Merge weasel and gitea-dump

Proper override for haskell package

madness

Fix nix-serve-ng override

m/common/base.nix

@@ -7,6 +7,7 @@
     ./base/august-shutdown.nix
     ./base/boot.nix
     ./base/env.nix
+    ./base/fish.nix
     ./base/fs.nix
     ./base/hw.nix
     ./base/net.nix

m/common/base/env.nix

@@ -53,9 +53,22 @@
     VISUAL = "vim";
   };
 
-  programs.bash.promptInit = ''
+  programs.bash.promptInit = # bash
-    PS1="\h\\$ "
+    ''
-  '';
+      if echo "$PATH" | grep -qc '/nix/store'; then
+        # Inside a nix shell, dumb prompt
+        PS1="\h\\$ "
+      elif [ "$TERM" != "dumb" ] ; then
+        PROMPT_COLOR="1;31m"
+        ((UID)) && PROMPT_COLOR="1;32m"
+
+        PS1="\n\[\033[$PROMPT_COLOR\][\[\e]0;\u@\h: \w\a\]\u@\h:\w]\\$\[\033[0m\] "
+
+        if test "$TERM" = "xterm"; then
+          PS1="\[\033]2;\h:\u:\w\007\]$PS1"
+        fi
+      fi
+    '';
 
   time.timeZone = "Europe/Madrid";
   i18n.defaultLocale = "en_DK.UTF-8";

m/common/base/fish.nix

@@ -0,0 +1,3 @@
+{
+  programs.fish.enable = true;
+}

m/common/base/users.nix

@@ -87,6 +87,13 @@
         openssh.authorizedKeys.keys = [
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIIFiqXqt88VuUfyANkZyLJNiuroIITaGlOOTMhVDKjf abonerib@bsc"
         ];
+        shell = pkgs.fish;
+        packages = with pkgs; [
+          fzf
+          jujutsu
+          neovim
+          starship
+        ];
       };
 
       vlopez = {

m/tent/gitea.nix

@@ -6,26 +6,60 @@
 
     settings = {
       server = {
-        ROOT_URL = "https://jungle.bsc.es/git/";
-        LOCAL_ROOT_URL = "https://jungle.bsc.es/git/";
         LANDING_PAGE = "explore";
       };
-      metrics.ENABLED = true;
       service = {
-        DISABLE_REGISTRATION = true;
-        REGISTER_MANUAL_CONFIRM = true;
-        ENABLE_NOTIFY_MAIL = true;
       };
       log.LEVEL = "Warn";
 
       mailer = {
-        ENABLED       = true;
+        ENABLED       = false;
         FROM          = "jungle-robot@bsc.es";
         PROTOCOL      = "sendmail";
         SENDMAIL_PATH = "/run/wrappers/bin/sendmail";
         SENDMAIL_ARGS = "--";
       };
     };
+
+    dump = {
+      enable = false; # Do not enable NixOS module, use our custom systemd script below
+      backupDir = "/vault/gitea";
+    };
+  };
+
+  systemd.services.gitea-dump-rotating = let
+    cfg = config.services.gitea;
+    exe = lib.getExe cfg.package;
+  in {
+    description = "gitea dump rotation";
+    after = [ "gitea.service" ];
+    path = [ cfg.package ];
+
+    environment = {
+      USER = cfg.user;
+      HOME = cfg.stateDir;
+      GITEA_WORK_DIR = cfg.stateDir;
+      GITEA_CUSTOM = cfg.customDir;
+    };
+
+    serviceConfig = {
+      Type = "oneshot";
+      User = cfg.user;
+      WorkingDirectory = cfg.dump.backupDir;
+    };
+
+    script = ''
+      name="gitea-dump-$(date +%a).${cfg.dump.type}"
+      ${exe} dump --type ${cfg.dump.type} --file - >"$name.tmp"
+      mv "$name.tmp" "$name"
+    '';
+  };
+
+  systemd.timers.gitea-dump-rotating = {
+    description = "Update timer for gitea-dump-rotating";
+    partOf = [ "gitea-dump-rotating.service" ];
+    wantedBy = [ "timers.target" ];
+    timerConfig.OnCalendar = config.services.gitea.dump.interval;
   };
 
   # Allow gitea user to send mail

m/weasel/configuration.nix

@@ -1,9 +1,11 @@
-{ lib, ... }:
+{ lib, pkgs, ... }:
 
 {
   imports = [
     ../common/ssf.nix
     ../module/hut-substituter.nix
+    ./hydra.nix
+    ../tent/gitea.nix
   ];
 
   # Select this using the ID to avoid mismatches
@@ -30,4 +32,22 @@
       prefixLength = 24;
     } ];
   };
+
+  services.nix-serve = {
+    enable = true;
+    bindAddress = "0.0.0.0";
+    port = 5000;
+    package = pkgs.haskell.lib.overrideSrc (pkgs.haskell.packages.ghc96.nix-serve-ng.override { nix = pkgs.nixVersions.nix_2_28; }) {
+      src = pkgs.fetchgit {
+        url = "https://jungle.bsc.es/git/abonerib/nix-serve-ng.git";
+        rev = "9c056641300a826db66b66d7e584b2541d38927a";
+        hash = "sha256-y69ZchFiZOU71eyeljcQgLxkLk5JUzZfanq8Yzw4MkI=";
+      };
+      version = "unstable";
+    };
+
+    secretKeyFile = "/var/cache-priv-key.pem";
+    # Public key:
+    # 10.0.40.6:8jBhIdXEBap+Qo+vc1/fnV9vj43A2oDk839EEheRr/U=
+  };
 }

m/weasel/hydra.nix

@@ -0,0 +1,57 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+{
+  services.hydra = {
+    enable = true;
+
+    # Wrap hydra so it puts quiet flag every time... This is dumb and annoying,
+    # but i can't override the systemd ExecStart without running into infinite
+    # recursion.
+    package = pkgs.symlinkJoin {
+      name = "hydra-quiet";
+      paths = [ pkgs.hydra ];
+      postBuild = ''
+        for prog in hydra-queue-runner hydra-evaluator ; do
+          prev=$(realpath $out/bin/$prog)
+          rm $out/bin/$prog
+          cat >$out/bin/$prog <<EOF
+        #!/bin/sh
+        args=()
+        for arg in "\$@"; do
+          if [ "\$arg" != "-v" ]; then
+            args+=("\$arg")
+          fi
+        done
+        exec $prev --quiet "\''${args[@]}"
+        EOF
+
+          chmod +x $out/bin/$prog
+        done
+      '';
+    };
+
+    hydraURL = "http://localhost:3001"; # externally visible URL
+    notificationSender = "hydra@jungle.bsc.es"; # e-mail of Hydra service
+    port = 3001;
+    # a standalone Hydra will require you to unset the buildMachinesFiles list to avoid using a nonexistant /etc/nix/machines
+    buildMachinesFiles = [ ];
+    # you will probably also want, otherwise *everything* will be built from scratch
+    useSubstitutes = true;
+    listenHost = "0.0.0.0"; # Force IPv4
+  };
+
+  systemd.services.hydra-send-stats.enable = lib.mkForce false;
+
+  networking.firewall.allowedTCPPorts = [ config.services.hydra.port ];
+
+  nix.settings.extra-allowed-uris = [
+    "git+ssh://git@bscpm04.bsc.es"
+    "git+ssh://git@gitlab-internal.bsc.es"
+    "https://github.com"
+    "git+ssh://github.com"
+  ];
+}