diff --git a/nix/pkgs/default.nix b/nix/pkgs/default.nix index 1d4e988f91..d092c60bf4 100644 --- a/nix/pkgs/default.nix +++ b/nix/pkgs/default.nix @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -{ pkgs, ... }@args: { +{ depot, pkgs, ... }@args: { bazel-run = import ./bazel-run.nix args; crane = import ./crane.nix args; javaws-env = import ./javaws-env.nix args; @@ -28,5 +28,8 @@ flameshot = pkgs.libsForQt5.callPackage ./flameshot {}; lukegb-wallpapers = pkgs.callPackage ./lukegb-wallpapers {}; rundeck-bin = pkgs.callPackage ./rundeck-bin {}; + mercurial = with pkgs; (mercurial.overridePythonAttrs (origAttrs: { + propagatedBuildInputs = [python3Packages.hg-evolve depot.nix.pkgs.hg-git]; + })); } // (import ./heptapod-runner.nix args) // (import ./lightspeed args) diff --git a/nix/pkgs/rundeck-bin/module.nix b/nix/pkgs/rundeck-bin/module.nix index c57a5f3bee..00e7f98fc2 100644 --- a/nix/pkgs/rundeck-bin/module.nix +++ b/nix/pkgs/rundeck-bin/module.nix @@ -7,11 +7,22 @@ in { options.services.rundeck = { enable = mkEnableOption "rundeck"; + user = mkOption { + default = null; + type = types.nullOr types.str; + }; + package = mkOption { default = depot.pkgs.rundeck-bin; defaultText = "depot.pkgs.rundeck-bin"; type = types.package; }; + + pathPackages = mkOption { + default = []; + defaultText = "[]"; + type = types.listOf types.package; + }; }; config = mkIf cfg.enable { @@ -19,7 +30,9 @@ in { wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; serviceConfig = { - User = "deployer"; + User = cfg.user; + DynamicUser = cfg.user != cfg.user; + Path = lib.makeBinPath cfg.pathPackages; ExecStart = "${cfg.package}/bin/rundeckd -b /var/lib/rundeck"; StateDirectory = "rundeck"; }; diff --git a/ops/nixos/bvm-nixosmgmt/default.nix b/ops/nixos/bvm-nixosmgmt/default.nix index e443992889..4798cf8a47 100644 --- a/ops/nixos/bvm-nixosmgmt/default.nix +++ b/ops/nixos/bvm-nixosmgmt/default.nix @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -{ depot, lib, ... }: +{ depot, lib, pkgs, ... }: { imports = [ ../lib/bvm.nix @@ -20,7 +20,13 @@ }; my.ip.tailscale = "100.65.226.19"; - services.rundeck.enable = true; + services.rundeck = { + enable = true; + user = "deployer"; + pathPackages = with pkgs; [ + depot.nix.pkgs.mercurial + ]; + }; environment.etc."rundeck.nodes.yaml" = let content = builtins.mapAttrs (name: value: { diff --git a/ops/nixos/lib/common.nix b/ops/nixos/lib/common.nix index deb0c8614d..e747c86eb6 100644 --- a/ops/nixos/lib/common.nix +++ b/ops/nixos/lib/common.nix @@ -86,9 +86,7 @@ in environment.systemPackages = with pkgs; [ vim rxvt_unicode.terminfo tmux rebuilder tailscale rsync libarchive tcpdump restic iftop htop jq - (mercurial.overridePythonAttrs (origAttrs: { - propagatedBuildInputs = [python3Packages.hg-evolve depot.nix.pkgs.hg-git]; - })) + depot.nix.pkgs.mercurial switch-prebuilt ]; diff --git a/ops/nixos/lib/home-manager/common.nix b/ops/nixos/lib/home-manager/common.nix index 756ad9e689..bc01146740 100644 --- a/ops/nixos/lib/home-manager/common.nix +++ b/ops/nixos/lib/home-manager/common.nix @@ -100,9 +100,7 @@ in '') rxvt_unicode.terminfo tmux rsync libarchive tcpdump restic iftop htop jq - (mercurial.overridePythonAttrs (origAttrs: { - propagatedBuildInputs = [python3Packages.hg-evolve depot.nix.pkgs.hg-git]; - })) + depot.nix.pkgs.mercurial ] ++ lib.optionals isLinux [ iotop ]));