colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

scripts/deploy: avoid ssh-based copies to self

Browse Source
This commit is contained in:
Colin
2024-06-13 00:12:00 +00:00
parent e34a9957e3
commit 131e43e975
1 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
scripts/deploy
View File

@@ -1,6 +1,8 @@
#!/usr/bin/env nix-shell #!/usr/bin/env nix-shell
#!nix-shell -i bash -p nettools #!nix-shell -i bash -p nettools
SELF=$(hostname)
usage() { usage() {
echo "deploy: deploy a nix config to a remote machine, possibly activating it" echo "deploy: deploy a nix config to a remote machine, possibly activating it"
echo "" echo ""
@@ -20,7 +22,7 @@ info() {
} }
action=switch action=switch
host=$(hostname) host="$SELF"
variant= variant=
nixArgs=() nixArgs=()
parseArgs() { parseArgs() {
@@ -61,9 +63,11 @@ parseArgs() {
runOnTarget() { runOnTarget() {
# run the command ($@) on the machine we're deploying to. # run the command ($@) on the machine we're deploying to.
# if that's a remote machine, then do it via ssh, else local shell. # if that's a remote machine, then do it via ssh, else local shell.
if [ -n "$addr" ]; then if [ -n "$host" ] && [ "$host" != "$SELF" ]; then
ssh "$addr" "$@" info "running on remote:" "$@"
ssh "$host" "$@"
else else
info "running locally:" "$@"
"$@" "$@"
fi fi
} }
@@ -87,7 +91,7 @@ deployOneHost() {
# - more introspectability and debuggability # - more introspectability and debuggability
# - sandbox friendliness (especially: `git` doesn't have to be run as root) # - sandbox friendliness (especially: `git` doesn't have to be run as root)
if [ -n "$host" ]; then if [ -n "$host" ] && [ "$host" != "$SELF" ]; then
if [ -e /run/secrets/nix_signing_key ]; then if [ -e /run/secrets/nix_signing_key ]; then
info "signing store paths ..." info "signing store paths ..."
sudo nix store sign -r -k /run/secrets/nix_signing_key "$storePath" sudo nix store sign -r -k /run/secrets/nix_signing_key "$storePath"