From af2753507d65e01d088161122ce5663c181a46aa Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 25 Aug 2018 16:54:13 +0200
Subject: [PATCH] add konsens module

---
 krebs/3modules/default.nix |  1 +
 krebs/3modules/konsens.nix | 80 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 81 insertions(+)
 create mode 100644 krebs/3modules/konsens.nix

diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index afc96e9ee..833349769 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -26,6 +26,7 @@ let
       ./iana-etc.nix
       ./iptables.nix
       ./kapacitor.nix
+      ./konsens.nix
       ./monit.nix
       ./newsbot-js.nix
       ./nixpkgs.nix
diff --git a/krebs/3modules/konsens.nix b/krebs/3modules/konsens.nix
new file mode 100644
index 000000000..47316d5d6
--- /dev/null
+++ b/krebs/3modules/konsens.nix
@@ -0,0 +1,80 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+
+let
+  cfg = config.krebs.konsens;
+
+  out = {
+    options.krebs.konsens = api;
+    config = lib.mkIf cfg.enable imp;
+  };
+
+  api = {
+    enable = mkEnableOption "git konsens finder";
+    repos = mkOption {
+      type = types.attrsOf (types.submodule ({ config, ...}: {
+        options = {
+          url = mkOption {
+            type = types.str;
+            default = "git@localhost:${config._module.args.name}";
+          };
+          branchesToCheck = mkOption {
+            type = types.listOf types.str;
+            default = [ "lassulus" "makefu" "tv" ];
+          };
+          target = mkOption {
+            type = types.str;
+            default = "master";
+          };
+          timerConfig = mkOption {
+            type = types.attrsOf types.str;
+            default = {
+              OnCalendar = "*:00,15,30,45";
+            };
+          };
+        };
+      }));
+    };
+  };
+
+  imp = {
+    users.users.konsens = rec {
+      name = "konsens";
+      uid = genid name;
+      home = "/var/lib/konsens";
+      createHome = true;
+    };
+
+    systemd.timers = mapAttrs' (name: repo:
+      nameValuePair "konsens-${name}" {
+        description = "konsens timer";
+        wantedBy = [ "timers.target" ];
+        timerConfig = repo.timerConfig;
+      }
+    ) cfg.repos;
+
+    systemd.services = mapAttrs' (name: repo:
+      nameValuePair "konsens-${name}" {
+        after = [ "network.target" "secret.service" ];
+        path = [ pkgs.git ];
+        restartIfChanged = false;
+        serviceConfig = {
+          Type = "simple";
+          PermissionsStartOnly = true;
+          ExecStart = pkgs.writeDash "konsens-${name}" ''
+            if ! test -e ${name}; then
+              git clone ${repo.url} ${name}
+            fi
+            cd ${name}
+            git fetch origin
+            git push origin $(git merge-base ${concatMapStringsSep " " (branch: "origin/${branch}") repo.branchesToCheck}):refs/heads/master
+          '';
+          WorkingDirectory = /var/lib/konsens;
+          User = "konsens";
+        };
+      }
+    ) cfg.repos;
+  };
+
+in out