adam.robins.wtf / sower
Deployment and lifecycle management for Nix
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

docs: update garden example config

Adam C. Stephens 72e463fa dfd1b43b

+36 -27
+36 -27
README.md
··· 43 43 44 44 Subscriptions are the main controls for how systems are deployed. They include: 45 45 46 - - A set of (currently primitive) seed tag matching rules 46 + - A set of seed tag matching rules 47 47 - Schedule in cron format for pull-based deployments 48 - - Which deployment profile to use 49 - 50 - #### Deployment Profiles 48 + - A `policy` controlling which deployment actions are permitted, and when 51 49 52 - Controls for what happens when the deploy occurs. 50 + #### Policy 53 51 54 - - Arguments to pass to activation 55 - - Rules about rebooting (NixOS seeds only) 52 + Each subscription carries a `policy` map of named rules. Each rule permits a set 53 + of `actions` (`stage`, `activate`, `restart`) for a set of `triggers` (`manual`, 54 + `scheduled`, `realtime`, `poll_on_connect`), optionally constrained to a time 55 + `window`. Multiple rules are OR-ed; the highest-disruption permitted action 56 + wins. See `docs/spec-deployment-policy.org` for the full specification. 56 57 57 58 #### Example garden config 58 59 59 60 ```nix 60 61 { 61 - age.secrets.sower-next-api-token = { 62 + age.secrets.sower-api-token = { 62 63 file = cfg.access_token_secret; 63 64 owner = "sower-garden"; 64 65 }; ··· 71 72 72 73 garden = { 73 74 enable = true; 74 - accessTokenFile = config.age.secrets.sower-next-api-token.path; 75 + accessTokenFile = config.age.secrets.sower-api-token.path; 75 76 package = inputs.sower-next.packages.${pkgs.stdenv.hostPlatform.system}.garden; 76 77 77 78 settings = { 78 - access_token_file = config.age.secrets.sower-next-api-token.path; 79 + access_token_file = config.age.secrets.sower-api-token.path; 79 80 endpoint = "http://localhost:7150"; 80 81 81 - deployment_profiles = { 82 - boot = { 83 - activation_args = [ "boot" ]; 84 - reboot_policy = "when-required"; 85 - }; 86 - switch = { 87 - activation_args = [ "switch" ]; 88 - reboot_policy = "never"; 89 - }; 90 - }; 91 - 92 - subscriptions = [ 93 - { 82 + subscriptions = { 83 + ${config.networking.hostName} = { 94 84 seed_name = config.networking.hostName; 95 85 seed_type = "nixos"; 96 86 rules = [ "git_branch=main" ]; 97 87 # https://hexdocs.pm/crontab/cron_notation.html 98 - schedule = "0 3"; 99 - deployment_profile = "boot"; 100 - } 101 - ]; 88 + schedule = "0 3 * * *"; 89 + timezone = "America/New_York"; 90 + 91 + policy = { 92 + # Allow manual activations anytime. 93 + manual = { 94 + actions = [ "activate" ]; 95 + triggers = [ "manual" ]; 96 + }; 97 + # Scheduled / poll-on-connect deploys may stage, activate, and 98 + # reboot — but only inside the maintenance window. 99 + maintenance = { 100 + actions = [ "stage" "activate" "restart" ]; 101 + triggers = [ "scheduled" "poll_on_connect" ]; 102 + window = { 103 + days = [ "mon" "tue" "wed" "thu" "fri" "sat" "sun" ]; 104 + time_start = "02:00"; 105 + time_end = "04:00"; 106 + }; 107 + }; 108 + }; 109 + }; 110 + }; 102 111 }; 103 112 }; 104 113 };