From aa9b42335427f0cd02af22f0cb303d320fd01094 Mon Sep 17 00:00:00 2001 From: matthewcroughan Date: Fri, 19 Aug 2022 05:28:16 +0100 Subject: [PATCH] Add locking via flock(1) This adds basic advisory locking such that two Nixinate deployments do not run the activation script at the same time, both for local and remote. The default timeout is 60 seconds, and is currently unconfigurable. --- flake.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.nix b/flake.nix index 284b04f..2e9df22 100644 --- a/flake.nix +++ b/flake.nix @@ -52,14 +52,14 @@ '' + (if hermetic then '' echo "🤞 Activating configuration hermetically on ${machine} via ssh:" ( set -x; ${nix} copy --derivation ${nixos-rebuild} --to ssh://${user}@${host} ) - ( set -x; ${openssh} -t ${user}@${host} "sudo nix-store --realise ${nixos-rebuild} && sudo ${nixos-rebuild} ${switch} --flake ${flake}#${machine}" ) + ( set -x; ${openssh} -t ${user}@${host} "sudo flock -w 60 /dev/shm/nixinate-${machine} -c 'nix-store --realise ${nixos-rebuild} && sudo ${nixos-rebuild} ${switch} --flake ${flake}#${machine}'" ) '' else '' echo "🤞 Activating configuration non-hermetically on ${machine} via ssh:" - ( set -x; ${openssh} -t ${user}@${host} "sudo nixos-rebuild ${switch} --flake ${flake}#${machine}" ) + ( set -x; ${openssh} -t ${user}@${host} "sudo flock -w 60 /dev/shm/nixinate-${machine} -c 'nixos-rebuild ${switch} --flake ${flake}#${machine}'" ) '') else '' echo "🔨 Building system closure locally, copying it to remote store and activating it:" - ( set -x; NIX_SSHOPTS="-t" ${nixos-rebuild} ${switch} --flake ${flake}#${machine} --target-host ${user}@${host} --use-remote-sudo ${optionalString substituteOnTarget "-s"} ) + ( set -x; NIX_SSHOPTS="-t" flock -w 60 /dev/shm/nixinate-${machine} -c '${nixos-rebuild} ${switch} --flake ${flake}#${machine} --target-host ${user}@${host} --use-remote-sudo ${optionalString substituteOnTarget "-s"}' ) ''); in final.writeScript "deploy-${machine}.sh" script; in