Add timecard-bot deployment to corp
This currently has the architecture hard-coded. That's bad, but nix is hard, and there's probably a much better way to integrate this into the system when I can be bothered to do it.
This commit is contained in:
parent
f8e532f138
commit
40517face6
5 changed files with 113 additions and 17 deletions
58
flake.lock
generated
58
flake.lock
generated
|
|
@ -296,6 +296,20 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_4": {
|
||||
"locked": {
|
||||
"lastModified": 1758763312,
|
||||
"narHash": "sha256-puBMviZhYlqOdUUgEmMVJpXqC/ToEqSvkyZ30qQ09xM=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "e57b3b16ad8758fd681511a078f35c416a8cc939",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"nixvim": {
|
||||
"inputs": {
|
||||
"flake-parts": "flake-parts_2",
|
||||
|
|
@ -393,6 +407,27 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"pyproject-nix_2": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"timecard-bot",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1758265079,
|
||||
"narHash": "sha256-amLaLNwKSZPShQHzfgmc/9o76dU8xzN0743dWgvYlr8=",
|
||||
"owner": "nix-community",
|
||||
"repo": "pyproject.nix",
|
||||
"rev": "02e9418fd4af638447dca4b17b1280da95527fc9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "pyproject.nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"authentik-nix": "authentik-nix",
|
||||
|
|
@ -400,7 +435,8 @@
|
|||
"home-manager": "home-manager",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"nixvim": "nixvim",
|
||||
"sops-nix": "sops-nix"
|
||||
"sops-nix": "sops-nix",
|
||||
"timecard-bot": "timecard-bot"
|
||||
}
|
||||
},
|
||||
"sops-nix": {
|
||||
|
|
@ -466,6 +502,26 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"timecard-bot": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs_4",
|
||||
"pyproject-nix": "pyproject-nix_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1758911329,
|
||||
"narHash": "sha256-ZYAG5ZegC+NjH59Jgmi1lyn2UyyVHzvC3UVm99wIE4M=",
|
||||
"owner": "Gleipnir-Technology",
|
||||
"repo": "timecard-bot",
|
||||
"rev": "8c81b6683f97aa2712323836e629adf102be58ac",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "Gleipnir-Technology",
|
||||
"repo": "timecard-bot",
|
||||
"rev": "8c81b6683f97aa2712323836e629adf102be58ac",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"uv2nix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
|
|
|
|||
|
|
@ -19,9 +19,10 @@
|
|||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
sops-nix.url = "github:Mic92/sops-nix";
|
||||
timecard-bot.url = "github:Gleipnir-Technology/timecard-bot?rev=8c81b6683f97aa2712323836e629adf102be58ac";
|
||||
};
|
||||
|
||||
outputs = { self, authentik-nix, disko, home-manager, nixpkgs, nixvim, sops-nix, ...}:
|
||||
outputs = { self, authentik-nix, disko, home-manager, nixpkgs, nixvim, sops-nix, timecard-bot, ...}:
|
||||
let
|
||||
configFiles = pkgs.stdenv.mkDerivation {
|
||||
name = "config-files";
|
||||
|
|
@ -37,7 +38,7 @@
|
|||
nixosConfigurations = {
|
||||
corp = import ./system.nix {
|
||||
configuration = ./host/corp/configuration.nix;
|
||||
inherit authentik-nix configFiles disko home-manager nixpkgs nixvim sops-nix system;
|
||||
inherit authentik-nix configFiles disko home-manager nixpkgs nixvim sops-nix system timecard-bot;
|
||||
};
|
||||
"sync.nidus.cloud" = import ./system.nix {
|
||||
configuration = ./host/sync/configuration.nix;
|
||||
|
|
|
|||
|
|
@ -1,21 +1,43 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
{ config, lib, pkgs, timecard-bot, ... }:
|
||||
with lib;
|
||||
let
|
||||
timecardBotSrc = pkgs.fetchFromGitHub {
|
||||
owner = "Gleipnir-Technology";
|
||||
repo = "timecard-bot";
|
||||
rev = "00b2850655295513c1e99a519d1d59c3b9847122";
|
||||
sha256 = "1f78jm3jgzwzc69q1h9nplmcbz5hb9l74phyhzkbfjb99n3vrf1q";
|
||||
};
|
||||
timecardBotFlake = (import timecardBotSrc);
|
||||
timecardBotPackage = timecardBotFlake.packages.${pkgs.system}.default;
|
||||
timecard-bot-pkg = timecard-bot.packages.x86_64-linux.default;
|
||||
in
|
||||
{
|
||||
options.myModules.timecardbot.enable = mkEnableOption "custom timecardbot configuration";
|
||||
|
||||
config = mkIf config.myModules.timecardbot.enable {
|
||||
#environment.systemPackages = with pkgs; [
|
||||
#timecardBotPackage
|
||||
#];
|
||||
environment.systemPackages = with pkgs; [
|
||||
timecard-bot-pkg
|
||||
];
|
||||
sops.secrets.timecarder-env = {
|
||||
format = "dotenv";
|
||||
group = "timecarder";
|
||||
mode = "0440";
|
||||
owner = "timecarder";
|
||||
restartUnits = ["timecarder.service"];
|
||||
sopsFile = ../../secrets/timecarder.env;
|
||||
};
|
||||
systemd.services.timecarder = {
|
||||
after=["network.target" "network-online.target"];
|
||||
description="Timecarder Matrix bot";
|
||||
requires=["network-online.target"];
|
||||
serviceConfig = {
|
||||
EnvironmentFile="/var/run/secrets/timecarder-env";
|
||||
Type = "simple";
|
||||
User = "timecarder";
|
||||
Group = "timecarder";
|
||||
ExecStart = "${timecard-bot-pkg}/bin/timecardbot";
|
||||
TimeoutStopSec = "5s";
|
||||
PrivateTmp = true;
|
||||
WorkingDirectory = "/tmp";
|
||||
};
|
||||
wantedBy = ["multi-user.target"];
|
||||
};
|
||||
users.groups.timecarder = {};
|
||||
users.users.timecarder = {
|
||||
group = "timecarder";
|
||||
isSystemUser = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
17
secrets/timecarder.env
Normal file
17
secrets/timecarder.env
Normal file
|
|
@ -0,0 +1,17 @@
|
|||
BOT_TOKEN=ENC[AES256_GCM,data:Mn5/BuGWUBA+ZizmK30S7Tn4ODLQh7FQqBHXcNY1sRaZExLUPfqeBclR9CuYRw==,iv:ZnxqYf9N/HkwZoqZnYQymbG61IE5H6oq2qDZd2HOY0w=,tag:KyTV+qfC/vMwfZKLeOyNCw==,type:str]
|
||||
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqRlgxVmdibWFKaGVGN0Y5\nMmJIZk9ITzY2MWkyNFc5a1YvVW5hUGwvZG44CmQyY1U4ZWRjeERHMVZ4cHFVS3d0\nKy9ORzkwMUo1RllNMWFJSEpRSElQWm8KLS0tIEQ0VEFuVlg2WHJFb3dLb1VDTGJo\neXFlcUpUeitCQ1dCUHowSVkrL0dPem8Kiivb89r+yOaE8qZsL8EA2GLvV+NUXikX\nps+wt1zwkzQpB3wBAQQaVdhlkMkOD50i2IwjpSBhe/1xY+SxlPwEFw==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
sops_age__list_0__map_recipient=age1fnkhk9rv7r8gh84vxnhvndk4fgh20qcj4hvnfhdpumcydl6m6vrse50lrz
|
||||
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwYlAzekFuQmZSUmEvRkFT\nUVdObXdnbFRCQ3ZYYWhWN0FLNUpCMW1SSVJvCldBUDFVQjdDMGNLSTNBaGdEamw4\nbWIwbFY4bk9jbGwyR3hWWkJtNDlkaGMKLS0tIGNKam5VQ3pFSUFPV29mVHVScEdm\nVHZSTllMaUFOVERJVXF2bkF3Y083YkkKBL8HX6n6qqENXlPBa+OzWRt8NmEyvNyQ\nf2EP9S3y1nb89uNUi8I71MmNLAqeBWm5yjiGkHf278oObbiwy74Z/Q==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
sops_age__list_1__map_recipient=age1x704pjnueguchkl54ly8w4w26ltys5900v7xnl7w3zlgasus09jszz45t8
|
||||
sops_age__list_2__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsdlFhZjFQT3FnQVUyYzNF\nTkFVd1ZpbUNPaTcwT0txMXpzQngzVXhLNTNzCmR5RjFVRjZiS3ZCMlQycTVZTHlX\nY1U3RzdaWDhVOFVOVER3aEN3U2dsZlUKLS0tIEZqUFNyTUpYYmtSUFI4T3ZGdFI0\ncTZSM2JjbTk2OE1DbmR4L0E1ZVNQeGcKKCnTIyCpwntmooj7+LW4dv4avBXiuTQQ\nVI0mcZEKqFA5MlmOdCCPPQHUxoHWEyVxNA99pLBHeFEdf9CgOUEpUA==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
sops_age__list_2__map_recipient=age15y4k929zaj9fdg3vd40pa40tgvrgv9mn22xfummn5zxfmkcw5d0st6prjx
|
||||
sops_age__list_3__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnT1FzMjRuMElNQ1NQc3Q3\nUXRIQ09ITGh6WDNtY3VKSVU0enQvV2pVcEQwCmhlQkFEeWVKTWRMUVVZN1FCTTV0\nVGlVb0VIbUdGc1d6R0w2Z3NGUEJjZEUKLS0tIGpxZE5EUUxRSkE2MmRoT3NYRjlJ\nTU9vdGxsTkthNlBiNGVLYVFNZHNDOWcKGUGezk+wXb9RgtYs9VT/SvZCvlwGC+vV\nufmvpZIr9CGcy/xZc0iewes2QEEUe8BV81aEIoFQJ6K+8e5kPIbSIw==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
sops_age__list_3__map_recipient=age1ck44jqpuz3zlthquvuh7wsemrjrgfzhn462sk7rlfetwxpgy0uqs79xn2h
|
||||
sops_age__list_4__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5dkpJblVyMmR5Z0pGclpx\nOGFFTGMrSEpVNXkyZit6Vzl0ZUFoU1pQTEZjCkZqT3RjRkNnZVYzU21UazZ2YVNx\nTDNNdE53KzRUYUJUb2pBSytMenlmUUEKLS0tIFV0Y2NSekx6ZC9GM09NU2pWRGFO\nNy9jaUl6TnpJbmZJRS9idnVPOWk5cTgKR3+9ohXjvKgJ+rHNn33Z4O8736KGY9Qu\nrXr5f6TKxiCOZCOw8sB/A6kNwb7FwZauiz3LD/8vhWfQyszla7jEBA==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
sops_age__list_4__map_recipient=age1t3ryfktuhr3cysf49m9q2n8fkjf9ajjjnhztxw9hz8paxgk4lpcq065jge
|
||||
sops_age__list_5__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3cnorR0R2RzdYU2xqN0FU\naEUrQXJER3ZwSG43cWlyVmM1QVNhNFd4V2p3CnpaV045ZHFIMU1EQkNieWk1NFFB\ncDJFVmRYaTRWL3BLVWRybVV3S09ma0EKLS0tIElsMHFmUWZTdUIyRHdrZzQ2RHlz\ncFhBR0xjNnZYZk1MdFoycVM3dyt3WkUKEl2wDC96dJMP7VDZ4VTzYgyU4X7OZjZ9\noEnFbLrLpjiaP6pCbCJdRyvuNZ+rV4PsuZqejle4fkS/sVfEn95Wbg==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
sops_age__list_5__map_recipient=age1j90h7hcp4fctr2xwj4zf9cxuelm43wkujvryc9hk6rzzc37rwdmss035w7
|
||||
sops_lastmodified=2025-09-26T18:30:47Z
|
||||
sops_mac=ENC[AES256_GCM,data:fFI//XwovLeT8M40kzb4Lr9lCl+7ZVEARxj1OsaMbKMgJq/x5sfecPjKtEMHdj5lcPbKsOJ0bjr9eN1/6RQ2pzJECXgDcs3c4jdofvANHDrtiUXjwv4BZ7gUdTVYsSpPHWO2SUAehjWHGEczkQUm+5/U1fJ1DtaKGzv3euvqB3o=,iv:OHn4abMYhEeHjhK1heyUwwVjv3WEpolfpYNu5Psl7rg=,tag:BLKZzuqtDuT7SM3NvTGTzg==,type:str]
|
||||
sops_unencrypted_suffix=_unencrypted
|
||||
sops_version=3.10.2
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
{ authentik-nix, configFiles, configuration, disko, home-manager, nixpkgs, nixvim, sops-nix, system, ... }:
|
||||
{ authentik-nix, configFiles, configuration, disko, home-manager, nixpkgs, nixvim, sops-nix, system, timecard-bot, ... }:
|
||||
let
|
||||
allowed-unfree-packages = [
|
||||
"corefonts"
|
||||
|
|
@ -37,7 +37,7 @@ in nixpkgs.lib.nixosSystem {
|
|||
system = "${system}";
|
||||
};
|
||||
specialArgs = {
|
||||
inherit configFiles;
|
||||
inherit configFiles timecard-bot;
|
||||
};
|
||||
system = "${system}";
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue