diff --git a/pkgs/default.nix b/pkgs/default.nix index af39384..5d4e3d8 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -12,6 +12,8 @@ pkgs.lib.makeScope pkgs.newScope (pkgs: { dragger = pkgs.callPackage ./dragger { }; + drone-rsync = pkgs.callPackage ./drone-rsync { }; + drone-scp = pkgs.callPackage ./drone-scp { }; ff2mpv-go = pkgs.callPackage ./ff2mpv-go { }; diff --git a/pkgs/drone-rsync/default.nix b/pkgs/drone-rsync/default.nix new file mode 100644 index 0000000..16bc9e3 --- /dev/null +++ b/pkgs/drone-rsync/default.nix @@ -0,0 +1,43 @@ +{ lib, makeWrapper, openssh, rsync, shellcheck, sshpass, stdenvNoCC }: +stdenvNoCC.mkDerivation rec { + pname = "drone-rsync"; + version = "0.1.0"; + + src = ./drone-rsync; + + buildInputs = [ + makeWrapper + shellcheck + ]; + + dontUnpack = true; + + buildPhase = '' + shellcheck $src + ''; + + installPhase = '' + mkdir -p $out/bin + cp $src $out/bin/${pname} + chmod a+x $out/bin/${pname} + ''; + + wrapperPath = lib.makeBinPath [ + openssh + rsync + sshpass + ]; + + fixupPhase = '' + patchShebangs $out/bin/${pname} + wrapProgram $out/bin/${pname} --prefix PATH : "${wrapperPath}" + ''; + + meta = with lib; { + description = "Helper script to run rsync in a CI pipeline"; + homepage = "https://gitea.belanyi.fr/ambroisie/nix-config"; + license = with licenses; [ mit ]; + platforms = platforms.unix; + maintainers = with maintainers; [ ambroisie ]; + }; +} diff --git a/pkgs/drone-rsync/drone-rsync b/pkgs/drone-rsync/drone-rsync new file mode 100755 index 0000000..b6491e7 --- /dev/null +++ b/pkgs/drone-rsync/drone-rsync @@ -0,0 +1,31 @@ +#!/usr/bin/env bash + +set -euo pipefail + +ARGS=( + # Show readable progress in log + --verbose + --human-readable + --progress + # Have a one-to-one copy + --archive + --compress + --recursive + --delete + # Configure ssh client + --rsh "ssh -p ${SYNC_PORT:-22} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" +) + +eval "$(ssh-agent)" +SSHPASS="${SYNC_PASSPHRASE:-}" sshpass -P 'passphrase' -v -e ssh-add <(echo "${SYNC_KEY}") + +if [ -n "${SYNC_DRY_RUN:-}" ]; then + ARGS+=(--dry-run) +fi + +# shellcheck disable=2086 +# FIXME: have a safer way to allow globbing the source +rsync \ + "${ARGS[@]}" \ + ${SYNC_SOURCE} \ + "${SYNC_USERNAME}@${SYNC_HOST}:${SYNC_TARGET}"