scripts/deploy: add the equivalent of my "pre-deploy" functionality

scripts/deploy

@@ -8,8 +8,12 @@ usage() {
   echo ""
   echo "usage: deploy [options] [host]"
   echo "options:"
-  echo "- --action switch|test"
-  echo "- --variant light|min"
+  echo "- --action copy|switch|test   (default: 'switch')"
+  echo "- --variant light|min|''|all  (default: '')"
+  echo "- --pre: alias for --action copy --variant all all"
+  echo ""
+  echo "common idioms:"
+  echo "deploy all: deploy all hosts, sequentially"
   exit 1
 }
 
@@ -40,6 +44,11 @@ parseArgs() {
       (crappy|desko|lappy|moby|servo)
         host="$arg"
         ;;
+      (--pre)
+        action=copy
+        host=all
+        variant=all
+        ;;
       (*)
         nixArgs+=("$arg")
         ;;
@@ -57,33 +66,53 @@ runOnTarget() {
   fi
 }
 
+# deployOneHost $host $variant
+deployOneHost() {
+  local host="$1"
+  local variant="$2"
+
+  nix-build -A "hosts.$host$variant" --out-link "./build/result-$host$variant" "${nixArgs[@]}"
+  storePath="$(readlink ./build/result-$host$variant)"
+
+  # mimic `nixos-rebuild --target-host`, in effect:
+  # - nix-copy-closure ...
+  # - nix-env --set ...
+  # - switch-to-configuration <boot|dry-activate|switch|test|>
+  # avoid the actual `nixos-rebuild` for a few reasons:
+  # - fewer nix evals
+  # - more introspectability and debuggability
+  # - sandbox friendliness (especially: `git` doesn't have to be run as root)
+
+  if [ -n "$host" ]; then
+    if [ -e /run/secrets/nix_signing_key ]; then
+      sudo nix store sign -r -k /run/secrets/nix_signing_key "$storePath"
+    else
+      echo "not signing store paths: /run/secrets/nix_signing_key does not exist"
+    fi
+    # add more `-v` for more verbosity (up to 5).
+    # builders-use-substitutes false: optimizes so that the remote machine doesn't try to get paths from its substituters.
+    #   we already have all paths here, and the remote substitution is slow to check and SERIOUSLY flaky on moby in particular.
+    nix copy -vv --option builders-use-substitutes false --to "ssh-ng://$host" "$storePath"
+  fi
+
+  if [ -n "$action" ] && [ "$action" != "copy" ]; then
+    runOnTarget sudo nix-env -p /nix/var/nix/profiles/system --set "$storePath"
+    runOnTarget sudo "$storePath/bin/switch-to-configuration" "$action"
+  fi
+}
+
 parseArgs "$@"
 
-nix-build -A "hosts.$host$variant" --out-link "./build/result-$host$variant" "${nixArgs[@]}"
-storePath="$(readlink ./build/result-$host$variant)"
-
-# mimic `nixos-rebuild --target-host`, in effect:
-# - nix-copy-closure ...
-# - nix-env --set ...
-# - switch-to-configuration <boot|dry-activate|switch|test|>
-# avoid the actual `nixos-rebuild` for a few reasons:
-# - fewer nix evals
-# - more introspectability and debuggability
-# - sandbox friendliness (especially: `git` doesn't have to be run as root)
-
-if [ -n "$host" ]; then
-  if [ -e /run/secrets/nix_signing_key ]; then
-    sudo nix store sign -r -k /run/secrets/nix_signing_key "$storePath"
-  else
-    echo "not signing store paths: /run/secrets/nix_signing_key does not exist"
-  fi
-  # add more `-v` for more verbosity (up to 5).
-  # builders-use-substitutes false: optimizes so that the remote machine doesn't try to get paths from its substituters.
-  #   we already have all paths here, and the remote substitution is slow to check and SERIOUSLY flaky on moby in particular.
-  nix copy -vv --option builders-use-substitutes false --to "ssh-ng://$host" "$storePath"
-fi
-
-if [ -n "$action" ]; then
-  runOnTarget sudo nix-env -p /nix/var/nix/profiles/system --set "$storePath"
-  runOnTarget sudo "$storePath/bin/switch-to-configuration" "$action"
+if [ "$host" = "all" ]; then
+  for host in moby lappy crappy servo desko; do
+    if [ "$variant" = "all" ]; then
+      for variant in -min -light ""; do
+        deployOneHost "$host" "$variant"
+      done
+    else
+      deployOneHost "$host" "$variant"
+    fi
+  done
+else
+  deployOneHost "$host" "variant"
 fi