some fixes

2025-10-23 11:28:56 +00:00
parent dd0d823e36
commit b400acd18e
6 changed files with 170 additions and 9 deletions
--- a/package/default.nix
+++ b/package/default.nix
@@ -1,4 +1,4 @@
-{ self, system, pkgs }: let
+{ self, system, pkgs, inputs }: let
  rust = {
    nativeBuildInputs = [
      pkgs.pkgsBuildHost.rust-bin.stable."1.81.0".default
@@ -239,7 +239,7 @@ in {
  support-bot                  = pkgs.callPackage ./support-bot                       {};
  nix-derivation-hash          = pkgs.callPackage ./nix-derivation-hash               {};
  "sentinèlla"                 = pkgs.callPackage (./. + "/sentinèlla")               {};
-  deploy                       = pkgs.callPackage ./deploy                            {};
+  deploy                       = pkgs.callPackage ./deploy                            { inherit inputs; };
  shellplot                    = pkgs.callPackage ./shellplot                         {};
  sops                         = pkgs.callPackage ./sops.nix                          {};
  onlinepubs2man               = pkgs.callPackage ./onlinepubs2man                    {};
--- a/package/deploy/default.nix
+++ b/package/deploy/default.nix
@@ -1,4 +1,4 @@
-{ symlinkJoin, writeTextFile, socat, dash, hectic, curl, gawk, jq }:
+{ inputs, symlinkJoin, dash, hectic, ssh-to-age, system }:
 let
  shell = "${dash}/bin/dash";
  bashOptions = [
@@ -9,7 +9,10 @@ let
  deploy = hectic.writeShellApplication {
    inherit shell bashOptions;
    name = "deploy";
-    runtimeInputs = [];
+    runtimeInputs = [ 
+      ssh-to-age
+      inputs.nixos-anywhere.packages.${system}.nixos-anywhere
+    ];

    text = builtins.readFile ./deploy.sh;
  };
--- a/package/deploy/deploy.sh
+++ b/package/deploy/deploy.sh
@@ -57,7 +57,7 @@ if ! [ ${target_host+x} ]; then
  exit 1
 fi

-if ssh "$target_host" 'cat /etc/os-release 2>/dev/null || echo "no /etc/os-release"' \
+if ssh  -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null "$target_host" 'cat /etc/os-release 2>/dev/null || echo "no /etc/os-release"' \
  | grep -q '^NAME=NixOS$'
 then
  is_target_host_nixos=1
@@ -79,9 +79,9 @@ if [ "$server_init" -eq 1 ]; then
  fi

  # shellcheck disable=SC2068
-  nix run nixos-anywhere -- $@ # --flake .#x86_64-linux --target-host proxydoe
+  nixos-anywhere -- $@ # --flake .#x86_64-linux --target-host proxydoe
  
-  server_public_age_key=$(ssh "$target_host" cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age)
+  server_public_age_key=$(ssh  -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null "$target_host" cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age)

  # shellcheck disable=SC2016
  printf 'server'"'"'s public age key is `%s` use it in sops file and run regular deploys' "$server_public_age_key"