eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions

Polish ringtail NixOS config and add documentation #208

Merged
eblume merged 30 commits from feature/ringtail-nixos into main 2026-02-18 17:53:48 -08:00
Conversation 0 Commits 30 Files changed 11 +40 -2
3 changed files with 40 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit df5d1bae4d - Show all commits

Add Dagger flake-lock function and improve provision-ringtail

Prev Next 
- New `flake-lock` Dagger function: runs `nix flake lock` in a
  nixos/nix container, returns the updated flake.lock file.
- provision-ringtail now: updates flake.lock via Dagger before
  deploy, verifies current commit is pushed to forge, and passes
  the exact commit SHA to the ansible playbook.
- Playbook accepts `ringtail_commit` var to deploy a specific ref.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Erich Blume 2026-02-18 10:21:29 -08:00
commit df5d1bae4d

16
.dagger/src/blumeops_ci/main.py
View file

@ -1,6 +1,8 @@
import dagger
from dagger import dag, function, object_type
NIX_IMAGE = "nixos/nix:2.33.3"
@object_type
class BlumeopsCi:
@ -67,3 +69,17 @@ class BlumeopsCi:
)
.file(f"/docs-{version}.tar.gz")
)
@function
async def flake_lock(
self, src: dagger.Directory, flake_path: str = "nixos/ringtail"
) -> dagger.File:
"""Resolve flake inputs and return updated flake.lock."""
return await (
dag.container()
.from_(NIX_IMAGE)
.with_directory("/workspace", src)
.with_workdir(f"/workspace/{flake_path}")
.with_exec(["nix", "flake", "lock", "--accept-flake-config"])
.file(f"/workspace/{flake_path}/flake.lock")
)

2
ansible/playbooks/ringtail.yml
View file

@ -8,7 +8,7 @@
ansible.builtin.git:
repo: "https://forge.ops.eblu.me/eblume/blumeops.git"
dest: /etc/blumeops
version: main
version: "{{ ringtail_commit | default('main') }}"
force: true
register: _repo

24
mise-tasks/provision-ringtail
View file

@ -5,5 +5,27 @@ set -euo pipefail
export MISE_TASK_OUTPUT=interleave
# Update flake.lock via Dagger before deploying
echo "Updating nixos/ringtail/flake.lock..."
dagger call flake-lock --src=. --flake-path=nixos/ringtail \
export --path=nixos/ringtail/flake.lock
if ! git diff --quiet nixos/ringtail/flake.lock; then
git add nixos/ringtail/flake.lock
echo "flake.lock changed and staged. Commit, push, and re-run."
exit 1
fi
COMMIT=$(git rev-parse HEAD)
REMOTE_REF=$(git ls-remote origin "$(git rev-parse --abbrev-ref HEAD)" 2>/dev/null | awk '{print $1}')
if [[ "$REMOTE_REF" != "$COMMIT" ]]; then
echo "ERROR: Current commit $COMMIT is not pushed to forge."
echo "Push your changes first: git push"
exit 1
fi
echo "Deploying commit $COMMIT to ringtail..."
cd ansible
ansible-playbook playbooks/ringtail.yml "$@"
ansible-playbook playbooks/ringtail.yml -e "ringtail_commit=$COMMIT" "$@"