From f91d3e35f3530206937dbfe7074e9b0699c58927 Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Wed, 12 Jun 2024 05:48:03 +0000
Subject: [PATCH] flake: port deploy script to its own thing

---
 flake.nix      | 76 ++++++++++++---------------------------------
 scripts/deploy | 83 ++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 102 insertions(+), 57 deletions(-)
 create mode 100755 scripts/deploy

diff --git a/flake.nix b/flake.nix
index 22aa4a31..ecc0a759 100644
--- a/flake.nix
+++ b/flake.nix
@@ -180,50 +180,12 @@
         let
           pkgs = self.legacyPackages."x86_64-linux";
           sanePkgs = import ./pkgs { inherit pkgs; };
-          deployScript = host: addr: action: pkgs.writeShellScript "deploy-${host}" ''
-            set -e
-
-            host="${host}"
-            addr="${addr}"
-            action="${if action != null then action else ""}"
-            runOnTarget() {
-              # run the command ($@) on the machine we're deploying to.
-              # if that's a remote machine, then do it via ssh, else local shell.
-              if [ -n "$addr" ]; then
-                ssh "$addr" "$@"
-              else
-                "$@"
-              fi
-            }
-
-            nix build ".#nixosConfigurations.$host.config.system.build.toplevel" --out-link "./build/result-$host" "$@"
-            storePath="$(readlink ./build/result-$host)"
-
-            # mimic `nixos-rebuild --target-host`, in effect:
-            # - nix-copy-closure ...
-            # - nix-env --set ...
-            # - switch-to-configuration <boot|dry-activate|switch|test|>
-            # avoid the actual `nixos-rebuild` for a few reasons:
-            # - fewer nix evals
-            # - more introspectability and debuggability
-            # - sandbox friendliness (especially: `git` doesn't have to be run as root)
-
-            if [ -n "$addr" ]; then
-              sudo nix store sign -r -k /run/secrets/nix_signing_key "$storePath"
-              # add more `-v` for more verbosity (up to 5).
-              # builders-use-substitutes false: optimizes so that the remote machine doesn't try to get paths from its substituters.
-              #   we already have all paths here, and the remote substitution is slow to check and SERIOUSLY flaky on moby in particular.
-              nix copy -vv --option builders-use-substitutes false --to "ssh-ng://$addr" "$storePath"
-            fi
-
-            if [ -n "$action" ]; then
-              runOnTarget sudo nix-env -p /nix/var/nix/profiles/system --set "$storePath"
-              runOnTarget sudo "$storePath/bin/switch-to-configuration" "$action"
-            fi
+          deployScript = host: variant: action: pkgs.writeShellScript "deploy-${host}" ''
+            ${./.}/scripts/deploy --variant "${variant}" --action "${action}" "${host}"
           '';
-          deployApp = host: addr: action: {
+          deployApp = host: variant: action: {
             type = "app";
-            program = ''${deployScript host addr action}'';
+            program = ''${deployScript host variant action}'';
           };
 
           # pkg updating.
@@ -325,24 +287,24 @@
           };
 
           deploy = {
-            crappy       = deployApp "crappy"       "crappy" "switch";
-            crappy-light = deployApp "crappy-light" "crappy" "switch";
-            crappy-min   = deployApp "crappy-min"   "crappy" "switch";
-            desko        = deployApp "desko"        "desko"  "switch";
-            desko-light  = deployApp "desko-light"  "desko"  "switch";
-            lappy        = deployApp "lappy"        "lappy"  "switch";
-            lappy-light  = deployApp "lappy-light"  "lappy"  "switch";
-            lappy-min    = deployApp "lappy-min"    "lappy"  "switch";
-            moby         = deployApp "moby"         "moby"   "switch";
-            moby-light   = deployApp "moby-light"   "moby"   "switch";
-            moby-min     = deployApp "moby-min"     "moby"   "switch";
+            crappy       = deployApp "crappy"       ""       "switch";
+            crappy-light = deployApp "crappy"       "light"  "switch";
+            crappy-min   = deployApp "crappy"       "min"    "switch";
+            desko        = deployApp "desko"        ""       "switch";
+            desko-light  = deployApp "desko"        "light"  "switch";
+            lappy        = deployApp "lappy"        ""       "switch";
+            lappy-light  = deployApp "lappy"        "light"  "switch";
+            lappy-min    = deployApp "lappy"        "min"    "switch";
+            moby         = deployApp "moby"         ""       "switch";
+            moby-light   = deployApp "moby"         "light"  "switch";
+            moby-min     = deployApp "moby"         "min"    "switch";
             moby-test    = deployApp "moby"         "moby"   "test";
-            servo        = deployApp "servo"        "servo"  "switch";
+            servo        = deployApp "servo"        ""       "switch";
 
             # like `nixos-rebuild --flake . switch`
-            self        = deployApp "$(hostname)"       "" "switch";
-            self-light  = deployApp "$(hostname)-light" "" "switch";
-            self-min    = deployApp "$(hostname)-min"   "" "switch";
+            self        = deployApp "$(hostname)"       ""   "switch";
+            self-light  = deployApp "$(hostname)-light" ""   "switch";
+            self-min    = deployApp "$(hostname)-min"   ""   "switch";
 
             type = "app";
             program = builtins.toString (pkgs.writeShellScript "deploy-all" ''
diff --git a/scripts/deploy b/scripts/deploy
new file mode 100755
index 00000000..96019795
--- /dev/null
+++ b/scripts/deploy
@@ -0,0 +1,83 @@
+#!/bin/sh
+
+set -e
+
+usage() {
+  echo "deploy: deploy a nix config to a remote machine, possibly activating it"
+  echo ""
+  echo "usage: deploy [options] <host>"
+  echo "options:"
+  echo "- --action switch|test"
+  echo "- --variant light|min"
+  exit 1
+}
+
+action=switch
+variant=
+nixArgs=()
+parseArgs() {
+  while [ "$#" -ne 0 ]; do
+    local arg=$1
+    shift
+    case "$arg" in
+      (--action)
+        action=$1
+        shift
+        ;;
+      (--help)
+        usage
+        ;;
+      (--variant)
+        if [ -n "$1" ]; then
+          variant=-$1
+        else
+          variant=
+        fi
+        shift
+        ;;
+      (crappy|desko|lappy|moby|servo)
+        host="$arg"
+        ;;
+      (*)
+        nixArgs+=("$arg")
+        ;;
+    esac
+  done
+}
+
+runOnTarget() {
+  # run the command ($@) on the machine we're deploying to.
+  # if that's a remote machine, then do it via ssh, else local shell.
+  if [ -n "$addr" ]; then
+    ssh "$addr" "$@"
+  else
+    "$@"
+  fi
+}
+
+parseArgs "$@"
+
+nix-build -A "hosts.$host$variant" --out-link "./build/result-$host$variant" "${nixArgs[@]}"
+storePath="$(readlink ./build/result-$host$variant)"
+
+# mimic `nixos-rebuild --target-host`, in effect:
+# - nix-copy-closure ...
+# - nix-env --set ...
+# - switch-to-configuration <boot|dry-activate|switch|test|>
+# avoid the actual `nixos-rebuild` for a few reasons:
+# - fewer nix evals
+# - more introspectability and debuggability
+# - sandbox friendliness (especially: `git` doesn't have to be run as root)
+
+if [ -n "$host" ]; then
+  sudo nix store sign -r -k /run/secrets/nix_signing_key "$storePath"
+  # add more `-v` for more verbosity (up to 5).
+  # builders-use-substitutes false: optimizes so that the remote machine doesn't try to get paths from its substituters.
+  #   we already have all paths here, and the remote substitution is slow to check and SERIOUSLY flaky on moby in particular.
+  nix copy -vv --option builders-use-substitutes false --to "ssh-ng://$host" "$storePath"
+fi
+
+if [ -n "$action" ]; then
+  runOnTarget sudo nix-env -p /nix/var/nix/profiles/system --set "$storePath"
+  runOnTarget sudo "$storePath/bin/switch-to-configuration" "$action"
+fi