From 1a19e1573626db3a3b3987adadbd6be030d89b96 Mon Sep 17 00:00:00 2001 From: matthewcroughan Date: Fri, 19 Aug 2022 04:51:42 +0100 Subject: [PATCH 1/2] Use doubled quotes instead of single quotes for SSH commands This makes writing commands a little easier without escaping everything --- flake.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index fb448c6..284b04f 100644 --- a/flake.nix +++ b/flake.nix @@ -52,10 +52,10 @@ '' + (if hermetic then '' echo "🤞 Activating configuration hermetically on ${machine} via ssh:" ( set -x; ${nix} copy --derivation ${nixos-rebuild} --to ssh://${user}@${host} ) - ( set -x; ${openssh} -t ${user}@${host} 'sudo nix-store --realise ${nixos-rebuild} && sudo ${nixos-rebuild} ${switch} --flake ${flake}#${machine}' ) + ( set -x; ${openssh} -t ${user}@${host} "sudo nix-store --realise ${nixos-rebuild} && sudo ${nixos-rebuild} ${switch} --flake ${flake}#${machine}" ) '' else '' echo "🤞 Activating configuration non-hermetically on ${machine} via ssh:" - ( set -x; ${openssh} -t ${user}@${host} 'sudo nixos-rebuild ${switch} --flake ${flake}#${machine}' ) + ( set -x; ${openssh} -t ${user}@${host} "sudo nixos-rebuild ${switch} --flake ${flake}#${machine}" ) '') else '' echo "🔨 Building system closure locally, copying it to remote store and activating it:" From aa9b42335427f0cd02af22f0cb303d320fd01094 Mon Sep 17 00:00:00 2001 From: matthewcroughan Date: Fri, 19 Aug 2022 05:28:16 +0100 Subject: [PATCH 2/2] Add locking via flock(1) This adds basic advisory locking such that two Nixinate deployments do not run the activation script at the same time, both for local and remote. The default timeout is 60 seconds, and is currently unconfigurable. --- flake.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.nix b/flake.nix index 284b04f..2e9df22 100644 --- a/flake.nix +++ b/flake.nix @@ -52,14 +52,14 @@ '' + (if hermetic then '' echo "🤞 Activating configuration hermetically on ${machine} via ssh:" ( set -x; ${nix} copy --derivation ${nixos-rebuild} --to ssh://${user}@${host} ) - ( set -x; ${openssh} -t ${user}@${host} "sudo nix-store --realise ${nixos-rebuild} && sudo ${nixos-rebuild} ${switch} --flake ${flake}#${machine}" ) + ( set -x; ${openssh} -t ${user}@${host} "sudo flock -w 60 /dev/shm/nixinate-${machine} -c 'nix-store --realise ${nixos-rebuild} && sudo ${nixos-rebuild} ${switch} --flake ${flake}#${machine}'" ) '' else '' echo "🤞 Activating configuration non-hermetically on ${machine} via ssh:" - ( set -x; ${openssh} -t ${user}@${host} "sudo nixos-rebuild ${switch} --flake ${flake}#${machine}" ) + ( set -x; ${openssh} -t ${user}@${host} "sudo flock -w 60 /dev/shm/nixinate-${machine} -c 'nixos-rebuild ${switch} --flake ${flake}#${machine}'" ) '') else '' echo "🔨 Building system closure locally, copying it to remote store and activating it:" - ( set -x; NIX_SSHOPTS="-t" ${nixos-rebuild} ${switch} --flake ${flake}#${machine} --target-host ${user}@${host} --use-remote-sudo ${optionalString substituteOnTarget "-s"} ) + ( set -x; NIX_SSHOPTS="-t" flock -w 60 /dev/shm/nixinate-${machine} -c '${nixos-rebuild} ${switch} --flake ${flake}#${machine} --target-host ${user}@${host} --use-remote-sudo ${optionalString substituteOnTarget "-s"}' ) ''); in final.writeScript "deploy-${machine}.sh" script; in