feat(renovate): enable lockFileMaintenance
This allows it to update the flake.lock and Cargo.lock files.
This commit is contained in:
parent
69fde96f67
commit
2ba6277778
GPG key ID:
F016B9E770737A0B
3 changed files with 60 additions and 53 deletions
|
|
@ -6,7 +6,6 @@
|
||||||
checks =
|
checks =
|
||||||
let
|
let
|
||||||
testDomain = "webnstest.example";
|
testDomain = "webnstest.example";
|
||||||
dynamicZonesDir = "/var/lib/named/zones";
|
|
||||||
zoneFile = pkgs.writeText "${testDomain}.zoneinfo" ''
|
zoneFile = pkgs.writeText "${testDomain}.zoneinfo" ''
|
||||||
$ORIGIN .
|
$ORIGIN .
|
||||||
$TTL 60 ; 1 minute
|
$TTL 60 ; 1 minute
|
||||||
|
|
@ -27,59 +26,65 @@
|
||||||
nsupdate IN AAAA ::1
|
nsupdate IN AAAA ::1
|
||||||
'';
|
'';
|
||||||
|
|
||||||
webnsupdate-machine = {
|
webnsupdate-machine =
|
||||||
imports = [ self.nixosModules.webnsupdate ];
|
{ config, ... }:
|
||||||
|
let
|
||||||
|
bindCfg = config.services.bind;
|
||||||
|
bindData = bindCfg.directory;
|
||||||
|
dynamicZonesDir = "${bindData}/zones";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [ self.nixosModules.webnsupdate ];
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
pkgs.dig
|
pkgs.dig
|
||||||
pkgs.curl
|
pkgs.curl
|
||||||
];
|
];
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
webnsupdate = {
|
webnsupdate = {
|
||||||
enable = true;
|
enable = true;
|
||||||
bindIp = "127.0.0.1";
|
bindIp = "127.0.0.1";
|
||||||
keyFile = "/etc/bind/rndc.key";
|
keyFile = "/etc/bind/rndc.key";
|
||||||
# test:test (user:password)
|
# test:test (user:password)
|
||||||
passwordFile = pkgs.writeText "webnsupdate.pass" "FQoNmuU1BKfg8qsU96F6bK5ykp2b0SLe3ZpB3nbtfZA";
|
passwordFile = pkgs.writeText "webnsupdate.pass" "FQoNmuU1BKfg8qsU96F6bK5ykp2b0SLe3ZpB3nbtfZA";
|
||||||
package = self'.packages.webnsupdate;
|
package = self'.packages.webnsupdate;
|
||||||
extraArgs = [
|
extraArgs = [
|
||||||
"-vvv" # debug messages
|
"-vvv" # debug messages
|
||||||
"--ip-source=ConnectInfo"
|
"--ip-source=ConnectInfo"
|
||||||
];
|
];
|
||||||
records = ''
|
records = ''
|
||||||
test1.${testDomain}.
|
test1.${testDomain}.
|
||||||
test2.${testDomain}.
|
test2.${testDomain}.
|
||||||
test3.${testDomain}.
|
test3.${testDomain}.
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
bind = {
|
|
||||||
enable = true;
|
|
||||||
zones.${testDomain} = {
|
|
||||||
master = true;
|
|
||||||
file = "${dynamicZonesDir}/${testDomain}";
|
|
||||||
extraConfig = ''
|
|
||||||
allow-update { key rndc-key; };
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
bind = {
|
||||||
|
enable = true;
|
||||||
|
zones.${testDomain} = {
|
||||||
|
master = true;
|
||||||
|
file = "${dynamicZonesDir}/${testDomain}";
|
||||||
|
extraConfig = ''
|
||||||
|
allow-update { key rndc-key; };
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.services.bind.preStart = ''
|
||||||
|
# shellcheck disable=SC2211,SC1127
|
||||||
|
rm -f ${dynamicZonesDir}/* # reset dynamic zones
|
||||||
|
|
||||||
|
mkdir -m 0755 -p ${dynamicZonesDir}
|
||||||
|
chown named ${dynamicZonesDir}
|
||||||
|
|
||||||
|
# copy dynamic zone's file to the dynamic zones dir
|
||||||
|
cp ${zoneFile} ${dynamicZonesDir}/${testDomain}
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.bind.preStart = ''
|
|
||||||
# shellcheck disable=SC2211,SC1127
|
|
||||||
rm -f ${dynamicZonesDir}/* # reset dynamic zones
|
|
||||||
|
|
||||||
${pkgs.coreutils}/bin/mkdir -m 0755 -p ${dynamicZonesDir}
|
|
||||||
chown "named" ${dynamicZonesDir}
|
|
||||||
chown "named" /var/lib/named
|
|
||||||
|
|
||||||
# copy dynamic zone's file to the dynamic zones dir
|
|
||||||
cp ${zoneFile} ${dynamicZonesDir}/${testDomain}
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
};
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
module-test = pkgs.testers.runNixOSTest {
|
module-test = pkgs.testers.runNixOSTest {
|
||||||
|
|
@ -87,6 +92,7 @@
|
||||||
nodes.machine = webnsupdate-machine;
|
nodes.machine = webnsupdate-machine;
|
||||||
testScript = ''
|
testScript = ''
|
||||||
machine.start(allow_reboot=True)
|
machine.start(allow_reboot=True)
|
||||||
|
machine.wait_for_unit("bind.service")
|
||||||
machine.wait_for_unit("webnsupdate.service")
|
machine.wait_for_unit("webnsupdate.service")
|
||||||
|
|
||||||
# ensure base DNS records area available
|
# ensure base DNS records area available
|
||||||
|
|
|
||||||
11
flake.lock
11
flake.lock
|
|
@ -37,17 +37,18 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1734424634,
|
"lastModified": 1735291276,
|
||||||
"narHash": "sha256-cHar1vqHOOyC7f1+tVycPoWTfKIaqkoe1Q6TnKzuti4=",
|
"narHash": "sha256-NYVcA06+blsLG6wpAbSPTCyLvxD/92Hy4vlY9WxFI1M=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "d3c42f187194c26d9f0309a8ecc469d6c878ce33",
|
"rev": "634fd46801442d760e09493a794c4f15db2d0cbb",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"id": "nixpkgs",
|
"owner": "NixOS",
|
||||||
"ref": "nixos-unstable",
|
"ref": "nixos-unstable",
|
||||||
"type": "indirect"
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"root": {
|
"root": {
|
||||||
|
|
|
||||||
|
|
@ -6,7 +6,7 @@
|
||||||
url = "github:hercules-ci/flake-parts";
|
url = "github:hercules-ci/flake-parts";
|
||||||
inputs.nixpkgs-lib.follows = "nixpkgs";
|
inputs.nixpkgs-lib.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
nixpkgs.url = "nixpkgs/nixos-unstable";
|
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||||
systems.url = "github:nix-systems/default";
|
systems.url = "github:nix-systems/default";
|
||||||
treefmt-nix = {
|
treefmt-nix = {
|
||||||
url = "github:numtide/treefmt-nix";
|
url = "github:numtide/treefmt-nix";
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue