From dd0d823e3679ebb95b2f3e436e15a3e68df6a23d Mon Sep 17 00:00:00 2001 From: yukkop Date: Thu, 23 Oct 2025 10:01:27 +0000 Subject: [PATCH] feat(package): +deploy --- package/default.nix | 1 + package/deploy/default.nix | 20 ++++++++ package/deploy/deploy.sh | 96 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 117 insertions(+) create mode 100644 package/deploy/default.nix create mode 100644 package/deploy/deploy.sh diff --git a/package/default.nix b/package/default.nix index 916c636..54fd04d 100644 --- a/package/default.nix +++ b/package/default.nix @@ -239,6 +239,7 @@ in { support-bot = pkgs.callPackage ./support-bot {}; nix-derivation-hash = pkgs.callPackage ./nix-derivation-hash {}; "sentinèlla" = pkgs.callPackage (./. + "/sentinèlla") {}; + deploy = pkgs.callPackage ./deploy {}; shellplot = pkgs.callPackage ./shellplot {}; sops = pkgs.callPackage ./sops.nix {}; onlinepubs2man = pkgs.callPackage ./onlinepubs2man {}; diff --git a/package/deploy/default.nix b/package/deploy/default.nix new file mode 100644 index 0000000..4429eb6 --- /dev/null +++ b/package/deploy/default.nix @@ -0,0 +1,20 @@ +{ symlinkJoin, writeTextFile, socat, dash, hectic, curl, gawk, jq }: +let + shell = "${dash}/bin/dash"; + bashOptions = [ + "errexit" + "nounset" + ]; + + deploy = hectic.writeShellApplication { + inherit shell bashOptions; + name = "deploy"; + runtimeInputs = []; + + text = builtins.readFile ./deploy.sh; + }; +in +symlinkJoin { + name = "deploy"; + paths = [ deploy ]; +} diff --git a/package/deploy/deploy.sh b/package/deploy/deploy.sh new file mode 100644 index 0000000..e8d06e6 --- /dev/null +++ b/package/deploy/deploy.sh @@ -0,0 +1,96 @@ +#!/bin/dash + +# requirements: ssh-to-age nixos-anywhere +# jjjn + +# ssh proxydoe 'cat /etc/os-release 2>/dev/null || echo "no /etc/os-release"' | grep '^NAME=NixOS$' +# NAME=NixOS + +server_init=0 + +set -- "$@" + +while [ $# -gt 0 ]; do + case $1 in + --init) + server_init=1 + shift + ;; + --) + shift + break + ;; + *) + shift + ;; + esac +done + +# NOTE(yukkop): +# after "end of arguments" (--) +# need to parse nix argument `--target-host` +# without lost of $@, that can be ruined by `shift` +saved_nix_args="$*" + +while [ $# -gt 0 ]; do + case $1 in + --target-host) + # NOTE(yukkop): + # `saved_nix_args` fills only after "end of arguments" + if [ "${saved_nix_args+x}" ]; then + target_host=$2 + break + fi + shift 2 + ;; + *) + shift + ;; + esac +done + +# NOTE: restore original args +set -- "$saved_nix_args" + +if ! [ ${target_host+x} ]; then + printf '%s' '-- --target-host not set, but required' + exit 1 +fi + +if ssh "$target_host" 'cat /etc/os-release 2>/dev/null || echo "no /etc/os-release"' \ + | grep -q '^NAME=NixOS$' +then + is_target_host_nixos=1 +else + is_target_host_nixos=0 +fi + +#?? +#ssh "$target_host" 'grep -q "^NAME=NixOS$" /etc/os-release 2>/dev/null' +#is_target_host_nixos=$? + +if [ "$server_init" -eq 1 ]; then + if [ "$is_target_host_nixos" -eq 1 ]; then + printf 'target host already is nixos, are you realy want to reinstall nixos?\nThis may delete all data [y/N]' + read -r CONTINUE + if [ "$CONTINUE" != "y" ]; then + exit 0 + fi + fi + + # shellcheck disable=SC2068 + nix run nixos-anywhere -- $@ # --flake .#x86_64-linux --target-host proxydoe + + server_public_age_key=$(ssh "$target_host" cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age) + + # shellcheck disable=SC2016 + printf 'server'"'"'s public age key is `%s` use it in sops file and run regular deploys' "$server_public_age_key" +else + if [ "$is_target_host_nixos" -ne 1 ]; then + echo remote system not nixos + exit 1 + fi + + # shellcheck disable=SC2068 + nixos-rebuild switch $@ # --flake .#x86_64-linux --target-host proxydoe +fi