refactor(ops/nixos): migrate to depot module arg

Previously the depot argument was provided as config.depot, but the "new
way" of doing things (which is more like the args list provided in the
rest of the depot) is to provide this as the "depot" NixOS module
argument instead.

Change-Id: Ib48b1c7c1bdff9c1eb0618c6cbacc22b651f5f98
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2763
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: glittershark <grfn@gws.fyi>
This commit is contained in:
Luke Granger-Brown 2021-04-02 12:18:50 +00:00 committed by lukegb
parent 999f98436c
commit b35e358eb5
15 changed files with 30 additions and 35 deletions

View file

@ -1,5 +1,5 @@
# Module that configures CLBot, our Gerrit->IRC info bridge.
{ config, lib, pkgs, ... }:
{ depot, config, lib, pkgs, ... }:
let
inherit (builtins) attrValues concatStringsSep mapAttrs readFile;
@ -31,7 +31,7 @@ let
description = "${description} to ${channel}";
wantedBy = [ "multi-user.target" ];
script = "${config.depot.fun.clbot}/bin/clbot ${mkFlags (cfg.flags // {
script = "${depot.fun.clbot}/bin/clbot ${mkFlags (cfg.flags // {
irc_channel = channel;
})} -alsologtostderr";

View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ depot, config, lib, pkgs, ... }:
let
cfg = config.services.depot.irccat;
@ -35,7 +35,7 @@ in {
systemd.services.irccat = {
inherit description;
preStart = "${configMerge}";
script = "${config.depot.third_party.irccat}/bin/irccat";
script = "${depot.third_party.irccat}/bin/irccat";
wantedBy = [ "multi-user.target" ];
serviceConfig = {

View file

@ -1,11 +1,11 @@
# Gerrit configuration for the TVL monorepo
{ pkgs, config, lib, ... }:
{ depot, pkgs, config, lib, ... }:
let
cfg = config.services.gerrit;
gerritHooks = pkgs.runCommandNoCC "gerrit-hooks" {} ''
mkdir -p $out
ln -s ${config.depot.ops.besadii}/bin/besadii $out/ref-updated
ln -s ${depot.ops.besadii}/bin/besadii $out/ref-updated
'';
in {
services.gerrit = {
@ -17,12 +17,12 @@ in {
"hooks"
];
plugins = with config.depot.third_party.gerrit_plugins; [
plugins = with depot.third_party.gerrit_plugins; [
checks
owners
];
package = config.depot.third_party.gerrit;
package = depot.third_party.gerrit;
jvmHeapLimit = "4g";

View file

@ -1,8 +1,7 @@
{ config, lib, pkgs, ... }:
{ depot, config, lib, pkgs, ... }:
let
cfg = config.services.depot.panettone;
depot = config.depot;
in {
options.services.depot.panettone = with lib; {
enable = mkEnableOption "Panettone issue tracker";

View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ depot, config, lib, pkgs, ... }:
let
cfg = config.services.depot.paroxysm;
@ -9,7 +9,7 @@ in {
config = lib.mkIf cfg.enable {
systemd.services.paroxysm = {
inherit description;
script = "${config.depot.fun.paroxysm}/bin/paroxysm";
script = "${depot.fun.paroxysm}/bin/paroxysm";
wantedBy = [ "multi-user.target" ];
environment = {

View file

@ -1,5 +1,5 @@
# NixOS module for configuring the simple SMTP relay.
{ pkgs, config, lib, ... }:
{ depot, pkgs, config, lib, ... }:
let
inherit (builtins) attrValues mapAttrs;
@ -40,7 +40,7 @@ in {
config = mkIf cfg.enable {
systemd.services.smtprelay = {
inherit description;
script = "${config.depot.third_party.smtprelay}/bin/smtprelay ${prepareArgs cfg.args}";
script = "${depot.third_party.smtprelay}/bin/smtprelay ${prepareArgs cfg.args}";
wantedBy = [ "multi-user.target" ];
serviceConfig = {

View file

@ -1,10 +1,9 @@
# Run sourcegraph, including its entire machinery, in a container.
# Running it outside of a container is a futile endeavour for now.
{ config, pkgs, lib, ... }:
{ depot, config, pkgs, lib, ... }:
let
cfg = config.services.depot.sourcegraph;
depot = config.depot;
in {
options.services.depot.sourcegraph = with lib; {
enable = mkEnableOption "SourceGraph code search engine";

View file

@ -1,9 +1,9 @@
# Configures an OpenLDAP instance for TVL
#
# TODO(tazjin): Configure ldaps://
{ config, lib, pkgs, ... }:
{ depot, lib, pkgs, ... }:
with config.depot.nix.yants;
with depot.nix.yants;
let
user = struct {
@ -24,7 +24,7 @@ let
userPassword: ${u.password}
'');
inherit (config.depot.ops) users;
inherit (depot.ops) users;
in {
# Use our patched OpenLDAP derivation which enables stronger password hashing.
@ -34,7 +34,7 @@ in {
# *large* number of rebuilds of packages such as GPG and Python.
nixpkgs.overlays = [
(_: _: {
inherit (config.depot.third_party) openldap;
inherit (depot.third_party) openldap;
})
];

View file

@ -1,8 +1,8 @@
# Configures an Apereo CAS instance for TVL SSO
{ config, ... }:
{ depot, ... }:
let
inherit (config.depot.third_party) apereo-cas;
inherit (depot.third_party) apereo-cas;
in {
config = {
environment.systemPackages = [ apereo-cas ];

View file

@ -13,10 +13,8 @@ let
ln -s ${depot.ops.besadii}/bin/besadii $out/bin/post-command
'';
in lib.fix(self: {
inherit depot;
imports = [
"${depot.depotPath}/ops/nixos/clbot.nix"
"${depot.depotPath}/ops/nixos/depot.nix"
"${depot.depotPath}/ops/nixos/irccat.nix"
"${depot.depotPath}/ops/nixos/monorepo-gerrit.nix"
"${depot.depotPath}/ops/nixos/panettone.nix"

View file

@ -1,4 +1,4 @@
{ config, ... }:
{ depot, ... }:
{
imports = [
@ -17,7 +17,7 @@
#
# TODO(tazjin): Implement a way of serving this dynamically
location = /about/tvix/docs/component-flow.svg {
alias ${config.depot.tvix.docs.svg}/component-flow.svg;
alias ${depot.tvix.docs.svg}/component-flow.svg;
}
# Static assets must always hit the root.

View file

@ -1,8 +1,7 @@
# serve tazjin's website & blog
{ config, lib, pkgs, ... }:
{ depot, config, lib, pkgs, ... }:
let depot = config.depot;
in {
{
imports = [
./base.nix
];

View file

@ -1,4 +1,4 @@
{ config, ... }:
{ depot, ... }:
{
imports = [
@ -9,7 +9,7 @@
services.nginx.virtualHosts."todo.tvl.fyi" = {
serverName = "todo.tvl.fyi";
serverAliases = [ "todo.tvl.su" ];
root = config.depot.web.todolist;
root = depot.web.todolist;
enableACME = true;
forceSSL = true;

View file

@ -1,4 +1,4 @@
{ config, ... }:
{ depot, ... }:
{
imports = [
@ -8,7 +8,7 @@
config = {
services.nginx.virtualHosts."tvl.fyi" = {
serverName = "tvl.fyi";
root = config.depot.web.tvl;
root = depot.web.tvl;
enableACME = true;
forceSSL = true;

View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ depot, lib, pkgs, ... }:
{
imports = [
@ -9,7 +9,7 @@
services.nginx.virtualHosts."wigglydonke.rs" = {
enableACME = true;
forceSSL = true;
root = "${config.depot.depotPath}/users/glittershark/wigglydonke.rs";
root = "${depot.depotPath}/users/glittershark/wigglydonke.rs";
};
};
}