rexxar: make prometheus-ipmi-exporter work when launched from systemd

web/lukegbcom: shore up deployment script a bit
2024-11-24 13:00:20 +00:00 · 2024-11-24 13:00:05 +00:00
3 changed files with 34 additions and 1 deletions
--- a/ops/nixos/rexxar/default.nix
+++ b/ops/nixos/rexxar/default.nix
@ -423,7 +423,16 @@
  hardware.rasdaemon.enable = true;
  services.prometheus.exporters.ipmi = {
    enable = true;
+    group = "ipmi";
  };
+  users.groups.ipmi = {};
+  systemd.services.prometheus-ipmi-exporter.serviceConfig = {
+    DeviceAllow = lib.mkAfter [ "/dev/ipmi0 rw" ];
+    BindPaths = lib.mkAfter [ "/dev/ipmi0" ];
+  };
+  services.udev.extraRules = lib.mkAfter ''
+    KERNEL=="ipmi*", MODE="660", GROUP="ipmi"
+  '';

  my.services.seaweedfs = {
    securitySettings = {
--- a/third_party/default.nix
+++ b/third_party/default.nix
@ -57,6 +57,12 @@ let
          sha256 = "1jdyk6d80jmsg6qn7hw58088yydn78g3kn3lmgg8argihb69pf2i";
        };
      });
+      prometheus-ipmi-exporter = pkgs.prometheus-ipmi-exporter.override (old: {
+        freeipmi = old.freeipmi.overrideAttrs (oldAttrs: {
+          env.NIX_CFLAGS_COMPILE = "-DIPMI_DONT_CHECK_FOR_ROOT";
+          enableParallelBuilding = true;
+        });
+      });
    };
  };
  nixpkgs = import ./nixpkgs {
--- a/web/lukegbcom/deploy.sh
+++ b/web/lukegbcom/deploy.sh
@ -1,8 +1,12 @@
 #!/usr/bin/env nix-shell
 #!nix-shell -p nodePackages.firebase-tools -p vault -i bash

+SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+DEPOT="$(realpath "${SCRIPT_DIR}/../..")"
+
 vault_path=unix:///run/tokend/sock
 deploycmd="deploy"
+channelname=""
 postdeploy () {
  return
 }
@ -10,15 +14,29 @@ postdeploy () {
 if [[ "$(groups)" =~ (.* |^)"users"($| .*) ]] || ! test -f /etc/NIXOS; then
  vault_path=https://vault.int.lukegb.com
  channelname="$(id -un)"
+fi
+
+if [[ $# -gt 0 ]]; then
+  channelname="$1"
+fi
+
+if [[ "$channelname" != "" ]]; then
  deploycmd="hosting:channel:deploy $channelname"
  postdeploy () {
    firebase hosting:channel:open $channelname --token="$token"
  }
 fi

-cd $(nix-build ../.. -A web.lukegbcom)
+echo "Building from $DEPOT" >&2
+cd $(nix-build "$DEPOT" -A web.lukegbcom)
+echo "Using vault at $vault_path to get token" >&2
 token="$(vault read --field=token --address="$vault_path" gcp/roleset/lukegbcom-deployer/token)"

+if [[ "$channelname" == "" ]]; then
+  echo "Deploying to prod" >&2
+else
+  echo "Deploying to preview channel '$channelname'" >&2
+fi	
 firebase $deploycmd --token="$token"
 # Do it twice because sometimes it doesn't actually do anything the first time
 firebase $deploycmd --token="$token"
Author	SHA1	Message	Date
Luke Granger-Brown	16324cdcf8	rexxar: make prometheus-ipmi-exporter work when launched from systemd	2024-11-24 13:00:20 +00:00
Luke Granger-Brown	cf619ce7f6	web/lukegbcom: shore up deployment script a bit	2024-11-24 13:00:05 +00:00