flake: deploy app: remove the last call to nixos-rebuild

2024-02-03 01:42:54 +00:00 · 2024-02-03 01:42:54 +00:00 · 2dc6da476b
parent 453f40d0a8
commit 2dc6da476b
1 changed files with 14 additions and 12 deletions
--- a/flake.nix
+++ b/flake.nix
@ -258,21 +258,23 @@
          sanePkgs = import ./pkgs { inherit pkgs; };
          deployScript = host: addr: action: pkgs.writeShellScript "deploy-${host}" ''
            nix build '.#nixosConfigurations.${host}.config.system.build.toplevel' --out-link ./result-${host} "$@"
-            sudo nix sign-paths -r -k /run/secrets/nix_serve_privkey $(readlink ./result-${host})
+            storePath="$(readlink ./result-${host})"
+            sudo nix sign-paths -r -k /run/secrets/nix_serve_privkey "$storePath"
+
+            # N.B.: `--fast` option here is critical to cross-compiled deployments: without it the build machine will try to invoke the host machine's `nix` binary.
+            # nixos-rebuild --flake '.#${host}' '${action}' --target-host colin@${addr} --use-remote-sudo "$@" --fast
+            # instead of `nixos-rebuild --target-host`, recreate its main parts in-line, below.
+            # the benefit is fewer nix evals, and more granularity for debugging/tweaking.
+            # `nixos-rebuild --target-host` effectively does:
+            # - nix-copy-closure ...
+            # - nix-env --set ...
+            # - switch-to-configuration <boot|dry-activate|switch|test|>

            # add more `-v` for more verbosity (up to 5).
            # i copy the closure here separately from the nixos-rebuild mostly for the sake of introspectability.
-            nix-copy-closure -v --gzip --to "${host}" ./result-${host}
-
-            # XXX: this triggers another config eval & (potentially) build.
-            # if the config changed between these invocations, the above signatures might not apply to the deployed config.
-            # let the user handle that edge case by re-running this whole command.
-            # N.B.: `--fast` option here is critical to cross-compiled deployments: without it the build machine will try to invoke the host machine's `nix` binary.
-            # TODO: solve this by replacing the nixos-build invocation with:
-            # - nix-copy-closure --to $host $result
-            # - on target: nix-env set -p /nix/var/nix/profiles/system $result
-            # - on target: $result/bin/switch-to-configuration
-            nixos-rebuild --flake '.#${host}' ${action} --target-host colin@${addr} --use-remote-sudo "$@" --fast
+            nix-copy-closure -v --gzip --to '${host}' "$storePath"
+            ssh '${host}' sudo nix-env -p /nix/var/nix/profiles/system --set "$storePath"
+            ssh '${host}' sudo "$storePath/bin/switch-to-configuration" '${action}'
          '';
          deployApp = host: addr: action: {
            type = "app";