Add colmena apply stage

2023-07-13 20:56:30 +02:00 · 2023-07-13 20:56:30 +02:00 · 8741712649
parent 395f6200a3
commit 8741712649
5 changed files with 29 additions and 7 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -22,9 +22,19 @@ apply:
  stage: apply
  script:
    - nix-env --install colmena
+    - eval $(ssh-agent -s)
+    - chmod 600 "$SSH_PRIVATE_KEY"
+    - ssh-add "$SSH_PRIVATE_KEY"
+    - git clone https://oauth2:${ACCESS_TOKEN_KNOWN_HOSTS}@git.grzb.de/yuri/known_hosts.git /root/.ssh
    - colmena apply --no-keys

 commit_flake:
  stage: commit_flake
+  variables:
+    GIT_AUTHOR_EMAIL: $GIT_AUTHOR_EMAIL
+    GIT_AUTHOR_NAME: $GIT_AUTHOR_NAME
+    GIT_COMMITTER_EMAIL: $GIT_COMMITTER_EMAIL
+    GIT_COMMITTER_NAME: $GIT_COMMITTER_NAME
+    ACCESS_TOKEN: $ACCESS_TOKEN
  script:
-    - echo "commit_flake"
+    - nix-env --install git 
--- a/configuration/common/default.nix
+++ b/configuration/common/default.nix
@ -1,6 +1,7 @@
 { config, pkgs, ... }:
 {
  imports = [
+    ../../users/colmena-deploy
    ../../users/yuri
  ];

@ -14,7 +15,7 @@
  security.sudo.wheelNeedsPassword = false;

  nix.settings = {
-    trusted-users = [ "@wheel" ];
+    trusted-users = [ "colmena-deploy" ];
    auto-optimise-store = true;
    experimental-features = [ "nix-command" "flakes" ];
  };
--- a/flake.lock
+++ b/flake.lock
@ -2,11 +2,11 @@
  "nodes": {
    "nixpkgs": {
      "locked": {
-        "lastModified": 1689048911,
-        "narHash": "sha256-pODI2CkjWbSLo5nPMZoLtkRNJU/Nr3VSITXZqqmNtIk=",
+        "lastModified": 1689209875,
+        "narHash": "sha256-8AVcBV1DiszaZzHFd5iLc8HSLfxRAuqcU0QdfBEF3Ag=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "8163a64662b43848802092d52015ef60777d6129",
+        "rev": "fcc147b1e9358a8386b2c4368bd928e1f63a7df2",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -14,7 +14,7 @@
      nitter = { name, nodes, pkgs, ... }: {
        deployment = {
          targetHost = "nixos-nitter.vs.grzb.de";
-          targetUser = "yuri";
+          targetUser = "colmena-deploy";
        };
        imports = [
          ./configuration/common
@ -26,7 +26,7 @@
      coturn = { name, nodes, pkgs, ... }: {
        deployment = {
          targetHost = "nixos-coturn.vs.grzb.de";
-          targetUser = "yuri";
+          targetUser = "colmena-deploy";
        };
        imports = [
          ./configuration/common
--- a/users/colmena-deploy/default.nix
+++ b/users/colmena-deploy/default.nix
@ -0,0 +1,11 @@
+{ ... }:
+{
+  users.users.colmena-deploy = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKPJbR09ZqPnfZkx9JNjCurJDXWa5XtNeNQfkPRU/ZnY colmena-deploy"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEvM35w+UaSpDTuaG5pGPgfHcfwscr+wSZN9Z5Jle82 yuri@kiara"
+    ];
+  };
+}