feat(package): deploy: rollback

2025-10-23 14:48:10 +00:00
parent 3ee41979bd
commit 9903e83f68
1 changed files with 166 additions and 53 deletions
--- a/package/deploy/deploy.sh
+++ b/package/deploy/deploy.sh
@@ -6,16 +6,62 @@
 # ssh proxydoe 'cat /etc/os-release 2>/dev/null || echo "no /etc/os-release"' | grep '^NAME=NixOS$'
 # NAME=NixOS
-server_init=0
+# ssh that not saves the host in ~/.ssh/know_hosts
 puressh() {
  # shellcheck disable=SC2068
  ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null $@
 }
-set -- "$@"
+# echo <gens_list> | find_older_gen(gen) 
 find_older_gen() {
  local gen="${1:?}"
  grep -oP '(?<=system-)\d+(?=-link)' \
    | sort -n \
    | awk -v n="$gen" '$1 < n {older=$1} END{if(older) print older}'
 }
 saved_args="$*"
 # parse command and independent params
 while [ $# -gt 0 ]; do
  case $1 in
-	--init)
+    push)
-	  server_init=1
+      if [ ${founded_command+x} ]; then
        # shellcheck disable=SC2016
 	printf 'ambiguous subcommand `%s` and `%s`\n' "$1" "$founded_command"
 	exit 1
      fi
      push_deploy=1
      founded_command="$1"
      shift
      ;;
    rollback)
      if [ ${founded_command+x} ]; then
        # shellcheck disable=SC2016
 	printf 'ambiguous subcommand `%s` and `%s`\n' "$1" "$founded_command"
 	exit 1
      fi
      rollback_deploy=1
      founded_command="$1"
      shift
      ;;
    history)
      if [ ${founded_command+x} ]; then
        # shellcheck disable=SC2016
 	printf 'ambiguous subcommand `%s` and `%s`\n' "$1" "$founded_command"
 	exit 1
      fi
      server_history=1
      founded_command="$1"
      shift
      ;;
    --target-host)
      target_host=$2
      shift 2
      ;;
    --)
      shift
      break
@@ -26,6 +72,34 @@ while [ $# -gt 0 ]; do
  esac
 done
 # shellcheck disable=SC2086
 set -- $saved_args
 # parse sub params
 while [ $# -gt 0 ]; do
  case $1 in
    --init)
      if [ ${push_deploy+x} ]; then
        server_init=1
      else
        printf 'illegal %s\n' "$1"
      fi 
      shift
      ;;
    --to)
      if [ ${rollback_deploy+x} ]; then
 	rollback_to="$2"
      else
        printf 'illegal %s\n' "$1"
      fi
      shift 2
      ;;
    *)
      shift
      ;;
  esac
 done
 # NOTE(yukkop): 
 # after "end of arguments" (--)
 # need to parse nix argument `--target-host`
@@ -35,12 +109,13 @@ saved_nix_args="$*"
 while [ $# -gt 0 ]; do
  case $1 in
    --target-host)
-	    # NOTE(yukkop):
+      if [ "${target_host+x}" ] && [ "$target_host" != "$2" ]; then
-	    # `saved_nix_args` fills only after "end of arguments"
+        printf 'you specified 2 ambiguous target hosts %s and %s\n' "$target_host" "$2"
-            if [ "${saved_nix_args+x}" ]; then
+	exit 1
                target_host=$2
                break
      fi
      target_host="$2"
      break
      shift 2
      ;;
    *)
@@ -50,14 +125,15 @@ while [ $# -gt 0 ]; do
 done
 # NOTE: restore original args
-set -- "$saved_nix_args"
+# shellcheck disable=SC2086
 set -- $saved_nix_args
 if ! [ ${target_host+x} ]; then
-  printf '%s' '-- --target-host not set, but required'
+  printf '%s not set, but required\n' '--target-host'
  exit 1
 fi
-if ssh  -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null "$target_host" 'cat /etc/os-release 2>/dev/null || echo "no /etc/os-release"' \
+if puressh "$target_host" 'cat /etc/os-release 2>/dev/null || echo "no /etc/os-release"' \
  | grep -q '^NAME=NixOS$'
 then
  is_target_host_nixos=1
@@ -69,9 +145,45 @@ fi
 #ssh "$target_host" 'grep -q "^NAME=NixOS$" /etc/os-release 2>/dev/null'
 #is_target_host_nixos=$?
-if [ "$server_init" -eq 1 ]; then
+if [ "${rollback_deploy+x}" ]; then
  if ! [ "${rollback_to+x}" ]; then
    current_gen=$(puressh "$target_host" readlink /nix/var/nix/profiles/system \
      | sed -n 's/^system-\([0-9]\+\)-link$/\1/p')
    rollback_to=$(puressh "$target_host" ls /nix/var/nix/profiles | find_older_gen "$current_gen")
    if [ -z "$rollback_to" ]; then
      # shellcheck disable=SC2016
      printf 'no profile version older than the current `%s` exists\n' "$current_gen"
      exit
    fi
  else
    if ! puressh "$target_host" ls /nix/var/nix/profiles \
      | grep -oP '(?<=system-)'"$rollback_to"'(?=-link)' > /dev/null
    then
      # shellcheck disable=SC2016
      printf 'no profile version `%s` exists\n' "$rollback_to"
      exit
    fi
  fi
  puressh "$target_host" <<EOF
    sudo nix profile rollback --profile /nix/var/nix/profiles/system --to '$rollback_to'
    sleep 1
    sudo /nix/var/nix/profiles/system/bin/switch-to-configuration switch
 EOF
 fi
 if [ "${server_history+x}" ]; then
  puressh "$target_host" nix profile history --profile /nix/var/nix/profiles/system
  exit 0
 fi
 if [ "${push_server+x}" ]; then
  if [ "${server_init+x}" ]; then
    if [ "$is_target_host_nixos" -eq 1 ]; then
-    printf 'target host already is nixos, are you realy want to reinstall nixos?\nThis may delete all data [y/N]' 
+      printf 'target host already is nixos, are you realy want to reinstall nixos?\nThis may delete all data [y/N]\n' 
      read -r CONTINUE
      if [ "$CONTINUE" != "y" ]; then
        exit 0
@@ -81,16 +193,17 @@ if [ "$server_init" -eq 1 ]; then
    # shellcheck disable=SC2068
    nixos-anywhere -- $@ # --flake .#x86_64-linux --target-host proxydoe
-  server_public_age_key=$(ssh  -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null "$target_host" cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age)
+    server_public_age_key=$(puressh "$target_host" cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age)
    # shellcheck disable=SC2016
-  printf 'server'"'"'s public age key is `%s` use it in sops file and run regular deploys' "$server_public_age_key"
+    printf 'server'"'"'s public age key is `%s` use it in sops file and run regular deploys\n' "$server_public_age_key"
  else
    if [ "$is_target_host_nixos" -ne 1 ]; then
-    echo remote system not nixos
+      printf 'remote system not nixos\n'
      exit 1 
    fi
    # shellcheck disable=SC2068
    nixos-rebuild switch $@ # --flake .#x86_64-linux --target-host proxydoe
  fi
 fi