Compare commits
2 commits
6d006b8b8d
...
16324cdcf8
Author | SHA1 | Date | |
---|---|---|---|
16324cdcf8 | |||
cf619ce7f6 |
3 changed files with 34 additions and 1 deletions
|
@ -423,7 +423,16 @@
|
||||||
hardware.rasdaemon.enable = true;
|
hardware.rasdaemon.enable = true;
|
||||||
services.prometheus.exporters.ipmi = {
|
services.prometheus.exporters.ipmi = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
group = "ipmi";
|
||||||
};
|
};
|
||||||
|
users.groups.ipmi = {};
|
||||||
|
systemd.services.prometheus-ipmi-exporter.serviceConfig = {
|
||||||
|
DeviceAllow = lib.mkAfter [ "/dev/ipmi0 rw" ];
|
||||||
|
BindPaths = lib.mkAfter [ "/dev/ipmi0" ];
|
||||||
|
};
|
||||||
|
services.udev.extraRules = lib.mkAfter ''
|
||||||
|
KERNEL=="ipmi*", MODE="660", GROUP="ipmi"
|
||||||
|
'';
|
||||||
|
|
||||||
my.services.seaweedfs = {
|
my.services.seaweedfs = {
|
||||||
securitySettings = {
|
securitySettings = {
|
||||||
|
|
6
third_party/default.nix
vendored
6
third_party/default.nix
vendored
|
@ -57,6 +57,12 @@ let
|
||||||
sha256 = "1jdyk6d80jmsg6qn7hw58088yydn78g3kn3lmgg8argihb69pf2i";
|
sha256 = "1jdyk6d80jmsg6qn7hw58088yydn78g3kn3lmgg8argihb69pf2i";
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
|
prometheus-ipmi-exporter = pkgs.prometheus-ipmi-exporter.override (old: {
|
||||||
|
freeipmi = old.freeipmi.overrideAttrs (oldAttrs: {
|
||||||
|
env.NIX_CFLAGS_COMPILE = "-DIPMI_DONT_CHECK_FOR_ROOT";
|
||||||
|
enableParallelBuilding = true;
|
||||||
|
});
|
||||||
|
});
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
nixpkgs = import ./nixpkgs {
|
nixpkgs = import ./nixpkgs {
|
||||||
|
|
|
@ -1,8 +1,12 @@
|
||||||
#!/usr/bin/env nix-shell
|
#!/usr/bin/env nix-shell
|
||||||
#!nix-shell -p nodePackages.firebase-tools -p vault -i bash
|
#!nix-shell -p nodePackages.firebase-tools -p vault -i bash
|
||||||
|
|
||||||
|
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
||||||
|
DEPOT="$(realpath "${SCRIPT_DIR}/../..")"
|
||||||
|
|
||||||
vault_path=unix:///run/tokend/sock
|
vault_path=unix:///run/tokend/sock
|
||||||
deploycmd="deploy"
|
deploycmd="deploy"
|
||||||
|
channelname=""
|
||||||
postdeploy () {
|
postdeploy () {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -10,15 +14,29 @@ postdeploy () {
|
||||||
if [[ "$(groups)" =~ (.* |^)"users"($| .*) ]] || ! test -f /etc/NIXOS; then
|
if [[ "$(groups)" =~ (.* |^)"users"($| .*) ]] || ! test -f /etc/NIXOS; then
|
||||||
vault_path=https://vault.int.lukegb.com
|
vault_path=https://vault.int.lukegb.com
|
||||||
channelname="$(id -un)"
|
channelname="$(id -un)"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ $# -gt 0 ]]; then
|
||||||
|
channelname="$1"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ "$channelname" != "" ]]; then
|
||||||
deploycmd="hosting:channel:deploy $channelname"
|
deploycmd="hosting:channel:deploy $channelname"
|
||||||
postdeploy () {
|
postdeploy () {
|
||||||
firebase hosting:channel:open $channelname --token="$token"
|
firebase hosting:channel:open $channelname --token="$token"
|
||||||
}
|
}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
cd $(nix-build ../.. -A web.lukegbcom)
|
echo "Building from $DEPOT" >&2
|
||||||
|
cd $(nix-build "$DEPOT" -A web.lukegbcom)
|
||||||
|
echo "Using vault at $vault_path to get token" >&2
|
||||||
token="$(vault read --field=token --address="$vault_path" gcp/roleset/lukegbcom-deployer/token)"
|
token="$(vault read --field=token --address="$vault_path" gcp/roleset/lukegbcom-deployer/token)"
|
||||||
|
|
||||||
|
if [[ "$channelname" == "" ]]; then
|
||||||
|
echo "Deploying to prod" >&2
|
||||||
|
else
|
||||||
|
echo "Deploying to preview channel '$channelname'" >&2
|
||||||
|
fi
|
||||||
firebase $deploycmd --token="$token"
|
firebase $deploycmd --token="$token"
|
||||||
# Do it twice because sometimes it doesn't actually do anything the first time
|
# Do it twice because sometimes it doesn't actually do anything the first time
|
||||||
firebase $deploycmd --token="$token"
|
firebase $deploycmd --token="$token"
|
||||||
|
|
Loading…
Reference in a new issue