diff --git a/infrastructure-formula/infrastructure/salt/files/etc/systemd/system/salt-stage.path b/infrastructure-formula/infrastructure/salt/files/etc/systemd/system/salt-stage.path new file mode 100644 index 00000000..eb6f9734 --- /dev/null +++ b/infrastructure-formula/infrastructure/salt/files/etc/systemd/system/salt-stage.path @@ -0,0 +1,27 @@ +# Path unit to watch for Salt Git repository changes. +# Copyright (C) 2024 Georg Pfuetzenreuter +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +{{ pillar.get('managed_by_salt_formula', '# Managed by the infrastructure formula') }} + +[Unit] +Description=Salt repository monitor + +[Path] +PathChanged={{ directory }}/.git/refs/heads/{{ branch }} +TriggerLimitBurst=50 + +[Install] +WantedBy=paths.target diff --git a/infrastructure-formula/infrastructure/salt/files/etc/systemd/system/salt-stage.service b/infrastructure-formula/infrastructure/salt/files/etc/systemd/system/salt-stage.service new file mode 100644 index 00000000..7d26ea2c --- /dev/null +++ b/infrastructure-formula/infrastructure/salt/files/etc/systemd/system/salt-stage.service @@ -0,0 +1,27 @@ +# Service unit to validate and copy a Salt Git repository. +# Copyright (C) 2024 Georg Pfuetzenreuter +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +{{ pillar.get('managed_by_salt_formula', '# Managed by the infrastructure formula') }} +{%- set pistis = salt['pillar.get']('infrastructure:salt:pistis', {}) %} + +[Unit] +Description=Salt repository validation + +[Service] +Type=oneshot +EnvironmentFile=/etc/pistis +ExecStart=pistis{{ ' -gitlab ' ~ pistis.gitlab if 'gitlab' in pistis }} -repository {{ directory }}{{ ' -ignore-merge' if pistis.get('ignore-merge') is True }}{{ ' -loglevel ' ~ pistis.loglevel if 'loglevel' in pistis }} +ExecStartPost=rsync -a {{ directory }}/ {{ directory }}-validated diff --git a/infrastructure-formula/infrastructure/salt/pistis.sls b/infrastructure-formula/infrastructure/salt/pistis.sls new file mode 100644 index 00000000..d1d6dd17 --- /dev/null +++ b/infrastructure-formula/infrastructure/salt/pistis.sls @@ -0,0 +1,31 @@ +{%- from 'infrastructure/salt/map.jinja' import git -%} + +salt_pistis_package: + pkg.installed: + - name: pistis + +salt_pistis_files: + file.managed: + - names: + - /etc/systemd/system/salt-stage.path: + - source: salt://infrastructure/salt/files/etc/systemd/system/salt-stage.path + - mode: '0644' + - /etc/systemd/system/salt-stage.service: + - source: salt://infrastructure/salt/files/etc/systemd/system/salt-stage.service + - mode: '0644' + - /etc/pistis: + - contents: + - {{ pillar.get('managed_by_salt_formula', '# Managed by the infrastructure formula') | yaml_encode }} + - 'GITLAB_TOKEN={{ salt['pillar.get']('infrastructure:salt:pistis:gitlab_token', '') }}' + - mode: '0600' + - context: + branch: {{ git.branch }} + directory: {{ git.directory }} + - template: jinja + +salt_pistis_service: + service.running: + - name: salt-stage.path + - reload: False + - watch: + - file: salt_pistis_files