{ description = "a makeshift CI solution"; inputs = { nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; }; outputs = { self, nixpkgs, }: let system = "x86_64-linux"; pkgs = import nixpkgs {inherit system;}; msci = (pkgs.writeScriptBin "msci" (builtins.readFile ./msci)).overrideAttrs (old: { buildCommand = "${old.buildCommand}\n patchShebangs $out"; }); in { packages."${system}".msci = pkgs.symlinkJoin { name = "msci"; paths = [msci pkgs.jq pkgs.git pkgs.openssl]; buildInputs = [pkgs.makeWrapper]; postBuild = "wrapProgram $out/bin/msci --prefix PATH : $out/bin"; }; nixosModules.default = { lib, config, ... }: let cfg = config.makeshiftci; in { options = with lib; { makeshiftci = mkOption { type = types.submodule { options = { enable = mkEnableOption "enable makeshiftci"; dataDir = mkOption { type = types.str; default = "/var/lib/makeshiftci"; description = "data directory of makeshiftci"; }; createUser = mkEnableOption "create a non-root user"; }; }; default = {}; }; }; config = lib.mkIf cfg.enable { environment = { variables.MSCI_HOME = cfg.dataDir; systemPackages = [self.packages."${system}".msci]; }; systemd.tmpfiles.settings."makeshiftci" = { "${cfg.dataDir}" = { d = { user = if cfg.createUser then "makeshiftci" else "root"; group = if cfg.createUser then "makeshiftci" else "root"; mode = "0750"; }; }; }; services.cron.enable = true; users = lib.mkIf cfg.createUser { users."makeshiftci" = { group = "makeshiftci"; home = cfg.dataDir; useDefaultShell = true; }; }; }; }; }; }