ci: install keychain for use in scripts
This commit is contained in:
parent
336973e5b5
commit
f83024c42d
2
bin/ci
2
bin/ci
@ -6,6 +6,8 @@ direnv allow
|
|||||||
|
|
||||||
CMD=${1:-""}
|
CMD=${1:-""}
|
||||||
|
|
||||||
|
eval $(keychain --eval --agents ssh --inherit any)
|
||||||
|
|
||||||
start_ci
|
start_ci
|
||||||
|
|
||||||
trap ci_error INT TERM
|
trap ci_error INT TERM
|
||||||
|
|||||||
@ -59,14 +59,16 @@ in with lib; {
|
|||||||
owner = config.services.tsrevprox.user;
|
owner = config.services.tsrevprox.user;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
environment.systemPackages = [ inputs.po.packages.${pkgs.system}.po ];
|
environment.systemPackages = with pkgs; [
|
||||||
|
inputs.po.packages.${pkgs.system}.po
|
||||||
|
keychain
|
||||||
|
];
|
||||||
|
|
||||||
nix = {
|
nix = {
|
||||||
settings.allowed-users = [ "root" config.xinCI.user "nix-serve" ];
|
settings.allowed-users = [ "root" config.xinCI.user "nix-serve" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services =
|
systemd.services = lib.listToAttrs (builtins.map xinlib.jobToService jobs);
|
||||||
lib.listToAttrs (builtins.map xinlib.jobToService jobs);
|
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
tsrevprox = {
|
tsrevprox = {
|
||||||
|
|||||||
@ -674,8 +674,16 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
managementRoom = "#moderation:tapenet.org";
|
managementRoom = "#moderation:tapenet.org";
|
||||||
automaticallyRedactForReasons =
|
automaticallyRedactForReasons = [
|
||||||
[ "spam" "advertising" "racism" "nazi" "nazism" "trolling" "porn" "csam" ];
|
"spam"
|
||||||
|
"advertising"
|
||||||
|
"racism"
|
||||||
|
"nazi"
|
||||||
|
"nazism"
|
||||||
|
"trolling"
|
||||||
|
"porn"
|
||||||
|
"csam"
|
||||||
|
];
|
||||||
aditionalPrefixes = [ "hammer" ];
|
aditionalPrefixes = [ "hammer" ];
|
||||||
confirmWildcardBan = false;
|
confirmWildcardBan = false;
|
||||||
};
|
};
|
||||||
|
|||||||
@ -8,9 +8,6 @@ let
|
|||||||
jobToUserService = job: {
|
jobToUserService = job: {
|
||||||
name = "${job.name}";
|
name = "${job.name}";
|
||||||
value = {
|
value = {
|
||||||
serviceConfig = {
|
|
||||||
User = "${job.user}";
|
|
||||||
};
|
|
||||||
script = mkCronScript "${job.name}_script" job.script;
|
script = mkCronScript "${job.name}_script" job.script;
|
||||||
inherit (job) startAt path;
|
inherit (job) startAt path;
|
||||||
};
|
};
|
||||||
@ -20,6 +17,7 @@ let
|
|||||||
value = {
|
value = {
|
||||||
script = mkCronScript "${job.name}_script" job.script;
|
script = mkCronScript "${job.name}_script" job.script;
|
||||||
inherit (job) startAt path;
|
inherit (job) startAt path;
|
||||||
|
serviceConfig = { User = "${job.user}"; };
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
buildShell = pkgs:
|
buildShell = pkgs:
|
||||||
@ -51,6 +49,8 @@ let
|
|||||||
system.autoUpgrade.enable = state != "DIRTY";
|
system.autoUpgrade.enable = state != "DIRTY";
|
||||||
};
|
};
|
||||||
|
|
||||||
xinlib = { inherit buildVer mkCronScript jobToUserService jobToService buildShell; };
|
xinlib = {
|
||||||
|
inherit buildVer mkCronScript jobToUserService jobToService buildShell;
|
||||||
|
};
|
||||||
|
|
||||||
in xinlib
|
in xinlib
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user