd "$local_painload"
- git pull >&2
-
- find "$local_painload/retiolum/hosts" -type f -exec cp \{\} "$local_hosts" \;
-
- cd "$local_hosts"
- find . -name .git -prune -o -type f -exec git add \{\} \; >&2
- if git status --porcelain | grep -q .; then
- git config user.email "$LOGNAME@$(hostname)"
- git config user.name "$LOGNAME"
- git commit -m bump >&2
- git push >&2
- fi
-
- echo "HTTP/1.1 200 OK"
- echo
- echo "https://github.com/krebscode/hosts/archive/master.tar.gz"
- echo "https://github.com/krebscode/hosts/archive/master.zip"
-}
-
-main "$@"
+if test -n "$(git status --porcelain)"; then
+ git config user.email "$LOGNAME@$(hostname)"
+ git config user.name "$LOGNAME"
+ git commit -m bump
+ git push
+fi