Compare commits

...

2 commits

3 changed files with 34 additions and 1 deletions

View file

@ -423,7 +423,16 @@
hardware.rasdaemon.enable = true; hardware.rasdaemon.enable = true;
services.prometheus.exporters.ipmi = { services.prometheus.exporters.ipmi = {
enable = true; enable = true;
group = "ipmi";
}; };
users.groups.ipmi = {};
systemd.services.prometheus-ipmi-exporter.serviceConfig = {
DeviceAllow = lib.mkAfter [ "/dev/ipmi0 rw" ];
BindPaths = lib.mkAfter [ "/dev/ipmi0" ];
};
services.udev.extraRules = lib.mkAfter ''
KERNEL=="ipmi*", MODE="660", GROUP="ipmi"
'';
my.services.seaweedfs = { my.services.seaweedfs = {
securitySettings = { securitySettings = {

View file

@ -57,6 +57,12 @@ let
sha256 = "1jdyk6d80jmsg6qn7hw58088yydn78g3kn3lmgg8argihb69pf2i"; sha256 = "1jdyk6d80jmsg6qn7hw58088yydn78g3kn3lmgg8argihb69pf2i";
}; };
}); });
prometheus-ipmi-exporter = pkgs.prometheus-ipmi-exporter.override (old: {
freeipmi = old.freeipmi.overrideAttrs (oldAttrs: {
env.NIX_CFLAGS_COMPILE = "-DIPMI_DONT_CHECK_FOR_ROOT";
enableParallelBuilding = true;
});
});
}; };
}; };
nixpkgs = import ./nixpkgs { nixpkgs = import ./nixpkgs {

View file

@ -1,8 +1,12 @@
#!/usr/bin/env nix-shell #!/usr/bin/env nix-shell
#!nix-shell -p nodePackages.firebase-tools -p vault -i bash #!nix-shell -p nodePackages.firebase-tools -p vault -i bash
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
DEPOT="$(realpath "${SCRIPT_DIR}/../..")"
vault_path=unix:///run/tokend/sock vault_path=unix:///run/tokend/sock
deploycmd="deploy" deploycmd="deploy"
channelname=""
postdeploy () { postdeploy () {
return return
} }
@ -10,15 +14,29 @@ postdeploy () {
if [[ "$(groups)" =~ (.* |^)"users"($| .*) ]] || ! test -f /etc/NIXOS; then if [[ "$(groups)" =~ (.* |^)"users"($| .*) ]] || ! test -f /etc/NIXOS; then
vault_path=https://vault.int.lukegb.com vault_path=https://vault.int.lukegb.com
channelname="$(id -un)" channelname="$(id -un)"
fi
if [[ $# -gt 0 ]]; then
channelname="$1"
fi
if [[ "$channelname" != "" ]]; then
deploycmd="hosting:channel:deploy $channelname" deploycmd="hosting:channel:deploy $channelname"
postdeploy () { postdeploy () {
firebase hosting:channel:open $channelname --token="$token" firebase hosting:channel:open $channelname --token="$token"
} }
fi fi
cd $(nix-build ../.. -A web.lukegbcom) echo "Building from $DEPOT" >&2
cd $(nix-build "$DEPOT" -A web.lukegbcom)
echo "Using vault at $vault_path to get token" >&2
token="$(vault read --field=token --address="$vault_path" gcp/roleset/lukegbcom-deployer/token)" token="$(vault read --field=token --address="$vault_path" gcp/roleset/lukegbcom-deployer/token)"
if [[ "$channelname" == "" ]]; then
echo "Deploying to prod" >&2
else
echo "Deploying to preview channel '$channelname'" >&2
fi
firebase $deploycmd --token="$token" firebase $deploycmd --token="$token"
# Do it twice because sometimes it doesn't actually do anything the first time # Do it twice because sometimes it doesn't actually do anything the first time
firebase $deploycmd --token="$token" firebase $deploycmd --token="$token"