flake: port deploy script to its own thing
This commit is contained in:
parent
4712ba9f2d
commit
f91d3e35f3
76
flake.nix
76
flake.nix
|
@ -180,50 +180,12 @@
|
||||||
let
|
let
|
||||||
pkgs = self.legacyPackages."x86_64-linux";
|
pkgs = self.legacyPackages."x86_64-linux";
|
||||||
sanePkgs = import ./pkgs { inherit pkgs; };
|
sanePkgs = import ./pkgs { inherit pkgs; };
|
||||||
deployScript = host: addr: action: pkgs.writeShellScript "deploy-${host}" ''
|
deployScript = host: variant: action: pkgs.writeShellScript "deploy-${host}" ''
|
||||||
set -e
|
${./.}/scripts/deploy --variant "${variant}" --action "${action}" "${host}"
|
||||||
|
|
||||||
host="${host}"
|
|
||||||
addr="${addr}"
|
|
||||||
action="${if action != null then action else ""}"
|
|
||||||
runOnTarget() {
|
|
||||||
# run the command ($@) on the machine we're deploying to.
|
|
||||||
# if that's a remote machine, then do it via ssh, else local shell.
|
|
||||||
if [ -n "$addr" ]; then
|
|
||||||
ssh "$addr" "$@"
|
|
||||||
else
|
|
||||||
"$@"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
nix build ".#nixosConfigurations.$host.config.system.build.toplevel" --out-link "./build/result-$host" "$@"
|
|
||||||
storePath="$(readlink ./build/result-$host)"
|
|
||||||
|
|
||||||
# mimic `nixos-rebuild --target-host`, in effect:
|
|
||||||
# - nix-copy-closure ...
|
|
||||||
# - nix-env --set ...
|
|
||||||
# - switch-to-configuration <boot|dry-activate|switch|test|>
|
|
||||||
# avoid the actual `nixos-rebuild` for a few reasons:
|
|
||||||
# - fewer nix evals
|
|
||||||
# - more introspectability and debuggability
|
|
||||||
# - sandbox friendliness (especially: `git` doesn't have to be run as root)
|
|
||||||
|
|
||||||
if [ -n "$addr" ]; then
|
|
||||||
sudo nix store sign -r -k /run/secrets/nix_signing_key "$storePath"
|
|
||||||
# add more `-v` for more verbosity (up to 5).
|
|
||||||
# builders-use-substitutes false: optimizes so that the remote machine doesn't try to get paths from its substituters.
|
|
||||||
# we already have all paths here, and the remote substitution is slow to check and SERIOUSLY flaky on moby in particular.
|
|
||||||
nix copy -vv --option builders-use-substitutes false --to "ssh-ng://$addr" "$storePath"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -n "$action" ]; then
|
|
||||||
runOnTarget sudo nix-env -p /nix/var/nix/profiles/system --set "$storePath"
|
|
||||||
runOnTarget sudo "$storePath/bin/switch-to-configuration" "$action"
|
|
||||||
fi
|
|
||||||
'';
|
'';
|
||||||
deployApp = host: addr: action: {
|
deployApp = host: variant: action: {
|
||||||
type = "app";
|
type = "app";
|
||||||
program = ''${deployScript host addr action}'';
|
program = ''${deployScript host variant action}'';
|
||||||
};
|
};
|
||||||
|
|
||||||
# pkg updating.
|
# pkg updating.
|
||||||
|
@ -325,24 +287,24 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
deploy = {
|
deploy = {
|
||||||
crappy = deployApp "crappy" "crappy" "switch";
|
crappy = deployApp "crappy" "" "switch";
|
||||||
crappy-light = deployApp "crappy-light" "crappy" "switch";
|
crappy-light = deployApp "crappy" "light" "switch";
|
||||||
crappy-min = deployApp "crappy-min" "crappy" "switch";
|
crappy-min = deployApp "crappy" "min" "switch";
|
||||||
desko = deployApp "desko" "desko" "switch";
|
desko = deployApp "desko" "" "switch";
|
||||||
desko-light = deployApp "desko-light" "desko" "switch";
|
desko-light = deployApp "desko" "light" "switch";
|
||||||
lappy = deployApp "lappy" "lappy" "switch";
|
lappy = deployApp "lappy" "" "switch";
|
||||||
lappy-light = deployApp "lappy-light" "lappy" "switch";
|
lappy-light = deployApp "lappy" "light" "switch";
|
||||||
lappy-min = deployApp "lappy-min" "lappy" "switch";
|
lappy-min = deployApp "lappy" "min" "switch";
|
||||||
moby = deployApp "moby" "moby" "switch";
|
moby = deployApp "moby" "" "switch";
|
||||||
moby-light = deployApp "moby-light" "moby" "switch";
|
moby-light = deployApp "moby" "light" "switch";
|
||||||
moby-min = deployApp "moby-min" "moby" "switch";
|
moby-min = deployApp "moby" "min" "switch";
|
||||||
moby-test = deployApp "moby" "moby" "test";
|
moby-test = deployApp "moby" "moby" "test";
|
||||||
servo = deployApp "servo" "servo" "switch";
|
servo = deployApp "servo" "" "switch";
|
||||||
|
|
||||||
# like `nixos-rebuild --flake . switch`
|
# like `nixos-rebuild --flake . switch`
|
||||||
self = deployApp "$(hostname)" "" "switch";
|
self = deployApp "$(hostname)" "" "switch";
|
||||||
self-light = deployApp "$(hostname)-light" "" "switch";
|
self-light = deployApp "$(hostname)-light" "" "switch";
|
||||||
self-min = deployApp "$(hostname)-min" "" "switch";
|
self-min = deployApp "$(hostname)-min" "" "switch";
|
||||||
|
|
||||||
type = "app";
|
type = "app";
|
||||||
program = builtins.toString (pkgs.writeShellScript "deploy-all" ''
|
program = builtins.toString (pkgs.writeShellScript "deploy-all" ''
|
||||||
|
|
83
scripts/deploy
Executable file
83
scripts/deploy
Executable file
|
@ -0,0 +1,83 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
usage() {
|
||||||
|
echo "deploy: deploy a nix config to a remote machine, possibly activating it"
|
||||||
|
echo ""
|
||||||
|
echo "usage: deploy [options] <host>"
|
||||||
|
echo "options:"
|
||||||
|
echo "- --action switch|test"
|
||||||
|
echo "- --variant light|min"
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
action=switch
|
||||||
|
variant=
|
||||||
|
nixArgs=()
|
||||||
|
parseArgs() {
|
||||||
|
while [ "$#" -ne 0 ]; do
|
||||||
|
local arg=$1
|
||||||
|
shift
|
||||||
|
case "$arg" in
|
||||||
|
(--action)
|
||||||
|
action=$1
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
(--help)
|
||||||
|
usage
|
||||||
|
;;
|
||||||
|
(--variant)
|
||||||
|
if [ -n "$1" ]; then
|
||||||
|
variant=-$1
|
||||||
|
else
|
||||||
|
variant=
|
||||||
|
fi
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
(crappy|desko|lappy|moby|servo)
|
||||||
|
host="$arg"
|
||||||
|
;;
|
||||||
|
(*)
|
||||||
|
nixArgs+=("$arg")
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
runOnTarget() {
|
||||||
|
# run the command ($@) on the machine we're deploying to.
|
||||||
|
# if that's a remote machine, then do it via ssh, else local shell.
|
||||||
|
if [ -n "$addr" ]; then
|
||||||
|
ssh "$addr" "$@"
|
||||||
|
else
|
||||||
|
"$@"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
parseArgs "$@"
|
||||||
|
|
||||||
|
nix-build -A "hosts.$host$variant" --out-link "./build/result-$host$variant" "${nixArgs[@]}"
|
||||||
|
storePath="$(readlink ./build/result-$host$variant)"
|
||||||
|
|
||||||
|
# mimic `nixos-rebuild --target-host`, in effect:
|
||||||
|
# - nix-copy-closure ...
|
||||||
|
# - nix-env --set ...
|
||||||
|
# - switch-to-configuration <boot|dry-activate|switch|test|>
|
||||||
|
# avoid the actual `nixos-rebuild` for a few reasons:
|
||||||
|
# - fewer nix evals
|
||||||
|
# - more introspectability and debuggability
|
||||||
|
# - sandbox friendliness (especially: `git` doesn't have to be run as root)
|
||||||
|
|
||||||
|
if [ -n "$host" ]; then
|
||||||
|
sudo nix store sign -r -k /run/secrets/nix_signing_key "$storePath"
|
||||||
|
# add more `-v` for more verbosity (up to 5).
|
||||||
|
# builders-use-substitutes false: optimizes so that the remote machine doesn't try to get paths from its substituters.
|
||||||
|
# we already have all paths here, and the remote substitution is slow to check and SERIOUSLY flaky on moby in particular.
|
||||||
|
nix copy -vv --option builders-use-substitutes false --to "ssh-ng://$host" "$storePath"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -n "$action" ]; then
|
||||||
|
runOnTarget sudo nix-env -p /nix/var/nix/profiles/system --set "$storePath"
|
||||||
|
runOnTarget sudo "$storePath/bin/switch-to-configuration" "$action"
|
||||||
|
fi
|
Loading…
Reference in New Issue
Block a user