ci

2026-06-03 10:04:07 +02:00 · 2025-08-06 21:29:39 +02:00 · 2025-08-06 21:29:39 +02:00 · b241199af9
commit b241199af9
parent 6020b05e5c
7 changed files with 84 additions and 77 deletions
--- a/.forgejo/workflows/ci.yml
+++ b/.forgejo/workflows/ci.yml
@ -0,0 +1,16 @@
 name: "CI"
 on:
  pull_request:
  push:
 jobs:
  checks:
    runs-on: nix
    steps:
      - uses: actions/checkout@v4
      - uses: https://codeberg.org/icewind/attic-action@v1
        with:
          name: link
          instance: https://cache.icewind.link
          authToken: "${{ secrets.ATTIC_TOKEN }}"
      - run: nix flake check --keep-going
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -1,16 +0,0 @@
 on: [push, pull_request]
 name: CI
 jobs:
  check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: cachix/install-nix-action@v27
      - uses: icewind1991/attic-action@v1
        with:
          name: ci
          instance: https://cache.icewind.me
          authToken: "${{ secrets.ATTIC_TOKEN }}"
      - run: nix flake check --keep-going
--- a/README.md
+++ b/README.md
@ -7,22 +7,26 @@ Automatically spawn and destroy a tf2 server on a schedule
 - Copy `config.sample.toml` to `config.toml` and edit accordingly
 - Start `dispenser config.toml` as a system service
-When the configured start schedule is reached it will create a new cloud server, update the dyndns (optional)
+When the configured start schedule is reached it will create a new cloud server,
-and install a tf2 server.
+update the dyndns (optional) and install a tf2 server. This server is then
-This server is then destroyed when the stop schedule is reached.
+destroyed when the stop schedule is reached.
-As a failsafe against unexpected costs or destroying the wrong server, this program will not spawn any server
+As a failsafe against unexpected costs or destroying the wrong server, this
-if it already detects a running one, and it will only destroy a server that was created by the program.
+program will not spawn any server if it already detects a running one, and it
 will only destroy a server that was created by the program.
-This does mean that if the program is (re-)started while a server is already active, the program will not
+This does mean that if the program is (re-)started while a server is already
-start and destroy any server because it can't be sure it should control the running server.
+active, the program will not start and destroy any server because it can't be
-You'll need to manually destroy the existing server in that case.
+sure it should control the running server. You'll need to manually destroy the
 existing server in that case.
-You can overwrite this behavior by setting `manage_existing = true` in your `config.toml`,
+You can overwrite this behavior by setting `manage_existing = true` in your
 `config.toml`,
 ## Manual usage
-Instead of managing the servers on a schedule with a background server you can also manually manage the server.
+Instead of managing the servers on a schedule with a background server you can
 also manually manage the server.
 ### List running servers
@ -36,7 +40,8 @@ dispenser config.toml list
 dispenser config.toml start
 ```
-Note that this will not start an additional server is a server is already running
+Note that this will not start an additional server is a server is already
 running
 ### Stop a running server
@ -46,11 +51,13 @@ dispenser config.toml stop
 ## Dealing with secrets
-If you want to store your config file in version control but don't want to store your secrets there,
+If you want to store your config file in version control but don't want to store
-you can choose to load the secrets from other files by specifying the secret as an absolute path.
+your secrets there, you can choose to load the secrets from other files by
 specifying the secret as an absolute path.
-This can be done for the following config options:
+This can be done for the following config options: `server.demostf_key`,
-`server.demostf_key`, `server.logstf_key`, `vultr.api_key`, `digitalocean.api_key` and `dyndns.password`.
+`server.logstf_key`, `vultr.api_key`, `digitalocean.api_key` and
 `dyndns.password`.
 ## TODO
--- a/flake.nix
+++ b/flake.nix
@ -10,20 +10,21 @@
      inputs.flakelight.follows = "flakelight";
    };
  };
-  outputs = { mill-scale, ... }: mill-scale ./. {
+  outputs = {mill-scale, ...}:
-    nixosModules = { outputs, ... }: {
+    mill-scale ./. {
-      default =
+      nixosModules = {outputs, ...}: {
-        { pkgs
+        default = {
-        , config
+          pkgs,
-        , lib
+          config,
-        , ...
+          lib,
          ...
        }: {
-          imports = [ ./nix/module.nix ];
+          imports = [./nix/module.nix];
          config = {
-            nixpkgs.overlays = [ outputs.overlays.default ];
+            nixpkgs.overlays = [outputs.overlays.default];
            services.dispenser.package = lib.mkDefault pkgs.dispenser;
          };
        };
      };
    };
  };
 }
--- a/nix/module.nix
+++ b/nix/module.nix
@ -1,17 +1,17 @@
-{ config
+{
-, lib
+  config,
-, pkgs
+  lib,
-, ...
+  pkgs,
  ...
 }:
 with lib; let
  cfg = config.services.dispenser;
-  format = pkgs.formats.toml { };
+  format = pkgs.formats.toml {};
  configFile = format.generate "dispenser.toml" (filterAttrs (n: v: v != null) {
    inherit (cfg) server vultr dyndns schedule;
    digital_ocean = cfg.digitalocean;
  });
-in
+in {
 {
  options.services.dispenser = {
    enable = mkEnableOption "Enables the dispenser service";
@ -168,7 +168,7 @@ in
  config = mkIf cfg.enable {
    systemd.services.dispenser = {
-      wantedBy = [ "multi-user.target" ];
+      wantedBy = ["multi-user.target"];
      serviceConfig = {
        ExecStart = "${cfg.package}/bin/dispenser ${configFile}";
@ -193,7 +193,7 @@ in
        RestrictAddressFamilies = "AF_INET AF_INET6";
        RestrictRealtime = true;
        ProtectProc = "noaccess";
-        SystemCallFilter = [ "@system-service" "~@resources" "~@privileged" ];
+        SystemCallFilter = ["@system-service" "~@resources" "~@privileged"];
        IPAddressDeny = "localhost link-local multicast";
      };
    };
@ -201,7 +201,7 @@ in
    environment.systemPackages = [
      (pkgs.writeShellApplication {
        name = "dispenser-cli";
-        runtimeInputs = [ cfg.package ];
+        runtimeInputs = [cfg.package];
        text = ''
          ${cfg.package}/bin/dispenser ${configFile} "$@"
--- a/nix/overlay.nix
+++ b/nix/overlay.nix
@ -1,3 +1,3 @@
 final: prev: {
-  dispenser = final.callPackage ./package.nix { };
+  dispenser = final.callPackage ./package.nix {};
 }
--- a/nix/package.nix
+++ b/nix/package.nix
@ -1,34 +1,33 @@
-{ stdenv
+{
-, rustPlatform
+  stdenv,
-, libsodium
+  rustPlatform,
-, pkg-config
+  libsodium,
-, lib
+  pkg-config,
-, rust-bin
+  lib,
-,
+  rust-bin,
-}:
+}: let
 let
  inherit (lib.sources) sourceByRegex;
  inherit (builtins) fromTOML readFile;
-  src = sourceByRegex ../. [ "Cargo.*" "(src)(/.*)?" ];
+  src = sourceByRegex ../. ["Cargo.*" "(src)(/.*)?"];
  cargoPackage = (fromTOML (readFile ../Cargo.toml)).package;
 in
-rustPlatform.buildRustPackage rec {
+  rustPlatform.buildRustPackage rec {
-  pname = cargoPackage.name;
+    pname = cargoPackage.name;
-  inherit (cargoPackage) version;
+    inherit (cargoPackage) version;
-  inherit src;
+    inherit src;
-  buildInputs = [
+    buildInputs = [
-    libsodium
+      libsodium
-  ];
+    ];
-  nativeBuildInputs = [
+    nativeBuildInputs = [
-    pkg-config
+      pkg-config
-  ];
+    ];
-  doCheck = false;
+    doCheck = false;
-  cargoLock = {
+    cargoLock = {
-    lockFile = ../Cargo.lock;
+      lockFile = ../Cargo.lock;
-  };
+    };
-}
+  }